Port 8080 is a popular port. Tomcat uses it as the default port for unencrypted traffic. FreeIA, installs Dogtag which runs in Tomcat. Swift proxy also chose that port number for its traffic. This means that if one is run on that port, the other cannot. Of the two, it is easier to change FreeIPA, as the port is only used for internal traffic, where as Swift’s port is in the service catalog and the documentation.
Changing the port in FreeIPA requires modifications in both the config directories for Dogtag and the python code that contacts it.
The Python changes are in
/usr/lib/python2.7/site-packages/ipaplatform/base/services.py/usr/lib/python2.7/site-packages/ipapython/dogtag.py
Look for any instance of 8080 and change them to another port that will not conflict. I chose 8181
The config changes for dogtag are in /etc/pki such as /etc/pki/pki-tomcat/ca/CS.cfg and again, change 8080 to 8181.
Restart the server with:
sudo systemctl status ipa.serviceTo confirm run a command that hits the CA:
ipa cert-findI have a ticket in with FreeIPA to try and get support for this in.
With these changes made, I tested out then installing the undercloud on the same node and it seems to work.
However, the IPA server is no longer running. The undercloud install seems to have cleared out the ipa config files from under /etc/httpd/conf.d. However, DOgtag is still running as shown by
curl localhost:8181Next experiment will be to see if I can preserve the IPA configuration