[Freeipa-devel] [PATCHES 509-514] replica promotion: use host credentials when setting up replication

Jan Cholasta jcholast at redhat.com
Thu Dec 10 06:57:24 UTC 2015 

On 9.12.2015 16:39, Jan Cholasta wrote:
> On 7.12.2015 08:14, Jan Cholasta wrote:
>> On 6.12.2015 21:32, Martin Basti wrote:
>>>
>>>
>>> On 04.12.2015 16:58, Simo Sorce wrote:
>>>> On Fri, 2015-12-04 at 15:39 +0100, Jan Cholasta wrote:
>>>>> On 4.12.2015 15:16, Jan Cholasta wrote:
>>>>>> On 4.12.2015 15:12, Jan Cholasta wrote:
>>>>>>> On 4.12.2015 11:15, Petr Vobornik wrote:
>>>>>>>> On 12/03/2015 03:11 PM, Martin Basti wrote:
>>>>>>>>>
>>>>>>>>> On 01.12.2015 12:19, Jan Cholasta wrote:
>>>>>>>>>> On 23.11.2015 15:47, Simo Sorce wrote:
>>>>>>>>>>> On Mon, 2015-11-23 at 15:37 +0100, Jan Cholasta wrote:
>>>>>>>>>>>> Ad alternative is to add the host to ipaservers before the
>>>>>>>>>>>> checks
>>>>>>>>>>>> are
>>>>>>>>>>>> done and remove it again if any of them fail.
>>>>>>>>>>> Too error prone, I am ok with the current way in your patches
>>>>>>>>>>> until/unless I can think of a fail safe way. :-)
>>>>>>>>>> Updated patches attached. Note that 520 should be applied
>>>>>>>>>> between 509
>>>>>>>>>> and 510.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> Functional ACK
>>>>>>>>>
>>>>>>>> Simo, do you want to review the ACIs or other things it the
>>>>>>>> patches? Or
>>>>>>>> can the patches be pushed?
>>>>>>> There were no changes in the ACIs since last time.
>>>>>> Actually, memberPrincipal was removed from the "IPA server hosts can
>>>>>> manage own Custodia secrets" ACI, as per Simo's request.
>>>>>>
>>>>>>> Rebased patches attached.
>>>>> Note that 520 should still be applied between 509 and 510.
>>>>>
>>>> LGTM
>>>>
>>> ACK
>>
>> Thanks.
>>
>> Pushed to master: 01ddf51df76f3298499973355c5461727e46ab5b
>
> Martin Babinsky found out that ipaservers is not created early enough
> when installing a replica of a 4.2 or older server which causes a crash.
>
> The attached patch fixes that.

Actually I don't like how I fixed that, here's an updated patch.

Also, I noticed that replica promotion fails too late in domain level 0. 
Fixed as well.

-- 
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-527.1-replica-install-add-ipaservers-if-it-does-not-exist.patch
Type: text/x-patch
Size: 1678 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151210/20337eee/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-528-replica-promotion-check-domain-level-before-ipaserve.patch
Type: text/x-patch
Size: 2474 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151210/20337eee/attachment-0001.bin>

More information about the Freeipa-devel mailing list