freeipa

Clone
Source Code
GIT

#7744 ipa-replica-install picks wrong replica for CA initial replication
Closed: fixed 5 years ago by cheimes. Opened 5 years ago by shaman007.

Closed: fixed
Reopen Issue

Request for enhancement

As admin , I want to fix IPA replica installation process so that ipa-replica-install would be picking up one replication node for entire process.

Issue

During freeipa0X redeploy we noticed that even "–sever freeipa0X.domain.com" is given to ipa-replica-install it always picks freeipa0Y.domain.com as the initial master for CA replication.

Version/Release/Distribution

CentOS 7.5 (and current code base)

Additional info:

The actual code that does the thing is in the file

ipaserver/install/ca.py:

-->>> 255: master_host = replica_config.ca_host_name

replica_config.ca_host_name comes from install/tools/ipa-ca-install.in

if config.ca_host_name is None:
    config.ca_host_name = \
        service.find_providing_server('CA', api.Backend.ldap2, api.env.ca_host)

and it is set as "None" 20 lines above:

config.ca_host_name = None

Could it be first from the command line argument or set to options.server as it is done in the ipaclient/install/client.py ?

Actually I want something like this:

--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -266,6 +266,8 @@ def install_step_0(standalone, replica_config, options, custodia):

         pkcs12_info = None
         master_host = None
+        if options.server:
+            master_host = options.server
         master_replication_port = None
         ra_p12 = None
         ra_only = False
Edited 5 years ago by shaman007

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.8
5 years ago

master:

  • c0fd5e3 replica install: set the same master as preferred source for domain and CA

PR https://github.com/freeipa/freeipa/pull/2698 has fixed the problem for master. You haven't specified a version number in your initial bug report. Are 4.6 or 4.7 affected, too?

@frenaud Now I know what has bothered me about the fix. With c0fd5e3 it is no longer possible to override ca_host to point the replica to another host. Better fix:

if api.env.ca_host == api.env.host:
    # ca_host has not been configured explicitly, prefer source master
    config.ca_host_name = api.env.server
else:
    config.ca_host_name = api.env.ca_host

master:

  • 52e5ef8 replica install: acknowledge ca_host override

ipa-4-7:

  • 7453214 replica install: acknowledge ca_host override

ipa-4-6:

  • 902606c replica install: acknowledge ca_host override

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Metadata Update from @fcami:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1693432
5 years ago

Issue linked to Bugzilla: Bug 1693432

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1693432, https://bugzilla.redhat.com/show_bug.cgi?id=1704796 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1693432)
4 years ago

Issue linked to Bugzilla: Bug 1704796

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1693432, https://bugzilla.redhat.com/show_bug.cgi?id=1704796
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.