[Freeipa-devel] [PATCH] 6 - Dogtag DRM -IPA plugin
Rob Crittenden
rcritten at redhat.com
Thu May 1 18:55:50 UTC 2014
Ade Lee wrote:
> I have attached a patch that contains code for the new dogtag DRM plugin
> vault functionality. This patch should be applied on top of the ones
> used to install a DRM.
>
> Forthcoming is a patch to actually start using this plugin.
All the imports should be at the top of the file.
In _create_pem_file there is a ipaserver.install.certs.export_pkcs12()
that you can re-use. Similarly install_pem_from_p12() probably does the
same thing, and your copy doesn't take the PKCS#12 password as input AFAICT.
In _transport_cert_present you can use:
from ipaserver.install import certs
db = certs.CertDB(self.realm, nssdir=self.sec_dir)
return db.has_nickname(self.transport_nick)
Should there be error handling around keyclient calls or will that be
handled at a different level?
Incidentally, installing a replica on F-20 with pki-ca-10.2.0-0.1
against an F-20 master with pki-ca-10.1.1-1 fails with this traceback in
pkispawn:
File "/usr/sbin/pkispawn", line 514, in <module>
main(sys.argv)
File "/usr/sbin/pkispawn", line 423, in main
info = parser.sd_get_info()
File
"/usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.py",
line 463, in sd_get_info
info = sd.getSecurityDomainInfo()
File "/usr/lib/python2.7/site-packages/pki/system.py", line 44, in
getSecurityDomainInfo
info.name = response.json()['id']
KeyError: 'id'
rob
More information about the Freeipa-devel
mailing list