URL: https://github.com/freeipa/freeipa/pull/354 Author: frasertweedale Title: #354: Fix DL1 replica installation in CA-less topology Action: opened
PR body: """ Commit dbb98765d73519289ee22f3de1a5ccde140f6f5d changed certmonger requests for DS and HTTP certificates during installation to raise on error (https://fedorahosted.org/freeipa/ticket/6514). This introduced a regression in DL1 replica installation in CA-less topology. A certificate was requested, but prior to the aforementioned commit this would fail silently and installation continued, whereas now installation fails. Guard the certificate request with a check that the topology is CA-ful. Fixes: https://fedorahosted.org/freeipa/ticket/6573 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/354/head:pr354 git checkout pr354
From db6038d2bf11f349d79dddc5e10865dd9b3d333a Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Tue, 20 Dec 2016 16:45:38 +1000 Subject: [PATCH] Fix DL1 replica installation in CA-less topology Commit dbb98765d73519289ee22f3de1a5ccde140f6f5d changed certmonger requests for DS and HTTP certificates during installation to raise on error (https://fedorahosted.org/freeipa/ticket/6514). This introduced a regression in DL1 replica installation in CA-less topology. A certificate was requested, but prior to the aforementioned commit this would fail silently and installation continued, whereas now installation fails. Guard the certificate request with a check that the topology is CA-ful. Fixes: https://fedorahosted.org/freeipa/ticket/6573 --- ipaserver/install/server/replicainstall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index b0cf28f..6e986f7 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1338,7 +1338,7 @@ def install(installer): # Always try to install DNS records install_dns_records(config, options, remote_api) - if promote: + if promote and ca_enabled: # we need to install http certs to setup ssl for httpd install_http_certs(config.host_name, config.realm_name,
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
