rpms/ipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity
02ac1c9481
ipa/0006-Upgrade-add-PKI-drop-in-file-if-missing.patch
Florence Blanc-Renaud 466d149b0e ipa-4.10.2-2 
- Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
- Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA)
- Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start
- Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin
- Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests
- Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2023-06-29 10:40:49 +02:00

39 lines
1.6 KiB
Diff
Raw Blame History

From f25003a730c0e28c22fae5fce607df734b55525c Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mon, 19 Jun 2023 19:01:25 +0200
Subject: [PATCH] Upgrade: add PKI drop-in file if missing
During the installation of IPA server, the installer adds a drop-in
file in /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf
that ensures the CA is reachable before the start command returns.
If the file is missing (for instance because the server was installed
with an old version before this drop-in was created), the upgrade
should add the file.
Fixes: https://pagure.io/freeipa/issue/9381
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
ipaserver/install/server/upgrade.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index f8701c8a0d43c7c1c1090e8576976b1c370b0104..8f3d57353605f28103c69cb0a34bf1c16fc4ae19 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1742,6 +1742,10 @@ def upgrade_configuration():
os.path.join(paths.USR_SHARE_IPA_DIR,
"ipa-kdc-proxy.conf.template"))
if ca.is_configured():
+ # Ensure that the drop-in file is present
+ if not os.path.isfile(paths.SYSTEMD_PKI_TOMCAT_IPA_CONF):
+ ca.add_ipa_wait()
+
# Handle upgrade of AJP connector configuration
rewrite = ca.secure_ajp_connector()
if ca.ajp_secret:
--
2.41.0
Reference in New Issue View Git Blame Copy Permalink