RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 837369 - [RFE] Switch to client promotion to replica model
Summary: [RFE] Switch to client promotion to replica model
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: ---
Assignee: Martin Kosek
QA Contact: Namita Soman
Aneta Šteflová Petrová
URL:
Whiteboard:
: 1298845 (view as bug list)
Depends On:
Blocks: 1199516 1292074 1296125 1313485 1351220
TreeView+ depends on / blocked
 
Reported: 2012-07-03 16:00 UTC by Dmitri Pal
Modified: 2016-11-04 05:43 UTC (History)
8 users (show)

Fixed In Version: ipa-4.4.0-1.el7
Doc Type: Release Note
Doc Text:
Simplified replica installation Installing a replica no longer requires you to log in to the initial server, use the Directory Manager (DM) credentials, and copy the replica information file from the initial server to the replica. For example, this allows for easier provisioning using an external infrastructure management system, while retaining a reasonable level of security. In addition, the "ipa-replica-install" utility can now also promote an existing client to a replica. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#install-replica Note that the new functionality requires raising the domain level to `1`. See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#domain-level
Clone Of:
: 1351220 (view as bug list)
Environment:
Last Closed: 2016-11-04 05:43:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
tkt_5455.log (27.41 KB, text/plain)
2016-08-12 08:14 UTC, Abhijeet Kasurde 		no flags Details
tkt_5966.log (2.30 KB, text/plain)
2016-08-12 08:25 UTC, Abhijeet Kasurde 		no flags Details
tkt_2888.log (8.88 KB, text/plain)
2016-08-12 08:50 UTC, Abhijeet Kasurde 		no flags Details
tkt_5976.log (7.02 KB, text/plain)
2016-08-12 09:21 UTC, Abhijeet Kasurde 		no flags Details
tkt_5983.log (17.05 KB, text/plain)
2016-08-16 08:30 UTC, Abhijeet Kasurde 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Dmitri Pal 2012-07-03 16:00:55 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2888

Current replica creation model calls for creation of a package on the existing replica and then delivering it to the new replica host being installed. A more robust approach that would allow easier migration between different versions is to have the following model.

Install a client on a future replica machine.
Join in to the domain
Install server bits using yum install
Run a command to promote the client to replica. As result of this command the client would connect to the existing master and pull in the data it needs rather than having a replica package being manually pre-created and delivered.

The benefit is that the replica being installed would be able to get the data it needs in the format in needs. It would reduce the need to deal with the cases when the master is versions 2.x and the replica is version 3.1.x.

Until this is implemented it makes sense to defer the support of the mixed domains between the versions. 

Might be a problem for Fedora though...
Comment 2 Martin Kosek 2015-07-07 07:51:09 UTC 
Replica Promotion and Topology features were postponed in the upstream project, to FreeIPA 4.3 which should closely follow FreeIPA 4.2 release.

