Dogtag listens on port 8080, which is a very common port. pkisilent takes a config file which can include a value for ports. But this is not exposed via the installer command line switches. If the server needs to run on a machine with other process (such as Openstack swift) that are required to listen on port 8080, it conflicts and one or the other cannot run.
There are several spots in the FreeIPA code that hardcodes the port as 8080. See below.
The file ./ipapython/dogtag.py has support for reading the port from the environement via the logic:
conn = httplib.HTTPConnection(
api.env.ca_install_port or 8080)
This approach should be usable in all parts of the code.
./ipaserver/install/cainstance.py: conn = httplib.HTTPConnection(self.fqdn, 8080)
./ipaserver/plugins/dogtag.py: ipautil.format_netloc(self.ca_host, 8080),
./ipaplatform/base/services.py: 'pki-tomcatd @pki-tomcat.service': [8080, 8443],
./ipaplatform/base/services.py: 'pki-tomcat': [8080, 8443],
./ipaplatform/base/services.py: 'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank
Patch that shows the general approach
Note that the above patch merely shows using the Env Var everywhere; there still needs to be some documented way to trigger that Env.
I was not able to test the build/install with the patch as I have configure: error: Package requirements (sss_nss_idmap >= 1.13.90) were not met:
Requested 'sss_nss_idmap >= 1.13.90' but version of sss_nss_idmap is 1.13.4
the sssd dependency can be obtained in @freeipa/freeipa-master COPR repo
More context: http://adam.younglogic.com/2016/07/defconflicting-swift-proxy-with-freeipa/
Per triage on Jul 12, moving to Future release for consideration.
I am not sure the importance of this capability is properly assessed. This seems to be a blocker for use of IdM as a part of OpenStack automated deployment.
I think we need to evaluate this ticket in that context.
I suggest re-tiage.
Metadata Update from @admiyo:
- Issue assigned to someone
- Issue set to the milestone: Future Releases
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.13.2 — Documentation