freeipa

Clone
Source Code
GIT

#9503 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
Closed: fixed 2 years ago by frenaud. Opened 2 years ago by rcritten.

Closed: fixed
Reopen Issue

Issue

With ACME pruning there are a number of knobs to tune the frequency, etc of pruning certificates and requests. Up to pki 11.4.3 if one requests a configuration value by calling pki-server ca-config-show <option> the command always has a return value of 0 so no error checking was required.

With pki 11.5.0 the call to pki-server now returns 1 if the option isn't present.

With all versions it returns a message like ERROR: No such parameter: jobsScheduler.job.pruning.certRetentionUnit

Steps to Reproduce

  1. dnf copr enable @pki/master
  2. Install IPA with a CA with random serial numbers enabled
  3. ipa-acme-manage enable
  4. ipa-acme-manage pruning --certretention=360

Actual behavior

Status: disabled
Certificate Retention Time: 360
ERROR: No such parameter: jobsScheduler.job.pruning.certRetentionUnit

The ipa-acme-manage command failed.

It fails on the first missing value.

Expected behavior

It should list the full configuration.

Version/Release/Distribution

freeipa-server-4.11.0-7.fc39.x86_64
dogtag-pki-base-11.5.0-0.1.alpha4.20231221172054UTC.2e5ee9c1.fc39.noarch

master:

  • a44cb09 ACME: Don't treat pki-server ca-config-show failures as fatal

ipa-4-11:

  • b465cf6 ACME: Don't treat pki-server ca-config-show failures as fatal

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
2 years ago

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-21811
2 years ago

Log in to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.