Hide Forgot
Fixed upstream: ipa-4-6: cb85342 Add hidden replica feature 016c47f ipatests: Exercise hidden replica feature 7691162 Simplify and improve tests da9f62d Implement server-state --state=enabled/hidden d12cca4 Consider hidden servers as role provider ed00466 Improve config-show to show hidden servers 131c1ab More test fixes bcf70c5 Don't allow to hide last server for a role d8d6799 Synchronize hidden state from IPA master role e40d92f Test replica installation from hidden replica d1eb4c7 Add design draft a0f00e6 Don't fail if config-show does not return servers aa3f60b Unify and simplify LDAP service discovery aba0fce Use api.env.container_masters ec94a68 Consolidate container_masters queries ipa-4-7: ddf8e16 Add hidden replica feature f96f4a1 ipatests: Exercise hidden replica feature 585bc52 Simplify and improve tests f3daa45 Implement server-state --state=enabled/hidden 0bf26c5 Consider hidden servers as role provider de1a075 Improve config-show to show hidden servers 3e2fb21 More test fixes dc2a5ec Don't allow to hide last server for a role 87f9119 Synchronize hidden state from IPA master role 467ceaf Test replica installation from hidden replica 66c961d Add design draft c76620e Don't fail if config-show does not return servers master: 025facb Add hidden replica feature 0770d8a ipatests: Exercise hidden replica feature 99133eb Simplify and improve tests 94b8635 Implement server-state --state=enabled/hidden d810e1f Consider hidden servers as role provider 56d97f9 Improve config-show to show hidden servers f839d3c More test fixes e7e0f19 Don't allow to hide last server for a role 8b1bb21 Synchronize hidden state from IPA master role e04dc9a Test replica installation from hidden replica d727321 Add design draft 713c9b0 Don't fail if config-show does not return servers
Removing RFE. The introduction of this feature happened in RHEL 7.7.
ipa-server-version:ipa-4.8.0-10.module+el8.1.0+4107+4a66eb87 Tested the bug with following scenarios: 1.Verify that Hidden replica can be setup as a direct replica installation: PASS 2.Verify that Hidden replica can be setup using replica promotion: PASS 3.Verify that Replica can be setup from another Replica already configured as Hidden Replica: PASS 4.Verify that Error message is displayed when state of all master is changed to 'hidden'.: PASS 5.Verify that replica can be demoted to be a hidden replica.: PASS 6.Verify that hidden replica can be promoted.: PASS 7.Verify that KRA installation works on replica setup as hidden Replica: PASS 8. Verified that replica state can be changed to hidden after upgrade [root@kvm-04-guest01 ~]# kdestroy -A [root@kvm-04-guest01 ~]# kinit admin Password for admin@TESTRELM.TEST: [root@kvm-04-guest01 ~]# klist Ticket cache: KCM:0 Default principal: admin@TESTRELM.TEST Valid starting Expires Service principal 09/04/2019 10:52:37 09/05/2019 10:52:34 krbtgt/TESTRELM.TEST@TESTRELM.TEST [root@kvm-04-guest01 ~]# ipa server-state `hostname` --state=enabled ipa: ERROR: no modifications to be performed [root@kvm-04-guest01 ~]# ipa server-state `hostname` --state=disabled ipa: ERROR: invalid 'state': must be one of 'enabled', 'hidden' [root@kvm-04-guest01 ~]# ipa server-state `hostname` --state=hidden ------------------------------------------------------- Changed server state of "kvm-04-guest01.testrelm.test". ------------------------------------------------------- [root@kvm-04-guest01 ~]# 9. Verify that Automatic CRL configuration works for hidden REPLICA: PASS [root@vm-idm-025 ~]# ipa config-show | grep "CA renewal master" IPA CA renewal master: vm-idm-010.testrelm.test [root@vm-idm-025 ~]# ipa-crlgen-manage enable Stopping pki-tomcatd Editing /var/lib/pki/pki-tomcat/conf/ca/CS.cfg Starting pki-tomcatd Editing /etc/httpd/conf.d/ipa-pki-proxy.conf Restarting httpd Forcing CRL update CRL generation enabled on the local host. Please make sure to have only a single CRL generation master. The ipa-crlgen-manage command was successful [root@vm-idm-025 ~]# ipa-crlgen-manage status CRL generation: enabled Last CRL update: 2019-09-05 09:56:33 Last CRL Number: 7 The ipa-crlgen-manage command was successful [root@vm-idm-025 ~]# ipa config-show | grep Hidden Hidden IPA masters: vm-idm-025.testrelm.test Hidden IPA CA servers: vm-idm-025.testrelm.test Hidden IPA DNS servers: vm-idm-025.testrelm.test [root@vm-idm-025 ~]# ipa config-show | grep "CA renewal master" IPA CA renewal master: vm-idm-010.testrelm.test 10. Verified that hidden replica can be installed against upgraded server : PASS 11. Verified that UI is accessible for hidden Replica when state is changed from hidden to enable and vice-versa: PASS Thus on the basis of above observations, marking status of bug to 'VERIFIED'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3348
I moved the RN to the Tech Preview section. Unfortunately, our publishing system is currently down. We will republish the RHEL 8.1 RNs as soon as possible.