Issue #7410: ipa-replica-install --add-agents option doesn't install trust-agent on replica - freeipa

freeipa

#7410 ipa-replica-install --add-agents option doesn't install trust-agent on replica

Closed: fixed 6 years ago Opened 6 years ago by sumenon.

Issue

ipa-replica-install --add-agents doesn't install trust-agent on replica

Steps to Reproduce

install IPA server
Install replica using the below command
ipa-replica-install -w *** -n pytest.test -r PYTEST.TEST -P admin --setup-dns --forwarder=<ip-addr> --add-agents
run ipa server-show command on master

Actual behavior

Replica installed is not showing the server role as: AD trust agent since the option was used.
[root@master ~]# ipa server-show
Server name: replica3.pytest.test
Server name: replica3.pytest.test
Managed suffixes: domain
Min domain level: 0
Max domain level: 1
Enabled server roles: DNS server, NTP server

Expected behavior

Replica server should be added as trust-agent sicne the option is used.
Also need to check various other options specified in ipa-replica-install help
AD trust options:
--add-sids Add SIDs for existing users and groups as the final
step
--add-agents Add IPA masters to a list of hosts allowed to serve
information about users from trusted forests
--enable-compat Enable support for trusted domains for old clients
--netbios-name=NETBIOS_NAME
NetBIOS name of the IPA domain
--rid-base=RID_BASE
Start value for mapping UIDs and GIDs to RIDs
--secondary-rid-base=SECONDARY_RID_BASE
Start value of the secondary range for mapping UIDs
and GIDs to RIDs

Version/Release/Distribution

[root@master ~]# rpm -q ipa-server 389-ds-base ipa-server-trust-ad
ipa-server-4.5.4-10.el7.x86_64
389-ds-base-1.3.7.5-16.el7.x86_64
ipa-server-trust-ad-4.5.4-10.el7.x86_64

Additional info:

Attached log

sumenon commented 6 years ago

abbra commented 6 years ago

I think any of the trust-related options should an cause error if no --setup-adtrust was provided to ipa-replica-install. You weren't specified --setup-adtrust, so no trust setup install happened, thus no action on --add-agents.

Metadata Update from @stlaz:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.8

6 years ago

Metadata Update from @abbra:
- Issue assigned to abbra

6 years ago

abbra commented 6 years ago

PR: https://github.com/freeipa/freeipa/pull/1825

Metadata Update from @cheimes:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.8)

6 years ago

cheimes commented 6 years ago

master:

64ffd11 install: validate AD trust-related options in installers

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.7

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

Attachments 2

ipareplica-install.log

Attached 6 years ago View Comment

replica-trust-agent.txt

Attached 6 years ago View Comment

freeipa

Source Code

#7410 ipa-replica-install --add-agents option doesn't install trust-agent on replica Closed: fixed 6 years ago Opened 6 years ago by sumenon.

Issue

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Additional info:

Metadata

Attachments 2

#7410 ipa-replica-install --add-agents option doesn't install trust-agent on replica

Closed: fixed 6 years ago Opened 6 years ago by sumenon.