From 851ce93ac07044172a7db56d54ab9e1d7c7ec79f Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 15 Jan 2024 09:05:58 -0500 Subject: [PATCH] Server affinity: Don't rely just on [ca|kra]_enabled for installs ca_enable and kra_enabled are intended to be used to identify that a CA or KRA is available in the topology. It was also being used to determine whether a CA or KRA service is desired on a replica install, rather than options.setup_[ca|kra] Fixes: https://pagure.io/freeipa/issue/9510 Signed-off-by: Rob Crittenden Reviewed-By: Florence Blanc-Renaud --- ipaserver/install/server/replicainstall.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 8096b6accb4c94fefdfcc06f19584c63c24d7baf..191913ddb973b94bcd8ad920570edcee27349ffd 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1143,7 +1143,8 @@ def promote_check(installer): installer._remote_api = remote_api conn = remote_api.Backend.ldap2 conn.connect(ccache=installer._ccache) - config.kra_host_name = kra_host + config.kra_host_name = kra_host + if options.setup_kra: # only reset ca_host if KRA is requested config.ca_host_name = kra_host kra_enabled = True # There is a KRA somewhere in the topology if options.setup_kra and options.server and \ @@ -1381,7 +1382,7 @@ def install(installer): custodia = custodiainstance.get_custodia_instance(config, mode) custodia.create_instance() - if ca_enabled: + if options.setup_ca and ca_enabled: options.realm_name = config.realm_name options.domain_name = config.domain_name options.host_name = config.host_name @@ -1397,7 +1398,7 @@ def install(installer): service.print_msg("Finalize replication settings") ds.finalize_replica_config() - if kra_enabled: + if options.setup_kra and kra_enabled: kra.install(api, config, options, custodia=custodia) service.print_msg("Restarting the KDC") -- 2.43.0