URL: https://github.com/freeipa/freeipa/pull/2580 Author: jaredledvina Title: #2580: Issue #7744: Use api.env.server for config.ca_host_name Action: opened
PR body: """ Bug: https://pagure.io/freeipa/issue/7744 This is a really quick attempt to fix this bug. Currently, the CA server is always chosen from LDAP. As a result, when installing the CA but, passing in `--server`, the replica install will use the server passed in but the CA install can replicate from another. This leads to lots of confusion when reviewing the replication topology and can lead to replicating the entire CA domain from a high latency link. This really bites us in production where new replicas will replicate initially from a server on the other side of the world and that link has high latency causing failures midway through the install. I think this change will work and am happy to test it out. I'd love to see this back ported to 4.5.4 but, understand if that's not possible. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2580/head:pr2580 git checkout pr2580
From 52d76af3ef8bd8e4455e5fd52678604eaf94caf0 Mon Sep 17 00:00:00 2001 From: Jared <jaredledv...@gmail.com> Date: Fri, 16 Nov 2018 21:41:40 -0500 Subject: [PATCH] Use api.env.server for config.ca_host_name Bug: https://pagure.io/freeipa/issue/7744 Match ipaserver/install/server/replicainstall.py for the target CA host instead of always looking up a host from LDAP. --- install/tools/ipa-ca-install.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/tools/ipa-ca-install.in b/install/tools/ipa-ca-install.in index 55eefade37..f1cc4a91b1 100644 --- a/install/tools/ipa-ca-install.in +++ b/install/tools/ipa-ca-install.in @@ -164,7 +164,7 @@ def install_replica(safe_options, options): api.Backend.ldap2.connect() config = ReplicaConfig() - config.ca_host_name = None + config.ca_host_name = api.env.server config.realm_name = api.env.realm config.host_name = api.env.host config.domain_name = api.env.domain
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org