I’m sold. ACK Simo, speak now or forever hold your peace (or patch it later).
> On Jun 23, 2015, at 2:20 PM, Christian Heimes <chei...@redhat.com> wrote: > > On 2015-06-23 19:55, Nathaniel McCallum wrote: >> The behavior I'm worried about here is this: >> 1. Admin installs or updates FreeIPA (w/ kdcproxy) >> 2. Admin disables kdcproxy >> 3. Admin updates to the next version >> >> After step #3, is kdcproxy enabled or disabled? I don't have a clear answer >> to this (or at least I'm not seeing it). >> >> Other than this, I'm happy. So if we can answer this, it is an ack from me. > > That is covered by the check is_kdcproxy_configured(). It checks for the > presence of a file. That file is created during installation or at the > first update. > > > Let's see if the check works. At first I'm disabling kdcproxy: > > # ipa-ldap-updater /usr/share/ipa/kdcproxy-disable.uldif > Parsing update file '/usr/share/ipa/kdcproxy-disable.uldif' > Updating existing entry: > cn=KDC,cn=vm-164.abc.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example > Done > Update complete > The ipa-ldap-updater command was successful > > # systemctl restart httpd.service > > # curl https://vm-164.abc.idm.lab.eng.brq.redhat.com/KdcProxy > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>404 Not Found</title> > </head><body> > <h1>Not Found</h1> > <p>The requested URL /KdcProxy was not found on this server.</p> > </body></html> > > # stat /etc/httpd/conf.d/ipa-kdc-proxy.conf > stat: cannot stat ‘/etc/httpd/conf.d/ipa-kdc-proxy.conf’: No such file > or directory > > > Next I'm running the updater and check the feature again: > > # ipa-server-upgrade > ... > # systemctl restart httpd.service > > # curl https://vm-164.abc.idm.lab.eng.brq.redhat.com/KdcProxy > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>404 Not Found</title> > </head><body> > <h1>Not Found</h1> > <p>The requested URL /KdcProxy was not found on this server.</p> > </body></html> > > # stat /etc/httpd/conf.d/ipa-kdc-proxy.conf > stat: cannot stat ‘/etc/httpd/conf.d/ipa-kdc-proxy.conf’: No such file > or directory > > > KDC proxy is still disable. Let's enable it and check again. > > # ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif > Parsing update file '/usr/share/ipa/kdcproxy-enable.uldif' > Updating existing entry: > cn=KDC,cn=vm-164.abc.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example > Done > Update complete > The ipa-ldap-updater command was successful > > # systemctl restart httpd.service > > # curl https://vm-164.abc.idm.lab.eng.brq.redhat.com/KdcProxy > Method not allowed (GET) > > # stat /etc/httpd/conf.d/ipa-kdc-proxy.conf > File: ‘/etc/httpd/conf.d/ipa-kdc-proxy.conf’ -> > ‘/etc/ipa/kdcproxy/ipa-kdc-proxy.conf’ > Size: 36 Blocks: 0 IO Block: 4096 symbolic link > Device: fd01h/64769d Inode: 398238 Links: 1 > ... > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
