URL: https://github.com/freeipa/freeipa/pull/652 Author: flo-renaud Title: #652: dogtag-ipa-ca-renew-agent-submit: fix the is_replicated() function Action: opened
PR body: """ dogtag-ipa-ca-renew-agent-submit behaves differently depending on the certificate it needs to renew. For instance, some certificates (such as IPA RA) are the same on all the hosts and the renewal is actually done only on the renewal master. On other nodes, the new cert is downloaded from LDAP. The function is_replicated() is returning the opposite as what it should. If the cert nickname is IPA RA, it should return that the cert is replicated but it doesn't, and this leads to a wrong code path to renew the cert. https://pagure.io/freeipa/issue/6813 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/652/head:pr652 git checkout pr652
From 5dd82ab460e2e54fd1094b7bf97be2e188545f31 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Fri, 24 Mar 2017 11:02:33 +0100 Subject: [PATCH] dogtag-ipa-ca-renew-agent-submit: fix the is_replicated() function dogtag-ipa-ca-renew-agent-submit behaves differently depending on the certificate it needs to renew. For instance, some certificates (such as IPA RA) are the same on all the hosts and the renewal is actually done only on the renewal master. On other nodes, the new cert is downloaded from LDAP. The function is_replicated() is returning the opposite as what it should. If the cert nickname is IPA RA, it should return that the cert is replicated but it doesn't, and this leads to a wrong code path to renew the cert. https://pagure.io/freeipa/issue/6813 --- install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index cc690b8..5782db7 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -119,7 +119,7 @@ def is_renewable(): def is_replicated(): - return not get_nickname() + return bool(get_nickname()) def is_renewal_master():
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
