From c7f76e4f6c0f288b184152f5f6f45d11287914b3 Mon Sep 17 00:00:00 2001

From: Jan Cholasta <jcholast@redhat.com>

Date: Mon, 25 Jan 2016 08:48:42 +0100

Subject: [PATCH] CA install: explicitly set dogtag_version to 10

When installing new CA master, explicitly set the dogtag_version option to

10 in api.bootstrap() to prevent failures in code which expects the value

to be 10 rather than the default value of 9.

https://fedorahosted.org/freeipa/ticket/5611

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

---

 install/tools/ipa-ca-install        | 2 +-

 ipaserver/install/cainstance.py     | 6 +++---

 ipaserver/install/server/upgrade.py | 2 +-

 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install

index 6564e4d0304d4e189b133c495b75f200b04e2988..e8ccaef5b90807f452f77c2b62641df3952180d6 100755

--- a/install/tools/ipa-ca-install

+++ b/install/tools/ipa-ca-install

@@ -162,7 +162,7 @@ def install_master(safe_options, options):

     # override ra_plugin setting read from default.conf so that we have

     # functional dogtag backend plugins during CA install

-    api.bootstrap(in_server=True, ra_plugin='dogtag')

+    api.bootstrap(in_server=True, ra_plugin='dogtag', dogtag_version=10)

     api.finalize()

     dm_password = options.password

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py

index d9bf4f31af5a922dd6f977a5011f50ce7cea8896..369902ad04b197c9e9516503c1f81c4de1ef153b 100644

--- a/ipaserver/install/cainstance.py

+++ b/ipaserver/install/cainstance.py

@@ -478,7 +478,7 @@ class CAInstance(DogtagInstance):

                       self.http_proxy)

             self.step("restarting certificate server", self.restart_instance)

             self.step("migrating certificate profiles to LDAP",

-                      migrate_profiles_to_ldap)

+                      lambda: migrate_profiles_to_ldap(self.dogtag_constants))

             self.step("importing IPA certificate profiles",

                       import_included_profiles)

             self.step("adding default CA ACL", ensure_default_caacl)

@@ -1768,7 +1768,7 @@ def import_included_profiles():

     conn.disconnect()

-def migrate_profiles_to_ldap():

+def migrate_profiles_to_ldap(dogtag_constants):

     """Migrate profiles from filesystem to LDAP.

     This must be run *after* switching to the LDAPProfileSubsystem

@@ -1783,7 +1783,7 @@ def migrate_profiles_to_ldap():

     api.Backend.ra_certprofile._read_password()

     api.Backend.ra_certprofile.override_port = 8443

-    with open(dogtag.configured_constants().CS_CFG_PATH) as f:

+    with open(dogtag_constants.CS_CFG_PATH) as f:

         cs_cfg = f.read()

     match = re.search(r'^profile\.list=(\S*)', cs_cfg, re.MULTILINE)

     profile_ids = match.group(1).split(',')

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py

index 1f1cfeb672809c0298c69c121ac38d6c7a482d11..0a46635979497f8028465c2295b22485fd9c0279 100644

--- a/ipaserver/install/server/upgrade.py

+++ b/ipaserver/install/server/upgrade.py

@@ -336,7 +336,7 @@ def ca_enable_ldap_profile_subsystem(ca):

             separator='=')

         ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME)

-        cainstance.migrate_profiles_to_ldap()

+        cainstance.migrate_profiles_to_ldap(caconfig)

     return needs_update

-- 

2.5.0