-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect if KRA is installed and not the CA renewal master #125
Comments
Removing cluster flag. We can determine this based on the server roles and whether the renewal server has a KRA or not. |
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Mar 30, 2023
If there are KRAs in the topology and there isn't one on the renewal server then the KRA certificates will not be renewed because they expect another server to do it for them. Fixes: freeipa#125 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Mar 30, 2023
If there are KRAs in the topology and there isn't one on the renewal server then the KRA certificates will not be renewed because they expect another server to do it for them. Fixes: freeipa#125 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Mar 30, 2023
If there are KRAs in the topology and there isn't one on the renewal server then the KRA certificates will not be renewed because they expect another server to do it for them. Fixes: freeipa#125 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Apr 6, 2023
If there are KRAs in the topology and there isn't one on the renewal server then the KRA certificates will not be renewed because they expect another server to do it for them. Fixes: freeipa#125 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
that referenced
this issue
Apr 7, 2023
If there are KRAs in the topology and there isn't one on the renewal server then the KRA certificates will not be renewed because they expect another server to do it for them. Fixes: #125 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Perhaps for cluster checking.
It's possible inside a cluster to have the renewal master not have the KRA role installed which means those certificates will never be renewed. Detect this condition and ERROR on it.
The text was updated successfully, but these errors were encountered: