From 44ec2e641c809afbed96bcde2a31388a37a7ec32 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 6 Jul 2018 09:26:19 -0400 Subject: [PATCH] replicainstall: DS SSL replica install pick right certmonger host Extend fix 0f31564b35aac250456233f98730811560eda664 to also move the DS SSL setup so that the xmlrpc_uri is configured to point to the remote master we are configuring against. https://pagure.io/freeipa/issue/7566 Signed-off-by: Rob Crittenden Reviewed-By: Christian Heimes --- ipaserver/install/server/replicainstall.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 387d4ca85d9ad41db3ce2d9bc2ae67ba11836ada..542e1d4d145f266d6fd9ad8e0eaffcb12e8f6bc6 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1448,15 +1448,12 @@ def install(installer): pkcs12_info=pkinit_pkcs12_info, promote=promote) - # we now need to enable ssl on the ds - ds.enable_ssl() - if promote: # We need to point to the master when certmonger asks for - # HTTP certificate. - # During http installation, the HTTP/hostname principal is created - # locally then the installer waits for the entry to appear on the - # master selected for the installation. + # a DS or HTTP certificate. + # During http installation, the /hostname principal is + # created locally then the installer waits for the entry to appear + # on the master selected for the installation. # In a later step, the installer requests a SSL certificate through # Certmonger (and the op adds the principal if it does not exist yet). # If xmlrpc_uri points to the soon-to-be replica, @@ -1470,6 +1467,9 @@ def install(installer): create_ipa_conf(fstore, config, ca_enabled, master=config.master_host_name) + # we now need to enable ssl on the ds + ds.enable_ssl() + install_http( config, auto_redirect=not options.no_ui_redirect, -- 2.17.1