From ea3848ae6729fda734ec60167129f4cae5253a44 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 18 Jan 2017 13:56:24 +0100 Subject: [PATCH] Wait until HTTPS principal entry is replicated to replica Without HTTP principal the steps later fails. https://fedorahosted.org/freeipa/ticket/6588 Reviewed-By: Stanislav Laznicka --- ipaserver/install/server/replicainstall.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index f54ff7da06c57b9c8251429cbdacc5c300805f84..2a1c290351d8ce1dade5eea2f67539659555af2e 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -36,7 +36,7 @@ from ipaserver.install import ( from ipaserver.install.installutils import ( create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured) from ipaserver.install.replication import ( - ReplicationManager, replica_conn_check) + ReplicationManager, replica_conn_check, wait_for_entry) import SSSDConfig from subprocess import CalledProcessError from binascii import hexlify @@ -86,6 +86,14 @@ def install_http_certs(config, fstore, remote_api): config.master_host_name, paths.IPA_KEYTAB, force_service_add=True) + dn = DN( + ('krbprincipalname', principal), + api.env.container_service, api.env.basedn + ) + conn = ipaldap.IPAdmin(realm=config.realm_name, ldapi=True) + conn.do_external_bind() + wait_for_entry(conn, dn) + conn.unbind() # Obtain certificate for the HTTP service nssdir = certs.NSS_DIR -- 2.9.3