mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
45b351f8c5
There are currently three sets of CA schema changes applied in ipa-server-upgrade: * addition of ACME schema * addition of certificate profile schema * addition of lightweight CA schema None of these require a restart of the CA to be supported. There is an issue in schema parsing such that it doesn't handle X-ORIGIN properly. A difference is detected and a change applied but no change is recorded in LDAP so every time upgrade is run it thinks a CA restart is needed. The CA is not quick to restart so avoiding one is best, particularly when the update is run as part of an rpm transaction where a user with an itchy finger may think things have hung and break out of it. https://github.com/389ds/389-ds-base/issues/5366 was filed to track this. Related: https://pagure.io/freeipa/issue/9204 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> |
||
---|---|---|
.. | ||
__init__.py | ||
install.py | ||
replicainstall.py | ||
upgrade.py |