From 4edd39fb05dfd92924fc7f0c37fee3d269edf298 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Jul 01 2016 13:08:42 +0000
Subject: Fix replica install with CA


The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966

Reviewed-By: Petr Spacek <pspacek@redhat.com>

---

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index abd1452..0068ff3 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -1082,6 +1082,9 @@ class BindInstance(service.Service):
         self.__add_ipa_ca_record()
 
     def add_ipa_ca_dns_records(self, fqdn, domain_name, ca_configured=True):
+        if not self.api.Backend.ldap2.isconnected():
+            self.api.Backend.ldap2.connect(autobind=True)
+
         host, zone = fqdn.split(".", 1)
         if dns_zone_exists(zone, self.api):
             addrs = get_fwd_rr(zone, host, api=self.api)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index fa92aec..3d6c1c0 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -309,7 +309,7 @@ class CAInstance(DogtagInstance):
     server_cert_name = 'Server-Cert cert-pki-ca'
 
     def __init__(self, realm=None, ra_db=None, host_name=None,
-                 dm_password=None, ldapi=True):
+                 dm_password=None, ldapi=True, api=api):
         super(CAInstance, self).__init__(
             realm=realm,
             subsystem="CA",
@@ -325,6 +325,7 @@ class CAInstance(DogtagInstance):
         self.cert_file = None
         self.cert_chain_file = None
         self.create_ra_agent_db = True
+        self.api = api
 
         if realm is not None:
             self.canickname = get_ca_nickname(realm)
@@ -1294,7 +1295,7 @@ class CAInstance(DogtagInstance):
         if bindinstance.dns_container_exists(
             api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm
         ):
-            bind = bindinstance.BindInstance(ldapi=True)
+            bind = bindinstance.BindInstance(ldapi=True, api=self.api)
             bind.add_ipa_ca_dns_records(api.env.host, api.env.domain)
 
     def configure_replica(self, master_host, subject_base=None,
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 9ed6ef4..7601ce1 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1477,7 +1477,8 @@ def promote(installer):
 
         ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
                                    host_name=config.host_name,
-                                   dm_password=config.dirman_password)
+                                   dm_password=config.dirman_password,
+                                   api=remote_api)
         ca.configure_replica(config.ca_host_name,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)