Bug 1754494
Summary: | ipa-replica-install does not enforce --server option | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Florence Blanc-Renaud <frenaud> |
Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | unspecified | ||
Version: | 7.7 | CC: | myusuf, pasik, rcritten, ssidhaye, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.6.6-7.el7 | Doc Type: | Bug Fix |
Doc Text: |
.The `ipa-replica-install` utility now verifies that the server specified in `--server` provides all required roles
The `ipa-replica-install` utility provides a `--server` option to specify the Identity Management (IdM) server which the installer should use for the enrollment. Previously, `ipa-replica-install` did not verify that the supplied server provided the certificate authority (CA) and key recovery authority (KRA) roles. As a consequence, the installer replicated domain data from the specified server and CA data from a different server that provided the CA and KRA roles. With this update, `ipa-replica-install` verifies that the specified server provides all required roles. As a result, if the administrator uses the `--server` option, `ipa-replica-install` only replicates data from the specified server.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-31 19:55:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Florence Blanc-Renaud
2019-09-23 12:25:57 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7566 Fixed upstream master: https://pagure.io/freeipa/c/802e54dd0e33be6015b22853767fc37a9ec02f39 ipa-4-8: https://pagure.io/freeipa/c/c845ef07892eb22118f381e9cb1f05b017099896 ipa-4-7: https://pagure.io/freeipa/c/6c5e72aee4dffb353b79b99324858bf2a1ec7314 ipa-4-6: https://pagure.io/freeipa/c/22e4eef6cb54c74fc9907db1385549db670094fa Test added upstream in ipatests/test_integration/test_installation.py::TestInstallReplicaAgainstSpecificServer Fixed upstream master: https://pagure.io/freeipa/c/c2c1000e2d5481d4be377feb12588fdb09d12de0 https://pagure.io/freeipa/c/c77bbe7899577cb14b42625953f1b9a868e6f237 Test backported upstream: Fixed upstream ipa-4-8: https://pagure.io/freeipa/c/b6134e86b377a2804efbfac1d78091a460898d0c https://pagure.io/freeipa/c/b585e58b845ccecd48934f55c664a12b8ed06fc8 ipa-4-7: https://pagure.io/freeipa/c/e12fa0b88371962e3684c6b932980c3ac0ab8e1d https://pagure.io/freeipa/c/16c794d8a3d7d690883da5b29c5c04a203a2b8db Test backported upstream: Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/f4dc0ee169689974020a4a77b8bb58b26f360369 https://pagure.io/freeipa/c/9b3855ec486990ecd08a9f3a0ca408425ee7fbf7 version: ipa-server-4.6.6-11.el7.x86_64 Steps: 1. Install master with ca and kra setup 2. Install replica1 without ca and stop ipa-custidia service on it. scenario 1: 3. Try to install replica2 with --setup-ca option from replica1 as a server scenario 2: 4. Install CA on replica1 5. Try to install replica2 with --setup-kra option form replica1 as a server scenario 3: 6. Install replica2 against master Scenario 1 and 2 failed and scenario 3 passed. Based on these observations marking the bug as verified. Test backported upstream ipa-4-6: https://pagure.io/freeipa/c/0d91a78ee409e66f96e7b2555ca33fb2128fdfa3 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1083 |