[Freeipa-devel] [freeipa PR#574][synchronized] ipa-replica-prepare fix

Mon, 13 Mar 2017 07:26:45 -0700 

   URL: https://github.com/freeipa/freeipa/pull/574
Author: stlaz
 Title: #574: ipa-replica-prepare fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/574/head:pr574
git checkout pr574

From 21a2c34e3cac0e8c32a68fb53ac1820fb143f1cd Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 13 Mar 2017 14:25:36 +0100
Subject: [PATCH 1/2] Fix ipa-replica-prepare server-cert creation

Fixes an issue introduced in 0a54fac0, we need to specify the current
master's hostname so that we know to which CA we need to connect to
create the other's server Server-Cert.

https://pagure.io/freeipa/issue/6755
---
 ipaserver/install/ipa_replica_prepare.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index da13e74..f9f2758 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -603,7 +603,8 @@ def export_certdb(self, fname, passwd_fname, is_kdc=False):
 
         try:
             db = certs.CertDB(
-                api.env.realm, nssdir=self.dir, subject_base=subject_base)
+                api.env.realm, nssdir=self.dir, subject_base=subject_base,
+                host_name=api.env.host)
             db.create_passwd_file()
             db.create_from_cacert()
             db.create_server_cert(nickname, hostname)

From 5ad5230e6e6391a6e2c9147a48665403c018c987 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 13 Mar 2017 14:40:38 +0100
Subject: [PATCH 2/2] Don't fail more if cert req/cert creation failed

This should help debugging issues that could happen during server
certificate creation.

https://pagure.io/freeipa/issue/6755
---
 ipaserver/install/certs.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 660da79..63e7887 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -368,8 +368,11 @@ def create_server_cert(self, nickname, hostname, subject=None):
             with open(self.certder_fname, "r") as f:
                 dercert = f.read()
         finally:
-            os.unlink(self.certreq_fname)
-            os.unlink(self.certder_fname)
+            for fname in (self.certreq_fname, self.certder_fname):
+                try:
+                    os.unlink(fname)
+                except OSError:
+                    pass
 
         return dercert
 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to