rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0140-vault-select-a-server-with-KRA-for-vault-operations.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   590d180adcbf36133f0b1a25f8e6e746d9658a53
  2.   SOURCES
  3.   0140-vault-select-a-server-with-KRA-for-vault-operations.patch
Blob History Raw
590d18 
From f81f6028428f232052fa372bf3b11fa1e7b3905e Mon Sep 17 00:00:00 2001
590d18 
From: Jan Cholasta <jcholast@redhat.com>
590d18 
Date: Wed, 30 Sep 2015 09:05:33 +0200
590d18 
Subject: [PATCH] vault: select a server with KRA for vault operations
590d18
590d18 
This uses the same mechanism which is used for the CA.
590d18
590d18 
https://fedorahosted.org/freeipa/ticket/5302
590d18
590d18 
Reviewed-By: Martin Basti <mbasti@redhat.com>
590d18 
---
590d18 
 ipalib/constants.py         |  3 ---
590d18 
 ipaserver/plugins/dogtag.py | 22 +++++++++++++++++++++-
590d18 
 2 files changed, 21 insertions(+), 4 deletions(-)
590d18
590d18 
diff --git a/ipalib/constants.py b/ipalib/constants.py
590d18 
index 1509151bac7e0abca081cbba033701db410fc54c..0c5fc49456307ed261acb057ce6612274da2c453 100644
590d18 
--- a/ipalib/constants.py
590d18 
+++ b/ipalib/constants.py
590d18 
@@ -167,9 +167,6 @@ DEFAULT_CONFIG = (
590d18 
     ('ca_agent_install_port', None),
590d18 
     ('ca_ee_install_port', None),
590d18
590d18 
-    # KRA plugin
590d18 
-    ('kra_host', FQDN),  # Set in Env._finalize_core()
590d18 
-
590d18 
     # Topology plugin
590d18 
     ('recommended_max_agmts', 4),  # Recommended maximum number of replication
590d18 
                                    # agreements
590d18 
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
590d18 
index 47279921a5428f388f84967b7bbe05d758e475bd..f5f8eb67067c87f07c06e556fb9fc73792fbbc64 100644
590d18 
--- a/ipaserver/plugins/dogtag.py
590d18 
+++ b/ipaserver/plugins/dogtag.py
590d18 
@@ -1902,6 +1902,26 @@ class kra(Backend):
590d18
590d18 
         super(kra, self).__init__(api)
590d18
590d18 
+    @property
590d18 
+    def kra_host(self):
590d18 
+        """
590d18 
+        :return:   host
590d18 
+                   as str
590d18 
+
590d18 
+        Select our KRA host.
590d18 
+        """
590d18 
+        ldap2 = self.api.Backend.ldap2
590d18 
+        if host_has_service(api.env.ca_host, ldap2, "KRA"):
590d18 
+            return api.env.ca_host
590d18 
+        if api.env.host != api.env.ca_host:
590d18 
+            if host_has_service(api.env.host, ldap2, "KRA"):
590d18 
+                return api.env.host
590d18 
+        host = select_any_master(ldap2, "KRA")
590d18 
+        if host:
590d18 
+            return host
590d18 
+        else:
590d18 
+            return api.env.ca_host
590d18 
+
590d18 
     def get_client(self):
590d18 
         """
590d18 
         Returns an authenticated KRA client to access KRA services.
590d18 
@@ -1921,7 +1941,7 @@ class kra(Backend):
590d18 
         # https://fedorahosted.org/freeipa/ticket/4557
590d18 
         connection = PKIConnection(
590d18 
             'https',
590d18 
-            api.env.kra_host,
590d18 
+            self.kra_host,
590d18 
             str(self.kra_port),
590d18 
             'kra')
590d18
590d18 
--
590d18 
2.4.3
590d18

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation