Bug 1475085 - [RFE] Migration capabilities between non-FIPS IDM to FIPS IDM
[RFE] Migration capabilities between non-FIPS IDM to FIPS IDM
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.4
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: IPA Maintainers
ipa-qe
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-25 21:42 EDT by Chinmay Paradkar
Modified: 2017-09-27 23:30 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chinmay Paradkar 2017-07-25 21:42:59 EDT
Description of problem:

As per the Doc Text for bug https://bugzilla.redhat.com/show_bug.cgi?id=1125174, the text leads mentions that there is no transition from an IPA instance that is not FIPS to a new FIPS enabled environment short of re-installing everything. 

This is unacceptable as customers would have to redo the entire trust domain as the solution. 

Version-Release number of selected component (if applicable):

ipa-4.5.0-1.el7

Additional info:

In the case that this is "the only way" then we may need some really good documentation on how to migrate everything. IPA is woven throughout the entire Red Hat product line and transitioning the various products (RHV, Satellite, etc) to a new trust domain is likely not trivial.
Comment 2 Petr Vobornik 2017-08-04 18:12:54 EDT
Upstream ticket:
https://pagure.io/freeipa/issue/7090

Note You need to log in before you can comment on or make changes to this bug.