URL: https://github.com/freeipa/freeipa/pull/2048 Author: tiran Title: #2048: Always set ca_host when installing replica Action: opened
PR body: """ ipa-replica-install only set ca_host in its temporary /etc/ipa/default.conf, when it wasn't installing a replica with CA. As a consequence, the replica installer was picking a random CA server from LDAP. Always set the replication peer as ca_host. This will ensure that the installer uses the same replication peer for CA. In case the replication peer is not a CA master, the installer will automatically pick another host later. See: https://pagure.io/freeipa/issue/7566 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2048/head:pr2048 git checkout pr2048
From 15e528035c6f360466ae211d85dd0318c38db534 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 19 Jun 2018 19:10:27 +0200 Subject: [PATCH] Always set ca_host when installing replica ipa-replica-install only set ca_host in its temporary /etc/ipa/default.conf, when it wasn't installing a replica with CA. As a consequence, the replica installer was picking a random CA server from LDAP. Always set the replication peer as ca_host. This will ensure that the installer uses the same replication peer for CA. In case the replication peer is not a CA master, the installer will automatically pick another host later. See: https://pagure.io/freeipa/issue/7566 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/install/server/replicainstall.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 76f1025a8c..caf3e8a54a 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -241,11 +241,9 @@ def create_ipa_conf(fstore, config, ca_enabled, master=None): gopts.extend([ ipaconf.setOption('enable_ra', 'True'), ipaconf.setOption('ra_plugin', 'dogtag'), - ipaconf.setOption('dogtag_version', '10') + ipaconf.setOption('dogtag_version', '10'), + ipaconf.setOption('ca_host', config.ca_host_name) ]) - - if not config.setup_ca: - gopts.append(ipaconf.setOption('ca_host', config.ca_host_name)) else: gopts.extend([ ipaconf.setOption('enable_ra', 'False'),
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/EKCE7MB26DPOKWEQIEPIDGRWXAWZZ6GJ/
