Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname #788

Closed
wants to merge 1 commit into from
Closed

ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname #788

wants to merge 1 commit into from

Conversation

flo-renaud
Copy link
Contributor

@flo-renaud flo-renaud commented May 16, 2017
edited by MartinBasti

During ipa-kra-install, the installer prepares a configuration file
provided to pkispawn. This configuration file defines
pki_security_domain_hostname=(first master)

but when we are installing a clone, it should be set to the local hostname
instead, see man page pki_default.cfg:
pki_security_domain_hostname, pki_security_domain_https_port
Location of the security domain. Required for KRA, OCSP, TKS,
and TPS subsystems and for CA subsystems joining a security
domain. Defaults to the location of the CA subsystem within the
same instance.

When pki_security_domain_hostname points to the 1st master, and this first
master is decommissioned, ipa-kra-install fails on new replicas because pkispawn
tries to connect to this (non-existing) host.

https://pagure.io/freeipa/issue/6895

@flo-renaud
ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname
4a3f1cb 
During ipa-kra-install, the installer prepares a configuration file
provided to pkispawn. This configuration file defines
pki_security_domain_hostname=(first master)

but when we are installing a clone, it should be set to the local hostname
instead, see man page pki_default.cfg:
      pki_security_domain_hostname, pki_security_domain_https_port
              Location  of  the security domain.  Required for KRA, OCSP, TKS,
              and TPS subsystems and for  CA  subsystems  joining  a  security
              domain.  Defaults to the location of the CA subsystem within the
              same instance.

When pki_security_domain_hostname points to the 1st master, and this first
master is decommissioned, ipa-kra-install fails on new replicas because pkispawn
tries to connect to this (non-existing) host.

https://pagure.io/freeipa/issue/6895
@stlaz
Copy link
Contributor

stlaz commented May 16, 2017

Works for me, thanks for the patch! 🙂

@stlaz stlaz added the ack Pull Request approved, can be merged label May 16, 2017
@MartinBasti MartinBasti added ack Pull Request approved, can be merged and removed ack Pull Request approved, can be merged labels May 16, 2017
@MartinBasti
Copy link
Contributor

master:

  • c26038d ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname

ipa-4-5:

  • 592cdf0 ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label May 18, 2017
@flo-renaud flo-renaud deleted the t6895 branch May 18, 2017 15:06
@flo-renaud flo-renaud mentioned this pull request Oct 10, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@flo-renaud @stlaz @MartinBasti