On 03/13/2014 03:15 PM, Martin Kosek wrote: > On 03/13/2014 09:09 AM, Martin Kosek wrote: >> When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9 >> based master, the PKI database is not updated and miss several ACLs >> which prevent some of the PKI functions, e.g. an ability to create >> other clones. >> >> Add an update file to do the database update. Content is based on >> recommendation from PKI team: >> * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9 >> >> This update file can be removed when Dogtag database upgrades are done >> in PKI component. Upstream tickets: >> * https://fedorahosted.org/pki/ticket/710 (database upgrade framework) >> * https://fedorahosted.org/pki/ticket/906 (checking database version) >> >> https://fedorahosted.org/freeipa/ticket/4243 > > I found few issues with the patch: > - New update file was not added to Makefile.am > - PKI was not restarted after LDAP updates so it did not pick up the ACLs and > replica installation will crash anyway. Now the PKI is always restarted at the > end of server/replica installation. > > Martin
FYI - I was just confirmed that this patch finally fixed the issue even in automatized environment (beaker). Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel