#4166 Backup CS.cfg before modifying it
Closed: Fixed None Opened 8 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1059135

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
RFE - ipa-server should keep backup of CS.cfg
IPA Server should keep backup of /var/lib/pki-ca/conf/CS.cfg like 389-ds saves
dse.ldif.back dse.ldif.startOK

Version-Release number of selected component (if applicable):

My assessment:

Backing up CS.cfg should be a responsibility of PKI service, not IPA. Please feel free to also clone to this component.

But I think it would make sense for IPA to change it's way of writing to CS.cfg
1) Avoid writing directly to CS.cfg, rather write it on a temporary file
2) Copy existent CS.cfg to IPA specific backup
3) Replace CS.cfg with modified file.

This is something Jan Cholasta was also thinking about.

Note that this applies both to installation and to upgrades - whenever we write to CS.cfg.

You can work with Jan and ask for clarification when implementing on this one.

Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.

FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.


  • 2ed6fb0 Backup CS.cfg before modifying it


  • 8292b22 Backup CS.cfg before modifying it


  • b6c7e5f Backup CS.cfg before modifying it

Metadata Update from @mkosek:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.0.2

5 years ago


  • b8ebce7 ipatests: test_installation: add install test scenarios


  • a213110 ipatests: test_installation: add install test scenarios

Login to comment on this ticket.