[Freeipa-devel] [PATCH 543] CA install: explicitly set dogtag_version to 10

Martin Babinsky mbabinsk at redhat.com
Tue Jan 26 09:23:12 UTC 2016 

On 01/26/2016 10:14 AM, Martin Babinsky wrote:
> On 01/25/2016 08:56 AM, Alexander Bokovoy wrote:
>> On Mon, 25 Jan 2016, Jan Cholasta wrote:
>>> Hi,
>>>
>>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5611>.
>>>
>>> Note that this is a 4.2-specific fix.
>>>
>>> Honza
>>>
>>> --
>>> Jan Cholasta
>>
>>> From c2a0684c64538166809883a235bd131518b6e78f Mon Sep 17 00:00:00 2001
>>> From: Jan Cholasta <jcholast at redhat.com>
>>> Date: Mon, 25 Jan 2016 08:48:42 +0100
>>> Subject: [PATCH] CA install: explicitly set dogtag_version to 10
>>>
>>> When installing new CA master, explicitly set the dogtag_version
>>> option to
>>> 10 in api.bootstrap() to prevent failures in code which expects the
>>> value
>>> to be 10 rather than the default value of 9.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5611
>>> ---
>>> install/tools/ipa-ca-install | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
>>> index 6564e4d..e8ccaef 100755
>>> --- a/install/tools/ipa-ca-install
>>> +++ b/install/tools/ipa-ca-install
>>> @@ -162,7 +162,7 @@ def install_master(safe_options, options):
>>>
>>>     # override ra_plugin setting read from default.conf so that we have
>>>     # functional dogtag backend plugins during CA install
>>> -    api.bootstrap(in_server=True, ra_plugin='dogtag')
>>> +    api.bootstrap(in_server=True, ra_plugin='dogtag',
>>> dogtag_version=10)
>>>     api.finalize()
>>>
>>>     dm_password = options.password
>>> --
>> ACK.
>>
>
> Not so fast, I have this patch applied on top of ipa-4-2 and it does not
> fix the crash described in the ticket.
>

See the end of CA install log (http://fpaste.org/314777/14537999/), it 
seems that despite setting dogtag version to 10 in API initialization, 
CA instance still thinks it needs to work with version 9.

It seems that dogtag.configured_constants() function is to blame:

"""
In [4]: from ipalib import api

In [5]: api.bootstrap(dogtag_version=10)

In [6]: api.finalize()

In [7]: dogtag.configured_constants()
Out[7]: ipapython.dogtag.Dogtag9Constants

In [8]: dogtag.configured_constants(api)
Out[8]: ipapython.dogtag.Dogtag10Constants
"""

-- 
Martin^3 Babinsky

More information about the Freeipa-devel mailing list