Re: [Freeipa-devel] [PATCHES] 172-196 Refactor certificate renewal code

Thu, 20 Mar 2014 10:11:32 -0700 

On 19.3.2014 14:33, Jan Cholasta wrote:

freeipa-jcholast-190.2-Store-information-about-which-CA-server-is-master-in.patch



From 147ab524032902f29b8c3048cdaf21c5606f2274 Mon Sep 17 00:00:00 2001

From: Jan Cholasta<jchol...@redhat.com>
Date: Wed, 16 Oct 2013 08:51:06 +0000
Subject: [PATCH 17/23] Store information about which CA server is master in
  LDAP.

---
  install/tools/ipa-server-install       |  2 +-
  ipaserver/install/cainstance.py        | 17 ++++++++++-
  ipaserver/install/plugins/ca_master.py | 56 ++++++++++++++++++++++++++++++++++
  ipaserver/install/service.py           |  4 +--
  4 files changed, 75 insertions(+), 4 deletions(-)
  create mode 100644 ipaserver/install/plugins/ca_master.py

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index dfe192a..a77ad71 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1114,7 +1114,7 @@ def main():
      if setup_ca:
          # We need to ldap_enable the CA now that DS is up and running
          ca.ldap_enable('CA', host_name, dm_password,
-                       ipautil.realm_to_suffix(realm_name))
+                       ipautil.realm_to_suffix(realm_name), ['master'])

          # This is done within stopped_service context, which restarts CA
          ca.enable_client_auth_to_db()
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 227cea0..c7a459d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1603,8 +1603,23 @@ class CAInstance(service.Service):
          gone or no longer performing certain duties then it is their
          responsibility to handle changes on upgrades.
          """
+        if not self.admin_conn:
+            self.ldap_connect()
+
+        base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+                     api.env.basedn)
+        filter = '(&(cn=CA)(ipaConfigString=master))'
+        try:
+            entries = self.admin_conn.get_entries(
+                base_dn=base_dn, filter=filter, attrs_list=[])
+        except errors.NotFound:
+            pass
+        else:
+            fqdn = entries[0].dn[1].value
+            return api.env.host.lower() == fqdn.lower()


Please use python-dns to compare DNS names.

This is fragile as you know :-)

Thanks!

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to