[Freeipa-devel] [PATCH] 461 Update Dogtag 9 database during replica installation
Martin Kosek
mkosek at redhat.com
Thu Mar 13 15:40:23 UTC 2014
On 03/13/2014 03:15 PM, Martin Kosek wrote:
> On 03/13/2014 09:09 AM, Martin Kosek wrote:
>> When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9
>> based master, the PKI database is not updated and miss several ACLs
>> which prevent some of the PKI functions, e.g. an ability to create
>> other clones.
>>
>> Add an update file to do the database update. Content is based on
>> recommendation from PKI team:
>> * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
>>
>> This update file can be removed when Dogtag database upgrades are done
>> in PKI component. Upstream tickets:
>> * https://fedorahosted.org/pki/ticket/710 (database upgrade framework)
>> * https://fedorahosted.org/pki/ticket/906 (checking database version)
>>
>> https://fedorahosted.org/freeipa/ticket/4243
>
> I found few issues with the patch:
> - New update file was not added to Makefile.am
> - PKI was not restarted after LDAP updates so it did not pick up the ACLs and
> replica installation will crash anyway. Now the PKI is always restarted at the
> end of server/replica installation.
>
> Martin
FYI - I was just confirmed that this patch finally fixed the issue even in
automatized environment (beaker).
Martin
More information about the Freeipa-devel
mailing list