From 0c3b7bd3b51626fc7f29c98087e1d59ea079bcda Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 1 Sep 2016 15:53:38 +0200 Subject: [PATCH] Fix ipa-certupdate for CA-less installation In a CA-less installation, ipa-certupdate fails with the error message: $ ipa-certupdate trying https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json Forwarding 'ca_is_enabled' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json' Forwarding 'ca_find/1' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json' CA is not configured The ipa-certupdate command failed. The issue happens because ipa-certupdate tries to call ca_find even on a CA_less deployment. The fix skips the call to ca_find in this case. https://fedorahosted.org/freeipa/ticket/6288 Reviewed-By: Tomas Krizek --- ipaclient/ipa_certupdate.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ipaclient/ipa_certupdate.py b/ipaclient/ipa_certupdate.py index e59047a2705eb8ccb98b5213c4c8771f55a29bc5..f340f32bcdca5f5d98177f7aa9af366b67d8dd80 100644 --- a/ipaclient/ipa_certupdate.py +++ b/ipaclient/ipa_certupdate.py @@ -87,9 +87,10 @@ class CertUpdate(admintool.AdminTool): # find lightweight CAs (on renewal master only) lwcas = [] - for ca_obj in api.Command.ca_find()['result']: - if IPA_CA_CN not in ca_obj['cn']: - lwcas.append(ca_obj) + if ca_enabled: + for ca_obj in api.Command.ca_find()['result']: + if IPA_CA_CN not in ca_obj['cn']: + lwcas.append(ca_obj) api.Backend.rpcclient.disconnect() finally: -- 2.7.4