OK Martin, thanks for the explanation - i suspected it might not work quite
correctly. On that basis I have decided to hold off an wait for a more
optimistic situation.
I really appreciate the advice, looks like my time will be better spent
configuring the clients to use the replica!
On Thu, May
It will create clone of the original CA, it will work as backup not a
separate CA.
I'm afraid it will result into the same behavior because it uses almost
the same code, but as I said before this issue is on dogtag side and not
always reproducible.
On 18.05.2017 14:44, Callum Guy wrote:
Thanks for that Martin.
The man page for ipa-ca-install suggests i could pass in my replica file to
create a "CA-less" configuration. Is this what i want or is a CA-full
appropriate? All I want to achieve is the additional resilience provided by
a replica which can both authorise and sign
ipa-ca-install will install on top of FreeIPA CA-less replica, nothing
else, you really don't want to do it manually.
On 18.05.2017 14:12, Callum Guy wrote:
Thanks Martin, really appreciate the additional information.
Are you aware of a separate guide for installing DogTag/PKI on top of
Thanks Martin, really appreciate the additional information.
Are you aware of a separate guide for installing DogTag/PKI on top of
FreeIPA - basically I am happy to install separately if it doesn't
compromise the FreeIPA server configuration, i'm not clear on whether this
is possible without a
Please note that commits in #6766 will not fix this issue, the issue is
on dogtag side, please see https://pagure.io/dogtagpki/issue/2646
Sorry for troubles
On 18.05.2017 12:19, Callum Guy wrote:
Haha, looks like i'm going CA-less for a while on the replica. I don't
see any immediate
Haha, looks like i'm going CA-less for a while on the replica. I don't see
any immediate requirement for one so time to get on with my life!
I'll post back if anything changes but I'm probably stuck waiting for the
upgrade too..
On Thu, May 18, 2017 at 11:01 AM Lachlan Musicman
Sorry cobber. We only found 6766 today - we've been tackling it on and off
for a couple of weeks :)
--
"Mission Statement: To provide hope and inspiration for collective action,
to build collective power, to achieve collective transformation, rooted in
grief and rage but pointed towards
Ah, thanks for that Lachlan - its always reassuring to hear that its not
just me!
As mentioned above I have it running without the CA so that's a good start.
I am sure we will upgrade as well once 4.5 becomes stable and GA for
CentOS. I'm not expecting that to happen quickly so will have to work
https://pagure.io/freeipa/issue/6766
4.5.1 - I stand corrected. Can add more tomorrow.
--
"Mission Statement: To provide hope and inspiration for collective action,
to build collective power, to achieve collective transformation, rooted in
grief and rage but pointed towards vision and
We are seeing this. I'm not at work, but I think it's bug report 6766.
Patch has already been committed (bot by us), we're waiting for IPA 4.5.
cheers
L.
--
"Mission Statement: To provide hope and inspiration for collective action,
to build collective power, to achieve collective
Hi All,
Just following on from this, I have performed an installation without
--setup-ca and it has completed successfully.
I now need to understand what impact this might have, is it the case that I
can still install/configure the CA component? Is there any documentation on
this action?
Also
Hi All,
I am currently stuck trying to setup the first replica of our master IPA
server. I have tried a number of different approaches including escalating
from a client and nothing is working for me. I perform a full OS reset each
time I get stuck.
I'm running CentOS 7.2 with the FreeIPA 4.4.0
13 matches
Mail list logo
