On 19.3.2014 14:33, Jan Cholasta wrote:
freeipa-jcholast-190.2-Store-information-about-which-CA-server-is-master-in.patch
From 147ab524032902f29b8c3048cdaf21c5606f2274 Mon Sep 17 00:00:00 2001
From: Jan Cholasta<jchol...@redhat.com>
Date: Wed, 16 Oct 2013 08:51:06 +0000
Subject: [PATCH 17/23] Store information about which CA server is master in
LDAP.
---
install/tools/ipa-server-install | 2 +-
ipaserver/install/cainstance.py | 17 ++++++++++-
ipaserver/install/plugins/ca_master.py | 56 ++++++++++++++++++++++++++++++++++
ipaserver/install/service.py | 4 +--
4 files changed, 75 insertions(+), 4 deletions(-)
create mode 100644 ipaserver/install/plugins/ca_master.py
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index dfe192a..a77ad71 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1114,7 +1114,7 @@ def main():
if setup_ca:
# We need to ldap_enable the CA now that DS is up and running
ca.ldap_enable('CA', host_name, dm_password,
- ipautil.realm_to_suffix(realm_name))
+ ipautil.realm_to_suffix(realm_name), ['master'])
# This is done within stopped_service context, which restarts CA
ca.enable_client_auth_to_db()
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 227cea0..c7a459d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1603,8 +1603,23 @@ class CAInstance(service.Service):
gone or no longer performing certain duties then it is their
responsibility to handle changes on upgrades.
"""
+ if not self.admin_conn:
+ self.ldap_connect()
+
+ base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+ api.env.basedn)
+ filter = '(&(cn=CA)(ipaConfigString=master))'
+ try:
+ entries = self.admin_conn.get_entries(
+ base_dn=base_dn, filter=filter, attrs_list=[])
+ except errors.NotFound:
+ pass
+ else:
+ fqdn = entries[0].dn[1].value
+ return api.env.host.lower() == fqdn.lower()
Please use python-dns to compare DNS names.
This is fragile as you know :-)
Thanks!
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel