[Freeipa-devel] [PATCH] 370 Fixed missing KRA agent cert on replica.
Endi Sukma Dewata
edewata at redhat.com
Sat Aug 1 00:56:51 UTC 2015
The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
--
Endi S. Dewata
-------------- next part --------------
From 04abaf7354d5c140d2bb88c7a58e54f0691fcbe4 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Sat, 1 Aug 2015 02:46:26 +0200
Subject: [PATCH] Fixed missing KRA agent cert on replica.
The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
---
ipaserver/install/krainstance.py | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 50ab424b0e59becfea9e7af4b8d43a32ccbdc823..fa50c3dec897d63b9d3522d196054163f7b3369a 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -256,6 +256,15 @@ class KRAInstance(DogtagInstance):
os.remove(cfg_file)
shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12)
+
+ # export ipaCert with private key for client authentication
+ args = ["/usr/bin/pki",
+ "-d", paths.HTTPD_ALIAS_DIR,
+ "-C", paths.ALIAS_PWDFILE_TXT,
+ "client-cert-show", "ipaCert",
+ "--client-cert", paths.KRA_AGENT_PEM]
+ ipautil.run(args)
+
self.log.debug("completed creating KRA instance")
def __add_ra_user_to_agent_group(self):
@@ -330,14 +339,6 @@ class KRAInstance(DogtagInstance):
finally:
os.remove(filename)
- # export ipaCert with private key for client authentication
- args = ["/usr/bin/pki",
- "-d", paths.HTTPD_ALIAS_DIR,
- "-C", paths.ALIAS_PWDFILE_TXT,
- "client-cert-show", "ipaCert",
- "--client-cert", paths.KRA_AGENT_PEM]
- ipautil.run(args)
-
def __add_vault_container(self):
sub_dict = {
'SUFFIX': self.suffix,
--
2.4.3
More information about the Freeipa-devel
mailing list