Assume you've installed ipa 2.0.x and you upgrade to 2.1.1. The 2.1.1 code added the new ajp proxy. Will your existing install still work? Should we add this new configuration?
We should add the new configuration. Dogtag still listen to the othe rports so if other replicas or tools are still using them and you had them previously working it should still work w/o issues.
Confirmed that 2.1.1 won't install as a replica to 2.1.0 because of ports. ipa-conncheck doesn't start listeners on the replica side (2.1.1) but when it is run on the master side (2.1.0) it still tries to contact 944*.
Filed this BZ to get a script from the dogtag team to update an existing instance to use the ajp proxying.
https://bugzilla.redhat.com/show_bug.cgi?id=737179
Better handling of ipa-pki-proxy.conf freeipa-rcrit-868-proxy.patch
Better handling of ipa-pki-proxy.conf:
master: 4fd2096[[BR]] ipa-2-1: 2c013a2
The rest of the work is in ticket #1889
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.