[Freeipa-devel] [freeipa PR#788][opened] ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname
flo-renaud
freeipa-github-notification at redhat.com
Tue May 16 07:29:31 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/788
Author: flo-renaud
Title: #788: ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname
Action: opened
PR body:
"""
During ipa-kra-install, the installer prepares a configuration file
provided to pkispawn. This configuration file defines
pki_security_domain_hostname=(first master)
but when we are installing a clone, it should be set to the local hostname
instead, see man page pki_default.cfg:
pki_security_domain_hostname, pki_security_domain_https_port
Location of the security domain. Required for KRA, OCSP, TKS,
and TPS subsystems and for CA subsystems joining a security
domain. Defaults to the location of the CA subsystem within the
same instance.
When pki_security_domain_hostname points to the 1st master, and this first
master is decommissioned, ipa-kra-install fails on new replicas because pkispawn
tries to connect to this (non-existing) host.
https://pagure.io/freeipa/issue/6895
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/788/head:pr788
git checkout pr788
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-788.patch
Type: text/x-diff
Size: 1907 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170516/5f86a8ed/attachment.bin>
More information about the Freeipa-devel
mailing list