Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1059135
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: RFE - ipa-server should keep backup of CS.cfg IPA Server should keep backup of /var/lib/pki-ca/conf/CS.cfg like 389-ds saves dse.ldif.back dse.ldif.startOK Version-Release number of selected component (if applicable): ipa-server-3.0.0-37.el6.x86_64
My assessment:
Backing up CS.cfg should be a responsibility of PKI service, not IPA. Please feel free to also clone to this component. But I think it would make sense for IPA to change it's way of writing to CS.cfg 1) Avoid writing directly to CS.cfg, rather write it on a temporary file 2) Copy existent CS.cfg to IPA specific backup 3) Replace CS.cfg with modified file. This is something Jan Cholasta was also thinking about.
Note that this applies both to installation and to upgrades - whenever we write to CS.cfg.
You can work with Jan and ask for clarification when implementing on this one.
Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.
FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.
Starting review
master:
ipa-4-0:
ipa-4-1:
Metadata Update from @mkosek: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.0.2
ipa-4-9:
Login to comment on this ticket.