freeipa

Clone
Source Code
GIT

fd5f000 Fix KRA replica installation from CA master

1 file Authored by cheimes 5 years ago, Committed by tdudlak 5 years ago,
raw patch tree parent
1 file changed. 4 lines added. 1 lines removed.
ipaserver/install/server/replicainstall.py
file modified
+4 -1 
    Fix KRA replica installation from CA master
    
    ipa-replica-install --kra-install can fail when the topology already has
    a KRA, but replica is installed from a master with just CA. In that
    case, Custodia may pick a machine that doesn't have the KRA auditing and
    signing certs in its NSSDB.
    
    Example:
     * master with CA
     * replica1 with CA and KRA
     * new replica gets installed from master
    
    The replica installer now always picks a KRA peer.
    
    The change fixes test scenario TestInstallWithCA1::()::test_replica2_ipa_dns_install
    
    Fixes: https://pagure.io/freeipa/issue/7518
    See: https://pagure.io/freeipa/issue/7008
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+4 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.