See the reasoning and details in:
http://www.redhat.com/archives/freeipa-devel/2015-July/msg00092.html
Comment 3 Martin Bašti 2015-10-22 11:57:20 UTC 
Fixed upstream
master:
9e007edbd902a5395797ca0ca9a698033540d755 Remove unused kra option
6a0087aea176d1e1154b359fa262066896d663e3 Add low level helper to get domain level
42e859daa78396321d25e95107eabf35d46cdd91 Make checks for existing credentials reusable
2606f5aecd6ac0db31abb515b691529bb7eaf14e Allow to setup the CA when promoting a replica
102651b10afa144384db53b45fb558747a092d6d prevent operation on tombstones
fcb9854dcb047018a1904c7e6db655af0596e3ae handle multiple managed suffixes
80e11d24696c30ee311bd019ed39df8fc0f908a2 topology plugin configuration workaround
834b5fd513d799bb9fe2cbc29417ff8ec7357033 enable topology plugin on upgrade
fff31ca220311421f1ac8cef0888aaa892e97584 topology: manage ca replication agreements
86240938b58cd9bf85a96d34c39b55f6d59a36b8 Add function to extract CA certs for install
5761f73e2598dc404a3b51c6810e3dd250d2ba11 Allow ipa-replica-conncheck to use default creds
f7d1e4f9a21b0f3e63bd3bcd4a17acf749e0b208 Change DNS installer code to use passed in api
d03619fff3a1eb7d21c2ba21f8867ae8018779b8 Implement replica promotion functionality
2cd0d20a2a454369488b77e841a9cce643b26d34 Require a DS version that has working DNA plugin
463dda30679da9ac5eea5683984002989965e2a5 Add ipa-custodia service
98bf90e4cecb38fc72a0b598a6e6a50fee284f31 fix dsinstance.py:get_domain_level function
958996b9cc55b6e9ecdc23981e79599ec6826b4c Allow ipa-ca-install to use the new promotion code
Comment 4 Martin Bašti 2015-10-22 15:57:35 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/bc39cc9f813c35ba603b45c7dc5e9c5ba2be5743
Comment 5 Petr Vobornik 2015-11-05 16:43:21 UTC 
Referencing https://fedorahosted.org/freeipa/ticket/5424 as a possible test case which is not strictly related to the promotion process itself.
Comment 6 Petr Vobornik 2015-11-23 17:43:12 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5455
Comment 7 Martin Bašti 2015-11-27 15:21:40 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/fa2fbc680aea8f9cb43238ae0103e5030324f3f6
https://fedorahosted.org/freeipa/changeset/dcaf57271c91f75733e42048683a04bde4ea9b2a
https://fedorahosted.org/freeipa/changeset/ab8cba61c08571e4cbce1246bcbf820d3e337506
Comment 8 Petr Vobornik 2016-02-02 13:13:33 UTC 
Has been implemented upstream, see comments above.
Comment 9 Petr Vobornik 2016-02-19 12:40:28 UTC 
*** Bug 1298845 has been marked as a duplicate of this bug. ***
Comment 10 Petr Vobornik 2016-03-11 14:04:14 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5721
Comment 11 Mike McCune 2016-03-28 23:07:19 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 13 Martin Kosek 2016-06-10 12:55:20 UTC 
Ticket 5721 was closed as duplicate, adding ticket 5604.
Comment 14 Petr Vobornik 2016-06-22 16:36:14 UTC 
Core is implemented, but some regressions/issues we found, moving to assigned.
Comment 15 Petr Vobornik 2016-06-22 16:37:12 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5966
Comment 16 Petr Vobornik 2016-06-22 16:44:37 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5976
Comment 17 Martin Bašti 2016-06-28 12:16:47 UTC 
master:
https://fedorahosted.org/freeipa/changeset/8b12ef50e1c016a5a025cf2a69271f769b585a03
ipa-4-3:
https://fedorahosted.org/freeipa/changeset/3d71c43504ea7837ea14bb9dd4a469c07337293f
Comment 18 Petr Vobornik 2016-06-29 10:48:00 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/837369
Comment 19 Petr Vobornik 2016-06-29 10:49:24 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5983
Comment 20 Jan Cholasta 2016-06-30 09:52:04 UTC 
Ticket 5983 fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/99339bf7892fcc1201e06e6a8105b0bb4681c4f4
Comment 21 Martin Bašti 2016-06-30 11:20:11 UTC 
master:
https://fedorahosted.org/freeipa/changeset/a155f692e7ad7807a5ea28250d1e72b3e821991e
Comment 22 Martin Bašti 2016-07-01 13:09:41 UTC 
ipa-4-3:
https://fedorahosted.org/freeipa/changeset/4edd39fb05dfd92924fc7f0c37fee3d269edf298
Comment 23 Martin Bašti 2016-07-01 13:15:16 UTC 
This is not related to upstream ticket 5604
Comment 26 Abhijeet Kasurde 2016-08-12 08:14:55 UTC 
Created attachment 1190297 [details]
tkt_5455.log
Comment 27 Abhijeet Kasurde 2016-08-12 08:25:15 UTC 
Created attachment 1190299 [details]
tkt_5966.log
Comment 28 Abhijeet Kasurde 2016-08-12 08:50:06 UTC 
Created attachment 1190304 [details]
tkt_2888.log
Comment 29 Abhijeet Kasurde 2016-08-12 09:21:41 UTC 
Created attachment 1190322 [details]
tkt_5976.log
Comment 31 Abhijeet Kasurde 2016-08-16 08:30:34 UTC 
Created attachment 1191150 [details]
tkt_5983.log
Comment 32 Abhijeet Kasurde 2016-08-16 08:32:37 UTC 
Verified using IPA version ::

ipa-server-4.4.0-7.el7.x86_64


Marking RFE bz as verified. See attachments for respective tkts.
Comment 34 errata-xmlrpc 2016-11-04 05:43:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html
Note You need to log in before you can comment on or make changes to this bug.