Issue #5933: CA installation detection differences - freeipa

freeipa

#5933 CA installation detection differences

Opened 9 years ago by rcritten. Modified 8 years ago

ipa-ca-install detects whether a CA is configured based on the existence of "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg via cainstance.is_ca_installed_locally()

ipa-csreplica-manage determines it based on the services in cn=masters.

We've seen in the past where a CA install fails and doesn't mark the CA as installed so pkidestroy doesn't get called. This may be another corner case of it but we've seen two reports of it on freeipa-users when users try to install a 4.x master with a CA against a 3.0 master. I don't know if the versions are significant.

pvoborni commented 9 years ago

triage notes:

H: looks like invalid to me - sometimes we want to check if a CA is installed locally, sometimes we want to check if it is installed anywhere in the domain, the difference is intentional
mbasti: maybe we should unify the way how to detect the local installation of CA, if cn=masters is used for detection of local CA (haven't looked deep maybe honza is right)

Metadata Update from @rcritten:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

8 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Future Releases

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

None

rhbz

todo

freeipa

Source Code

#5933 CA installation detection differences Opened 9 years ago by rcritten. Modified 8 years ago

Close issue as:

Metadata

#5933 CA installation detection differences

Opened 9 years ago by rcritten. Modified 8 years ago