[Freeipa-devel] [PATCH] 404 Do not add ipa-ca records on CA-less installs
Jan Cholasta
jcholast at redhat.com
Thu May 9 15:44:21 UTC 2013
On 9.5.2013 15:14, Martin Kosek wrote:
> On 05/09/2013 02:39 PM, Petr Viktorin wrote:
>> On 05/09/2013 02:06 PM, Martin Kosek wrote:
>>> This should get to 3.2 GA.
>>>
>>> --
>>> ipa-dns-install crashed when it was run on a CA-less server.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3617
>>>
>>
>> This solves the issue, ACK
>>
>
> Thanks. Pushed to master.
>
> Martin
>
Sorry for this, but NACK. With this patch ipa-ca records are not created
for existing masters unless ipa-dns-install is run on a replica which
has CA configured. You should instead put the ldap.get_entries() call in
a try/except block and ignore the NotFound exception which causes the crash.
You can test it by installing IPA without --setup-dns and without
--external-ca on server1 and then installing a replica with --setup-dns
and without --setup-ca on server2. After this, ipa-ca record for server1
should be created.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list