The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
--
Endi S. Dewata
From 04abaf7354d5c140d2bb88c7a58e54f0691fcbe4 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata edew...@redhat.com
Date: Sat, 1 Aug 2015 02:46:26 +0200
Subject: [PATCH] Fixed missing KRA agent cert on replica.
The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
---
ipaserver/install/krainstance.py | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index
50ab424b0e59becfea9e7af4b8d43a32ccbdc823..fa50c3dec897d63b9d3522d196054163f7b3369a
100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -256,6 +256,15 @@ class KRAInstance(DogtagInstance):
os.remove(cfg_file)
shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12)
+
+# export ipaCert with private key for client authentication
+args = [/usr/bin/pki,
+-d, paths.HTTPD_ALIAS_DIR,
+-C, paths.ALIAS_PWDFILE_TXT,
+client-cert-show, ipaCert,
+--client-cert, paths.KRA_AGENT_PEM]
+ipautil.run(args)
+
self.log.debug(completed creating KRA instance)
def __add_ra_user_to_agent_group(self):
@@ -330,14 +339,6 @@ class KRAInstance(DogtagInstance):
finally:
os.remove(filename)
-# export ipaCert with private key for client authentication
-args = [/usr/bin/pki,
--d, paths.HTTPD_ALIAS_DIR,
--C, paths.ALIAS_PWDFILE_TXT,
-client-cert-show, ipaCert,
---client-cert, paths.KRA_AGENT_PEM]
-ipautil.run(args)
-
def __add_vault_container(self):
sub_dict = {
'SUFFIX': self.suffix,
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code