[Freeipa-devel] [PATCH] 461 Update Dogtag 9 database during replica installation
Martin Kosek
mkosek at redhat.com
Thu Mar 13 14:15:25 UTC 2014
On 03/13/2014 09:09 AM, Martin Kosek wrote:
> When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9
> based master, the PKI database is not updated and miss several ACLs
> which prevent some of the PKI functions, e.g. an ability to create
> other clones.
>
> Add an update file to do the database update. Content is based on
> recommendation from PKI team:
> * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
>
> This update file can be removed when Dogtag database upgrades are done
> in PKI component. Upstream tickets:
> * https://fedorahosted.org/pki/ticket/710 (database upgrade framework)
> * https://fedorahosted.org/pki/ticket/906 (checking database version)
>
> https://fedorahosted.org/freeipa/ticket/4243
I found few issues with the patch:
- New update file was not added to Makefile.am
- PKI was not restarted after LDAP updates so it did not pick up the ACLs and
replica installation will crash anyway. Now the PKI is always restarted at the
end of server/replica installation.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-461-2-update-dogtag-9-database-during-replica-installation.patch
Type: text/x-patch
Size: 5848 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140313/83f24562/attachment.bin>
More information about the Freeipa-devel
mailing list