IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-27 00:26:33 -06:00
Code Issues Packages Projects Releases Wiki Activity
c0fd5e39c7
freeipa/ipaserver/install
History
Florence Blanc-Renaud c0fd5e39c7 replica install: set the same master as preferred source for domain and CA 
During ipa-replica-install, the installer creates a ReplicaConfig
object that contains a config.ca_host_name attribute, built from
api.env.ca_host.
This attribute is used as preferred source when asking the DNS for a CA
master from which to initialize the CA instance
(see commit 8decef33 for master selection and preferred host).

In most of the cases, /etc/ipa/default.conf does not contain any
definition for ca_host. In this case, api.env.ca_host is set to
the local hostname.
As a consequence, replica install is trying to use the local host
as preferred source (which does not have any CA yet), and the method
to find the CA source randomly picks the CA in the DNS.

With the fix, the master picked for domain replication is also used as
preferred source for CA/KRA.

Fixes: https://pagure.io/freeipa/issue/7744
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-12-19 14:19:46 +01:00
..
plugins ipa upgrade: handle double-encoded certificates 2018-11-30 11:05:17 +01:00
server replica install: set the same master as preferred source for domain and CA 2018-12-19 14:19:46 +01:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py ipaserver.install.adtrust: fix CID 323644 2018-11-07 16:37:18 +01:00
adtrustinstance.py pylint 2.2: Fix unnecessary pass statement 2018-11-26 16:54:43 +01:00
bindinstance.py Fix zonemgr encoding issue 2018-10-05 09:04:15 -04:00
ca.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
cainstance.py Create reindex task for ipaca DB 2018-12-13 17:04:00 +01:00
certs.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py Fix raising-format-tuple 2018-11-13 13:37:58 +01:00
dns.py Fix zonemgr encoding issue 2018-10-05 09:04:15 -04:00
dnskeysyncinstance.py Delay enabling services until end of installer 2018-07-06 13:26:43 +02:00
dogtag.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
dogtaginstance.py Create reindex task for ipaca DB 2018-12-13 17:04:00 +01:00
dsinstance.py DS install: don't fail if SSL already configured 2018-11-13 12:07:27 +01:00
httpinstance.py Replace nss.conf with zero-length file instead of removing 2018-12-14 09:15:42 +01:00
installutils.py Print correct subject on CA cert verification failure 2018-11-13 14:19:18 +01:00
ipa_backup.py ipa-backup: restart services before compressing the backup 2018-10-26 17:21:07 +02:00
ipa_cacert_manage.py Add support for multiple certificates/formats to ipa-cacert-manage 2018-11-13 10:44:14 +01:00
ipa_kra_install.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
ipa_ldap_updater.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py Replace nss.conf with zero-length file instead of removing 2018-12-14 09:15:42 +01:00
ipa_server_certinstall.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
kra.py Remove DL0 specific code from kra in ipaserver/install 2018-09-12 13:11:21 +02:00
krainstance.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
krbinstance.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ldapupdate.py Create reindex task for ipaca DB 2018-12-13 17:04:00 +01:00
odsexporterinstance.py Delay enabling services until end of installer 2018-07-06 13:26:43 +02:00
opendnssecinstance.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py replication: check remote ds version before editing attributes 2018-12-13 20:29:41 +01:00
schemaupdate.py logging: do not use ipa_log_manager to create module-level loggers 2017-07-14 15:55:59 +02:00
service.py Unify and simplify LDAP service discovery 2018-11-21 08:57:08 +01:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Re-open the ldif file to prevent error message 2018-08-16 12:45:00 +02:00