[Freeipa-devel] [PATCHES] 172-196 Refactor certificate renewal code
Petr Spacek
pspacek at redhat.com
Thu Mar 20 17:09:06 UTC 2014
On 19.3.2014 14:33, Jan Cholasta wrote:
> freeipa-jcholast-190.2-Store-information-about-which-CA-server-is-master-in.patch
>
>
>>From 147ab524032902f29b8c3048cdaf21c5606f2274 Mon Sep 17 00:00:00 2001
> From: Jan Cholasta<jcholast at redhat.com>
> Date: Wed, 16 Oct 2013 08:51:06 +0000
> Subject: [PATCH 17/23] Store information about which CA server is master in
> LDAP.
>
> ---
> install/tools/ipa-server-install | 2 +-
> ipaserver/install/cainstance.py | 17 ++++++++++-
> ipaserver/install/plugins/ca_master.py | 56 ++++++++++++++++++++++++++++++++++
> ipaserver/install/service.py | 4 +--
> 4 files changed, 75 insertions(+), 4 deletions(-)
> create mode 100644 ipaserver/install/plugins/ca_master.py
>
> diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
> index dfe192a..a77ad71 100755
> --- a/install/tools/ipa-server-install
> +++ b/install/tools/ipa-server-install
> @@ -1114,7 +1114,7 @@ def main():
> if setup_ca:
> # We need to ldap_enable the CA now that DS is up and running
> ca.ldap_enable('CA', host_name, dm_password,
> - ipautil.realm_to_suffix(realm_name))
> + ipautil.realm_to_suffix(realm_name), ['master'])
>
> # This is done within stopped_service context, which restarts CA
> ca.enable_client_auth_to_db()
> diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
> index 227cea0..c7a459d 100644
> --- a/ipaserver/install/cainstance.py
> +++ b/ipaserver/install/cainstance.py
> @@ -1603,8 +1603,23 @@ class CAInstance(service.Service):
> gone or no longer performing certain duties then it is their
> responsibility to handle changes on upgrades.
> """
> + if not self.admin_conn:
> + self.ldap_connect()
> +
> + base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
> + api.env.basedn)
> + filter = '(&(cn=CA)(ipaConfigString=master))'
> + try:
> + entries = self.admin_conn.get_entries(
> + base_dn=base_dn, filter=filter, attrs_list=[])
> + except errors.NotFound:
> + pass
> + else:
> + fqdn = entries[0].dn[1].value
> + return api.env.host.lower() == fqdn.lower()
Please use python-dns to compare DNS names.
This is fragile as you know :-)
Thanks!
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list