On 2015-06-23 19:55, Nathaniel McCallum wrote: > The behavior I'm worried about here is this: > 1. Admin installs or updates FreeIPA (w/ kdcproxy) > 2. Admin disables kdcproxy > 3. Admin updates to the next version > > After step #3, is kdcproxy enabled or disabled? I don't have a clear answer > to this (or at least I'm not seeing it). > > Other than this, I'm happy. So if we can answer this, it is an ack from me.
That is covered by the check is_kdcproxy_configured(). It checks for the presence of a file. That file is created during installation or at the first update. Let's see if the check works. At first I'm disabling kdcproxy: # ipa-ldap-updater /usr/share/ipa/kdcproxy-disable.uldif Parsing update file '/usr/share/ipa/kdcproxy-disable.uldif' Updating existing entry: cn=KDC,cn=vm-164.abc.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example Done Update complete The ipa-ldap-updater command was successful # systemctl restart httpd.service # curl https://vm-164.abc.idm.lab.eng.brq.redhat.com/KdcProxy <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /KdcProxy was not found on this server.</p> </body></html> # stat /etc/httpd/conf.d/ipa-kdc-proxy.conf stat: cannot stat ‘/etc/httpd/conf.d/ipa-kdc-proxy.conf’: No such file or directory Next I'm running the updater and check the feature again: # ipa-server-upgrade ... # systemctl restart httpd.service # curl https://vm-164.abc.idm.lab.eng.brq.redhat.com/KdcProxy <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /KdcProxy was not found on this server.</p> </body></html> # stat /etc/httpd/conf.d/ipa-kdc-proxy.conf stat: cannot stat ‘/etc/httpd/conf.d/ipa-kdc-proxy.conf’: No such file or directory KDC proxy is still disable. Let's enable it and check again. # ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif Parsing update file '/usr/share/ipa/kdcproxy-enable.uldif' Updating existing entry: cn=KDC,cn=vm-164.abc.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example Done Update complete The ipa-ldap-updater command was successful # systemctl restart httpd.service # curl https://vm-164.abc.idm.lab.eng.brq.redhat.com/KdcProxy Method not allowed (GET) # stat /etc/httpd/conf.d/ipa-kdc-proxy.conf File: ‘/etc/httpd/conf.d/ipa-kdc-proxy.conf’ -> ‘/etc/ipa/kdcproxy/ipa-kdc-proxy.conf’ Size: 36 Blocks: 0 IO Block: 4096 symbolic link Device: fd01h/64769d Inode: 398238 Links: 1 ...
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code