mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
802e54dd0e
When the --server option is provided to ipa-replica-install (1-step install), make sure that the server offers all the required roles (CA, KRA). If it's not the case, refuse the installation. Note that the --server option is ignored when promoting from client to replica (2-step install with ipa-client-install and ipa-replica-install), meaning that the existing behavior is not changed in this use case: by default the host specified in default.conf as server is used for enrollment, but if it does not provide a required role, another host can be picked for CA or KRA setup. Fixes: https://pagure.io/freeipa/issue/7566 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>