Hide Forgot
Description of problem: "ipa-kra-install" command when run on replica should not ask for replica file when replica server is configured using the same file containing KRA information. Version-Release number of selected component (if applicable): ipa-server-4.2.0-15.el7_2.15.x86_64 pki-server-10.2.5-6.el7.noarch pki-kra-10.2.5-6.el7.noarch How reproducible: Always Steps to Reproduce: 1. Setup IPA server with 7.2 up4 (ipa-server-4.2.0-15.el7_2.15.x86_64) 2. Install KRA on IPA server # ipa-kra-install -p <password> -U 3. Configure Replica for this server. 4. Now try to install KRA on Replica: # ipa-kra-install -p <password> -U Actual results: After step4, notice following message: Usage: ipa-kra-install [options] [replica_file] ipa-kra-install: error: A replica file is required. Expected Result: Since the Replica file used to configure Replica contains KRA information, it should not again ask for Replica file at the time of executing command "ipa-kra-install". Additional Information: When the same Replica file used to configure replica server is used along with "ipa-kra-install", then KRA installation is successful.
With replica promotion, a new feature in FreeIPA 4.3, kra installation on domain level 1 doesn't require replica file. On domain level 0 the behavior is not changed. http://www.freeipa.org/page/V4/Replica_Promotion This bug is effectively about domain level 0 - the old method. It is not planned to improve the old method much. Therefore closing the bug.