https://bugzilla.redhat.com/show_bug.cgi?id=852618 (Red Hat Enterprise Linux 6)
Description of problem: A customer would like to migrate the CRL generation from the original server to a replica, the document talks about changing 6 configuration options: - ca.certStatusUpdateInterval - ca.listenToCloneModifications - ca.crl.IssuingPointId.enableCRLCache - ca.crl.IssuingPointId.enableCRLUpdates - master.ca.agent.host - master.ca.agent.port However, these settings are not as expected on either the master or replica: ca.certStatusUpdateInterval - is not present on either IPA server ca.listenToCloneModifications - is not present on either IPA server ca.crl.IssuingPointId.enableCRLCache - is already true on both IPA servers ca.crl.IssuingPointId.enableCRLUpdates - is already true on both IPA servers master.ca.agent.host - is not present on either IPA server master.ca.agent.port - is not present on either IPA server There are also a number of other differences between the CS.cfg files on the master and replica - the customer wants to know if any of the settings that are different on the the replica should be changed to that on the master. I have attached the CS.diff file for this, as provided by the customer. Version-Release number of selected component (if applicable): ipa-server-2.2.0-16.el6.x86_64 on RHEL6.3 How reproducible: Always Steps to Reproduce: 1. Setup up a RHEL6.3 server from scratch. 2. ipa-server-install --setup-dns 3. create replica info file for replica 4. on replica: ipa-replica-install --setup-dns --setup-ca replica-info-rhel63-ipa2.example.com.gpg --forwarder 192.168.122.1 5. Attempt to migrate the CRL generation functionality to the replica, by following section 17.8 of the identity management guide: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/ Identity_Management_Guide/promoting-replica.html Actual results: See issue description. Expected results: What are the changes that need to be done to migrate CRL generation functionality from master to replica? Additional info: This is a strategic customer (Australian department of defence), and the issue is high priority. Please update as soon as possible.
master: 392097f
ipa-3-0: 755f1d7
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 GA
Login to comment on this ticket.