mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 00:20:04 -06:00
Do not configure PKI ajp redirection to use "::1"
When ipa-server-install configures PKI, it provides a configuration file with the parameter pki_ajp_host set to ::1. This parameter is used to configure Tomcat redirection in /etc/pki/pki-tomcat/server.xml: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="::1" /> ie all requests to port 8009 are redirected to port 8443 on address ::1. If the /etc/hosts config file does not define ::1 for localhost, then AJP redirection fails and replica install is not able to request a certificate for the replica. Since PKI has been fixed (see PKI ticket 2570) to configure by default the AJP redirection with "localhost", FreeIPA does not need any more to override this setting. The code now depends on pki 10.3.5-11 which provides the fix in the template and the upgrade. https://fedorahosted.org/freeipa/ticket/6575 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
parent
74020d07db
commit
4a30e9d534
@ -161,8 +161,8 @@ Requires(post): systemd-units
|
||||
Requires: selinux-policy >= %{selinux_policy_version}
|
||||
Requires(post): selinux-policy-base >= %{selinux_policy_version}
|
||||
Requires: slapi-nis >= %{slapi_nis_version}
|
||||
Requires: pki-ca >= 10.3.5-6
|
||||
Requires: pki-kra >= 10.3.5-6
|
||||
Requires: pki-ca >= 10.3.5-11
|
||||
Requires: pki-kra >= 10.3.5-11
|
||||
Requires(preun): python systemd-units
|
||||
Requires(postun): python systemd-units
|
||||
Requires: zip
|
||||
|
@ -578,10 +578,6 @@ class CAInstance(DogtagInstance):
|
||||
config.set("CA", "pki_external_ca_cert_chain_path", cert_chain_file.name)
|
||||
config.set("CA", "pki_external_step_two", "True")
|
||||
|
||||
# PKI IPv6 Configuration
|
||||
config.add_section("Tomcat")
|
||||
config.set("Tomcat", "pki_ajp_host", "::1")
|
||||
|
||||
# Generate configuration file
|
||||
with open(cfg_file, "wb") as f:
|
||||
config.write(f)
|
||||
|
Loading…
Reference in New Issue
Block a user