rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0142-ipa-kra-install-fix-pkispawn-setting-for-pki_securit.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   460745326ba253b5c4924b624dbc2f0714a2af42
  2.   SOURCES
  3.   0142-ipa-kra-install-fix-pkispawn-setting-for-pki_securit.patch
Blob History Raw
ac7d03 
From 58a9bd7ec98de555db23159e614b2021ec91b2e3 Mon Sep 17 00:00:00 2001
ac7d03 
From: Florence Blanc-Renaud <flo@redhat.com>
ac7d03 
Date: Thu, 11 May 2017 14:53:09 +0200
ac7d03 
Subject: [PATCH] ipa-kra-install: fix pkispawn setting for
ac7d03 
 pki_security_domain_hostname
ac7d03
ac7d03 
During ipa-kra-install, the installer prepares a configuration file
ac7d03 
provided to pkispawn. This configuration file defines
ac7d03 
pki_security_domain_hostname=(first master)
ac7d03
ac7d03 
but when we are installing a clone, it should be set to the local hostname
ac7d03 
instead, see man page pki_default.cfg:
ac7d03 
      pki_security_domain_hostname, pki_security_domain_https_port
ac7d03 
              Location  of  the security domain.  Required for KRA, OCSP, TKS,
ac7d03 
              and TPS subsystems and for  CA  subsystems  joining  a  security
ac7d03 
              domain.  Defaults to the location of the CA subsystem within the
ac7d03 
              same instance.
ac7d03
ac7d03 
When pki_security_domain_hostname points to the 1st master, and this first
ac7d03 
master is decommissioned, ipa-kra-install fails on new replicas because pkispawn
ac7d03 
tries to connect to this (non-existing) host.
ac7d03
ac7d03 
https://pagure.io/freeipa/issue/6895
ac7d03
ac7d03 
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
ac7d03 
---
ac7d03 
 ipaserver/install/krainstance.py | 2 +-
ac7d03 
 1 file changed, 1 insertion(+), 1 deletion(-)
ac7d03
ac7d03 
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
ac7d03 
index abb81897a404613e20be10d348096402ef08624b..cdd25b9d05bcb1a30260475cc2341a258a3cf93c 100644
ac7d03 
--- a/ipaserver/install/krainstance.py
ac7d03 
+++ b/ipaserver/install/krainstance.py
ac7d03 
@@ -252,7 +252,7 @@ class KRAInstance(DogtagInstance):
ac7d03 
             os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid)
ac7d03
ac7d03 
             # Security domain registration
ac7d03 
-            config.set("KRA", "pki_security_domain_hostname", self.master_host)
ac7d03 
+            config.set("KRA", "pki_security_domain_hostname", self.fqdn)
ac7d03 
             config.set("KRA", "pki_security_domain_https_port", "443")
ac7d03 
             config.set("KRA", "pki_security_domain_user", self.admin_user)
ac7d03 
             config.set("KRA", "pki_security_domain_password",
ac7d03 
--
ac7d03 
2.9.4
ac7d03

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation