sanderw / freeipa

Forked from freeipa 5 years ago
Clone
Source Code
GIT

a0cdeb6 Use single Custodia instance in installers

Authored and Committed by cheimes 6 years ago
raw patch tree parent
8 files changed. 158 lines added. 78 lines removed.
install/tools/ipa-ca-install
file modified
+12 -2
ipaserver/install/ca.py
file modified
+12 -14
ipaserver/install/cainstance.py
file modified
+4 -5
ipaserver/install/custodiainstance.py
file modified
+105 -37
ipaserver/install/ipa_kra_install.py
file modified
+8 -2
ipaserver/install/kra.py
file modified
+1 -5
ipaserver/install/server/install.py
file modified
+8 -6
ipaserver/install/server/replicainstall.py
file modified
+8 -7 
    Use single Custodia instance in installers
    
    Installers now pass a single CustodiaInstance object around, instead of
    creating new instances on demand. In case of replica promotion with CA,
    the instance gets all secrets from a master with CA present. Before, an
    installer created multiple instances and may have requested CA key
    material from a different machine than DM password hash.
    
    In case of Domain Level 1 and replica promotion, the CustodiaInstance no
    longer adds the keys to the local instance and waits for replication to
    other replica. Instead the installer directly uploads the new public
    keys to the remote 389-DS instance.
    
    Without promotion, new Custodia public keys are still added to local
    389-DS over LDAPI.
    
    Fixes: https://pagure.io/freeipa/issue/7518
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Simo Sorce <ssorce@redhat.com>
    Reviewed-By: Simo Sorce <ssorce@redhat.com>
file modified
+12 -2
file modified
+12 -14
file modified
+4 -5
file modified
+105 -37
file modified
+8 -2
file modified
+1 -5
file modified
+8 -6
file modified
+8 -7
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.