Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1482802
Description of problem: User is unable to set CA renewal master using `ipa config-mod --ca-renewal-master-server` # ipa config-mod --ca-renewal-master-server `hostname` ipa: ERROR: invalid 'ca_renewal_master_server': must be enabled only on a single master Whereas, following command works fine # ipa config-show | grep renewal IPA CA renewal master: master1.testrelm.test # ipa-csreplica-manage set-renewal-master Directory Manager password: replica1.testrelm.test is now the renewal master # ipa config-show | grep renewal IPA CA renewal master: replica1.testrelm.test Version-Release number of selected component (if applicable): ipa-server-4.5.0-21.el7_4.1.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install IPA Master and Replica 2. Install CA on Replica 3. ipa config-mod --ca-renewal-master-server `hostname` on replica Actual results: config-mod Command fails to set ca renewal master server, but csreplica-manage command successfully sets ca renewal master. Expected results: Both command should set ca renewal master server. Additional info: Documentation here - https://access.redhat.com/documentation/en-US/Red_Hat_Ente rprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/movin g-crl-gen-old.html should discuss `config-mod` command as well.
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1482802
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1001
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @pvoborni: - Issue priority set to: critical - Issue tagged with: regression
master:
ipa-4-6:
ipa-4-5: https://pagure.io/freeipa/c/770fb59637affc22c76256478b53bbe831b3ec88
Metadata Update from @stlaz: - Issue close_status updated to: fixed
Log in to comment on this ticket.