Uploaded image for project: 'RHEL Documentation'
  1. RHEL Documentation
  2. RHELDOCS-21508

RFE: Stop enforcing checking for Port 80 for RHEL 9 & 10 IDM replica install on servers on a CA Less install

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.6
    • Documentation
    • Low
    • rhel-sst-ccs
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified

      What were you trying to do that didn't work?

      Install an IdM replica without port 80 being open on the target server.

      What is the impact of this issue to you?

      Having port 80 open is a security concern.

      Please provide the package NVR for which the bug is seen:

      ipa-server-4.12.2-14.el9_6.5

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. Disable/block port 80 on existing IdM server. This port is not required for RHEL 8+
      2. Install replica using ipa-replica-install

      Expected results

      Installation of replica should succeed. Possibly with a warning message.

      Actual results

      Installation fails because target port 80 is not accessible.

      Additional Information

      ipa-replica-install calls ipa-replica-conncheck, and that is where the fix should be made. Port 80 is not used by RHEL 8+ for replica communication (7 and earlier do), so instead of it being an error it should be a warning at most.

      The workaround is to use `ipa-replica-install --skip-conncheck` but this leads to potential error scenarios where other required ports are not accessible.

              frenaud@redhat.com Florence Renaud
              tsorense@redhat.com Thomas Sorensen
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: