[Freeipa-devel] [PATCH 543] CA install: explicitly set dogtag_version to 10

Martin Babinsky mbabinsk at redhat.com
Wed Jan 27 11:10:51 UTC 2016 

On 01/27/2016 09:27 AM, Jan Cholasta wrote:
> On 26.1.2016 10:23, Martin Babinsky wrote:
>> On 01/26/2016 10:14 AM, Martin Babinsky wrote:
>>> On 01/25/2016 08:56 AM, Alexander Bokovoy wrote:
>>>> On Mon, 25 Jan 2016, Jan Cholasta wrote:
>>>>> Hi,
>>>>>
>>>>> the attached patch fixes
>>>>> <https://fedorahosted.org/freeipa/ticket/5611>.
>>>>>
>>>>> Note that this is a 4.2-specific fix.
>>>>>
>>>>> Honza
>>>>>
>>>>> --
>>>>> Jan Cholasta
>>>>
>>>>> From c2a0684c64538166809883a235bd131518b6e78f Mon Sep 17 00:00:00 2001
>>>>> From: Jan Cholasta <jcholast at redhat.com>
>>>>> Date: Mon, 25 Jan 2016 08:48:42 +0100
>>>>> Subject: [PATCH] CA install: explicitly set dogtag_version to 10
>>>>>
>>>>> When installing new CA master, explicitly set the dogtag_version
>>>>> option to
>>>>> 10 in api.bootstrap() to prevent failures in code which expects the
>>>>> value
>>>>> to be 10 rather than the default value of 9.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/5611
>>>>> ---
>>>>> install/tools/ipa-ca-install | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/install/tools/ipa-ca-install
>>>>> b/install/tools/ipa-ca-install
>>>>> index 6564e4d..e8ccaef 100755
>>>>> --- a/install/tools/ipa-ca-install
>>>>> +++ b/install/tools/ipa-ca-install
>>>>> @@ -162,7 +162,7 @@ def install_master(safe_options, options):
>>>>>
>>>>>     # override ra_plugin setting read from default.conf so that we
>>>>> have
>>>>>     # functional dogtag backend plugins during CA install
>>>>> -    api.bootstrap(in_server=True, ra_plugin='dogtag')
>>>>> +    api.bootstrap(in_server=True, ra_plugin='dogtag',
>>>>> dogtag_version=10)
>>>>>     api.finalize()
>>>>>
>>>>>     dm_password = options.password
>>>>> --
>>>> ACK.
>>>>
>>>
>>> Not so fast, I have this patch applied on top of ipa-4-2 and it does not
>>> fix the crash described in the ticket.
>>>
>>
>> See the end of CA install log (http://fpaste.org/314777/14537999/), it
>> seems that despite setting dogtag version to 10 in API initialization,
>> CA instance still thinks it needs to work with version 9.
>>
>> It seems that dogtag.configured_constants() function is to blame:
>>
>> """
>> In [4]: from ipalib import api
>>
>> In [5]: api.bootstrap(dogtag_version=10)
>>
>> In [6]: api.finalize()
>>
>> In [7]: dogtag.configured_constants()
>> Out[7]: ipapython.dogtag.Dogtag9Constants
>>
>> In [8]: dogtag.configured_constants(api)
>> Out[8]: ipapython.dogtag.Dogtag10Constants
>> """
>
> Updated patch attached.
>

ACK

-- 
Martin^3 Babinsky

More information about the Freeipa-devel mailing list