rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/1012-Do-not-configure-PKI-ajp-redirection-to-use-1.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   ff14fa5fa773ff952717b3f34c10385bc54aab66
  2.   SOURCES
  3.   1012-Do-not-configure-PKI-ajp-redirection-to-use-1.patch
Blob History Raw
ff14fa 
From 1de12ed5ec503708454e76227d646e4bd63802f7 Mon Sep 17 00:00:00 2001
ff14fa 
From: Florence Blanc-Renaud <flo@redhat.com>
ff14fa 
Date: Thu, 12 Jan 2017 18:17:15 +0100
ff14fa 
Subject: [PATCH] Do not configure PKI ajp redirection to use "::1"
ff14fa
ff14fa 
When ipa-server-install configures PKI, it provides a configuration file
ff14fa 
with the parameter pki_ajp_host set to ::1. This parameter is used to configure
ff14fa 
Tomcat redirection in /etc/pki/pki-tomcat/server.xml:
ff14fa
ff14fa 
            protocol="AJP/1.3"
ff14fa 
            redirectPort="8443"
ff14fa 
            address="::1" />
ff14fa 
ie all requests to port 8009 are redirected to port 8443 on address ::1.
ff14fa
ff14fa 
If the /etc/hosts config file does not define ::1 for localhost, then AJP
ff14fa 
redirection fails and replica install is not able to request a certificate
ff14fa 
for the replica.
ff14fa
ff14fa 
Since PKI has been fixed (see PKI ticket 2570) to configure by default the AJP
ff14fa 
redirection with "localhost", FreeIPA does not need any more to override
ff14fa 
this setting.
ff14fa
ff14fa 
https://fedorahosted.org/freeipa/ticket/6575
ff14fa
ff14fa 
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
ff14fa 
---
ff14fa 
 freeipa.spec.in                 | 4 ++--
ff14fa 
 ipaserver/install/cainstance.py | 4 ----
ff14fa 
 2 files changed, 2 insertions(+), 6 deletions(-)
ff14fa
ff14fa 
diff --git a/freeipa.spec.in b/freeipa.spec.in
ff14fa 
index dba59edc2dc1c6dd12017fbc5c9a6f7bb385e7c3..d5eb76ac3c13fbbfc645bd3e42e72e3e17b4d68c 100644
ff14fa 
--- a/freeipa.spec.in
ff14fa 
+++ b/freeipa.spec.in
ff14fa 
@@ -159,8 +159,8 @@ Requires(post): systemd-units
ff14fa 
 Requires: selinux-policy >= %{selinux_policy_version}
ff14fa 
 Requires(post): selinux-policy-base >= %{selinux_policy_version}
ff14fa 
 Requires: slapi-nis >= %{slapi_nis_version}
ff14fa 
-Requires: pki-ca >= 10.3.4
ff14fa 
-Requires: pki-kra >= 10.3.4
ff14fa 
+Requires: pki-ca >= 10.3.5-11
ff14fa 
+Requires: pki-kra >= 10.3.5-11
ff14fa 
 Requires(preun): python systemd-units
ff14fa 
 Requires(postun): python systemd-units
ff14fa 
 Requires: zip
ff14fa 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
ff14fa 
index 6c57aadfcdc2864f8cdc84c16556dce7163737fc..3e0d5fb40356ccf5f8053fb1c8af11c547c4d19c 100644
ff14fa 
--- a/ipaserver/install/cainstance.py
ff14fa 
+++ b/ipaserver/install/cainstance.py
ff14fa 
@@ -577,10 +577,6 @@ class CAInstance(DogtagInstance):
ff14fa 
             config.set("CA", "pki_external_ca_cert_chain_path", cert_chain_file.name)
ff14fa 
             config.set("CA", "pki_external_step_two", "True")
ff14fa
ff14fa 
-        # PKI IPv6 Configuration
ff14fa 
-        config.add_section("Tomcat")
ff14fa 
-        config.set("Tomcat", "pki_ajp_host", "::1")
ff14fa 
-
ff14fa 
         # Generate configuration file
ff14fa 
         with open(cfg_file, "wb") as f:
ff14fa 
             config.write(f)
ff14fa 
--
ff14fa 
2.9.3
ff14fa

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation