freeipa

Clone
Source Code
GIT

7616f1d dnssec: concurrency issue when disabling old replica key

1 file Authored by frenaud 3 years ago, Committed by abbra 3 years ago,
raw patch tree parent
1 file changed. 14 lines added. 1 lines removed.
daemons/dnssec/ipa-ods-exporter.in
file modified
+14 -1 
    dnssec: concurrency issue when disabling old replica key
    
    When dnssec role is removed from the local node, the uninstaller
    creates a new replica key and marks the older replica keys as disabled
    (both in the local HSM and in LDAP).
    If ipa-ods-exporter runs in the middle of this operation, the old replica
    key may be disabled in the local HSM but not yet in LDAP and
    ipa-ods-exporter believes that it is a new replica key that needs to be
    imported from LDAP to local hsm. The op fails as there is already the key
    in the local HSM.
    
    The error can be ignored, ipa-ods-exporter simply needs to log a warning.
    
    Fixes: https://pagure.io/freeipa/issue/8654
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+14 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.