While creating topology segment for 2 caless servers, ipa topologysegment add command is failing.
ipa topologysegment add
command failed to add topology segment (it exists)
in RHEL9.3, command used to work i.e topology segment added.
This is related to the server affinity changes made upstream in https://pagure.io/freeipa/issue/9289
It picks master because, ostensibly, replica1 doesn't have a CA on it:
Discovery: available servers for service 'CA' are master.testrealm.test Discovery: using master.testrealm.test for 'CA' service
A split-brain installation can cause racing but that isn't the case here. The replica install is CAless so there should be no issue.
Looks like if the selected host does not contain a CA then it unconditionally switches to one that does, regardless of whether a CA will be installed locally or not. The CA host(s) are queried so we know who to request certificates from. This should not necessarily affect who we create agreeements with, particularly if the user provides a server to connect to.
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://issues.redhat.com/browse/FREEIPA-10626
PR https://github.com/freeipa/freeipa/pull/7104
master:
ipa-4-11:
ipa-4-10:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-21809 (was: https://issues.redhat.com/browse/FREEIPA-10626)
Additional patches are needed: master:
Log in to comment on this ticket.