Issue #3262: Replication agreement tools report errors with new single instance CA database - freeipa

freeipa

#3262 Replication agreement tools report errors with new single instance CA database

Closed: Fixed None Opened 11 years ago by mkosek.

ipa-replica-manage and ipa-csreplica-manage in older versions (3.0 and older) do not recognize CA agreements in IPA master of version 3.1+ with single CA instance database.

Examples:

[root@vm-044 ~]# ipa-replica-manage force-sync --from vm-104.idm.lab.bos.redhat.com
ipa: ERROR: Found multiple agreements for vm-044.idm.lab.bos.redhat.com
ipa: ERROR: Using the first one only (cn=meTovm-044.idm.lab.bos.redhat.com,cn=replica,cn=dc\3Didm\2Cdc\3Dlab\2Cdc\3Dbos\2Cdc\3Dredhat\2Cdc\3Dcom,cn=mapping tree,cn=config)
ipa: INFO: Setting agreement cn=meTovm-044.idm.lab.bos.redhat.com,cn=replica,cn=dc\3Didm\2Cdc\3Dlab\2Cdc\3Dbos\2Cdc\3Dredhat\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTovm-044.idm.lab.bos.redhat.com,cn=replica,cn=dc\3Didm\2Cdc\3Dlab\2Cdc\3Dbos\2Cdc\3Dredhat\2Cdc\3Dcom,cn=mapping tree,cn=config

[root@vm-044 ~]# ipa-replica-manage re-initialize --from vm-104.idm.lab.bos.redhat.com
ipa: ERROR: Found multiple agreements for vm-044.idm.lab.bos.redhat.com
ipa: ERROR: Using the first one only (cn=meTovm-044.idm.lab.bos.redhat.com,cn=replica,cn=dc\3Didm\2Cdc\3Dlab\2Cdc\3Dbos\2Cdc\3Dredhat\2Cdc\3Dcom,cn=mapping tree,cn=config)
ipa: INFO: Setting agreement cn=meTovm-044.idm.lab.bos.redhat.com,cn=replica,cn=dc\3Didm\2Cdc\3Dlab\2Cdc\3Dbos\2Cdc\3Dredhat\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTovm-044.idm.lab.bos.redhat.com,cn=replica,cn=dc\3Didm\2Cdc\3Dlab\2Cdc\3Dbos\2Cdc\3Dredhat\2Cdc\3Dcom,cn=mapping tree,cn=config

[root@vm-044 ~]# ipa-replica-manage list vm-104.idm.lab.bos.redhat.com
vm-044.idm.lab.bos.redhat.com: replica
vm-055.idm.lab.bos.redhat.com: replica
vm-044.idm.lab.bos.redhat.com: replica

We should fix at least IPA 2.2 and IPA 3.0 to be compatible with the new CA agreements and do not mix CA and IPA agreements together.

dpal commented 11 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=878491

mkosek commented 11 years ago

attachment
freeipa-mkosek-337-filter-suffix-in-replication-management-tools.patch

mkosek commented 11 years ago

Patch freeipa-mkosek-337-filter-suffix-in-replication-management-tools.patch sent for review

mkosek commented 11 years ago

ipa-2-2: 18b873c[[BR]]
ipa-3-0: 83d2822

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.0.2

7 years ago

Metadata

Assignee

mkosek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0.2

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=878491

tester

None

changelog

None

design

None

freeipa

Source Code

#3262 Replication agreement tools report errors with new single instance CA database Closed: Fixed None Opened 11 years ago by mkosek.

Metadata

#3262 Replication agreement tools report errors with new single instance CA database

Closed: Fixed None Opened 11 years ago by mkosek.