Issue #3051: Moving CRL Generation from the Master (Original) Server to Another Replica - freeipa

freeipa

#3051 Moving CRL Generation from the Master (Original) Server to Another Replica

Closed: Fixed None Opened 11 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=852618 (Red Hat Enterprise Linux 6)

Description of problem:
A customer would like to migrate the CRL generation from the original server to
a replica, the document talks about changing 6 configuration options:
- ca.certStatusUpdateInterval
- ca.listenToCloneModifications
- ca.crl.IssuingPointId.enableCRLCache
- ca.crl.IssuingPointId.enableCRLUpdates
- master.ca.agent.host
- master.ca.agent.port

However, these settings are not as expected on either the master or replica:
ca.certStatusUpdateInterval - is not present on either IPA server
ca.listenToCloneModifications - is not present on either IPA server
ca.crl.IssuingPointId.enableCRLCache - is already true on both IPA
servers
ca.crl.IssuingPointId.enableCRLUpdates - is already true on both IPA
servers
master.ca.agent.host - is not present on either IPA server
master.ca.agent.port - is not present on either IPA server

There are also a number of other differences between the CS.cfg files on the
master and replica - the customer wants to know if any of the settings that are
different on the the replica should be changed to that on the master. I have
attached the CS.diff file for this, as provided by the customer.


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-16.el6.x86_64 on RHEL6.3


How reproducible:
Always


Steps to Reproduce:
1. Setup up a RHEL6.3 server from scratch.
2. ipa-server-install --setup-dns
3. create replica info file for replica
4. on replica: ipa-replica-install --setup-dns --setup-ca
replica-info-rhel63-ipa2.example.com.gpg  --forwarder 192.168.122.1
5. Attempt to migrate the CRL generation functionality to the replica, by
following section 17.8 of the identity management guide:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/
Identity_Management_Guide/promoting-replica.html


Actual results:
See issue description.


Expected results:
What are the changes that need to be done to migrate CRL generation
functionality from master to replica?


Additional info:
This is a strategic customer (Australian department of defence), and the issue
is high priority. Please update as soon as possible.

rcritten commented 11 years ago

master: 392097f

ipa-3-0: 755f1d7

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.0 GA

7 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 3.0 GA

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=852618

tester

None

changelog

None

design

None

freeipa

Source Code

#3051 Moving CRL Generation from the Master (Original) Server to Another Replica Closed: Fixed None Opened 11 years ago by dpal.

Metadata

#3051 Moving CRL Generation from the Master (Original) Server to Another Replica

Closed: Fixed None Opened 11 years ago by dpal.