Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect if KRA is installed and not the CA renewal master #125

Closed
rcritten opened this issue May 1, 2020 · 1 comment · Fixed by #290
Closed

Detect if KRA is installed and not the CA renewal master #125

rcritten opened this issue May 1, 2020 · 1 comment · Fixed by #290
Assignees
@rcritten

Comments

@rcritten
Copy link
Collaborator

rcritten commented May 1, 2020

Perhaps for cluster checking.

It's possible inside a cluster to have the renewal master not have the KRA role installed which means those certificates will never be renewed. Detect this condition and ERROR on it.
@rcritten rcritten added the cluster related to cluster checking label Jun 24, 2020
@rcritten rcritten removed the cluster related to cluster checking label Mar 30, 2023
@rcritten
Copy link
Collaborator Author

Removing cluster flag. We can determine this based on the server roles and whether the renewal server has a KRA or not.

@rcritten rcritten self-assigned this Mar 30, 2023
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Mar 30, 2023
@rcritten
If there are KRAs, ensure the renewal server is one
091b72c 
If there are KRAs in the topology and there isn't one on
the renewal server then the KRA certificates will not be
renewed because they expect another server to do it for them.

Fixes: freeipa#125

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
@rcritten rcritten mentioned this issue Mar 30, 2023
Merged
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Mar 30, 2023
@rcritten
If there are KRAs, ensure the renewal server is one
ba79783 
If there are KRAs in the topology and there isn't one on
the renewal server then the KRA certificates will not be
renewed because they expect another server to do it for them.

Fixes: freeipa#125

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Mar 30, 2023
@rcritten
If there are KRAs, ensure the renewal server is one
6724bf0 
If there are KRAs in the topology and there isn't one on
the renewal server then the KRA certificates will not be
renewed because they expect another server to do it for them.

Fixes: freeipa#125

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Apr 6, 2023
@rcritten
If there are KRAs, ensure the renewal server is one
f9ac2f4 
If there are KRAs in the topology and there isn't one on
the renewal server then the KRA certificates will not be
renewed because they expect another server to do it for them.

Fixes: freeipa#125

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten added a commit that referenced this issue Apr 7, 2023
@rcritten
If there are KRAs, ensure the renewal server is one
4185976 
If there are KRAs in the topology and there isn't one on
the renewal server then the KRA certificates will not be
renewed because they expect another server to do it for them.

Fixes: #125

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rcritten rcritten

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

If there are KRAs, ensure the renewal server is one rcritten/freeipa-healthcheck
1 participant
@rcritten