freeipa/ipaserver/install/server
Rob Crittenden 45b351f8c5 upgrades: Don't restart the CA on ACME and profile schema change
There are currently three sets of CA schema changes applied
in ipa-server-upgrade:

* addition of ACME schema
* addition of certificate profile schema
* addition of lightweight CA schema

None of these require a restart of the CA to be supported.

There is an issue in schema parsing such that it doesn't handle
X-ORIGIN properly. A difference is detected and a change applied
but no change is recorded in LDAP so every time upgrade is
run it thinks a CA restart is needed. The CA is not quick to
restart so avoiding one is best, particularly when the update is
run as part of an rpm transaction where a user with an itchy finger
may think things have hung and break out of it.

https://github.com/389ds/389-ds-base/issues/5366 was
filed to track this.

Related: https://pagure.io/freeipa/issue/9204

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-08-16 08:51:31 +02:00
..
__init__.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
install.py Installer: add --subid option to select the sssd profile with-subid 2022-05-25 08:11:39 +03:00
replicainstall.py Installer: add --subid option to select the sssd profile with-subid 2022-05-25 08:11:39 +03:00
upgrade.py upgrades: Don't restart the CA on ACME and profile schema change 2022-08-16 08:51:31 +02:00