As admin, I want ipa-kra-install to exit if /etc/ipa/default.conf contains a ca_host line to avoid unintended and undesired behavior.
Currently, ipa-kra-install will accept to "install" the KRA on a replica where ca_host is overriden and points to another host in the cluster. Not only the installation "succeeds", but the resulting KRA is not properly configured: ipa-kra-install will instead contact the other host's DogTag to "configure" it.
The resulting KRA configuration is not working properly, which is not surprising as ipa0's DogTag is now misconfigured while ipa0 is listed as having the "KRA server" role. This is even more visible if ipa1 is hidden.
ipa-kra-install exits early if ca_host is overriden.
https://github.com/freeipa/freeipa/pull/5613
Metadata Update from @antorres: - Issue assigned to antorres
master:
Metadata Update from @antorres: - Custom field affects_doc adjusted to on - Custom field knownissue adjusted to on - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-9:
Login to comment on this ticket.