Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5226>.
Honza -- Jan Cholasta
From bb7cd6dffd5fc2e4f2693ed114113764b28409e1 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <[email protected]> Date: Tue, 18 Aug 2015 12:51:26 +0200 Subject: [PATCH] install: Fix CA-less replica install https://fedorahosted.org/freeipa/ticket/5226 --- ipaserver/install/server/replicainstall.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index ac0f6a3..664a0ba 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -573,14 +573,15 @@ def install(installer): otpd.create_instance('OTPD', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) - CA = cainstance.CAInstance( - config.realm_name, certs.NSS_DIR, - dogtag_constants=dogtag_constants) - CA.dm_password = config.dirman_password - - CA.configure_certmonger_renewal() - CA.import_ra_cert(config.dir + "/ra.p12") - CA.fix_ra_perms() + if ipautil.file_exists(config.dir + "/cacert.p12"): + CA = cainstance.CAInstance( + config.realm_name, certs.NSS_DIR, + dogtag_constants=dogtag_constants) + CA.dm_password = config.dirman_password + + CA.configure_certmonger_renewal() + CA.import_ra_cert(config.dir + "/ra.p12") + CA.fix_ra_perms() # The DS instance is created before the keytab, add the SSL cert we # generated -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
