[Freeipa-devel] [PATCH] 762 Let the framework be able to override the hostname

Martin Kosek mkosek at redhat.com
Thu May 12 11:05:03 UTC 2011 

On Tue, 2011-05-10 at 09:48 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
> >> The hostname is passed in during the server installation. We should use
> >> this hostname for the resulting server as well. It was being discarded
> >> and we always used the system hostname value.
> >>
> >> ticket 1052
> >>
> >> rob
> >
> > Looks good for both server and a client install with a custom hostname.
> > However, I was unable to install a CA-powered replica, when a master was
> > configured with custom hostname:
> >
> > ipareplica-install.log:
> > ...
> > #############################################
> > Attempting to connect to: vm-102.idm.lab.bos.redhat.com:9445
> > Connected.
> > Posting Query = https://vm-102.idm.lab.bos.redhat.com:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6792677911037453899&xml=true
> > RESPONSE STATUS:  HTTP/1.1 200 OK
> > RESPONSE HEADER:  Server: Apache-Coyote/1.1
> > RESPONSE HEADER:  Content-Type: text/html;charset=UTF-8
> > RESPONSE HEADER:  Date: Mon, 09 May 2011 14:17:46 GMT
> > RESPONSE HEADER:  Connection: close
> > Exception in SecurityDomainLoginPanel(): java.lang.Exception: Invalid clone_uri
> > ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure
> > ERROR: unable to create CA
> >
> > #######################################################################
> >
> > 2011-05-09 10:17:47,039 DEBUG stderr=java.lang.Exception: Invalid clone_uri
> >          at ConfigureCA.SecurityDomainLoginPanel(ConfigureCA.java:384)
> >          at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1239)
> >          at ConfigureCA.main(ConfigureCA.java:1761)
> >
> > 2011-05-09 10:17:47,040 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname vm-102.idm.lab.bos.redhat.com -cs_port 9445 -client_certdb_dir /tmp/tmp-Ou9Wd4 -client_certdb_pwd 'XXXXXXXX' -preop_pin qTFTDIjO9j9LdtvjLCz1 -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IDM.LAB.BOS.REDHAT.COM" -ldap_host vm-102.idm.lab.bos.redhat.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_server_cert_subject_name "CN=vm-102.idm.lab.bos.redhat!
 .co
> m,O=IDM.LAB.BOS.REDHAT.COM" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IDM.LAB.BOS.REDHAT.COM" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IDM.LAB.BOS.REDHAT.COM" -external false -clone true -clone_p12_file ca.p12 -clone_p12_password 'XXXXXXXX' -sd_hostname ipa.idm.lab.bos.redhat.com -sd_admin_port 9445 -sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri https://ipa.idm.lab.bos.redhat.com:9444' returned non-zero exit status 255
> > 2011-05-09 10:17:47,070 DEBUG Configuration of CA failed
> >    File "/usr/sbin/ipa-replica-install", line 543, in<module>
> >      main()
> >
> >    File "/usr/sbin/ipa-replica-install", line 486, in main
> >      (CA, cs) = install_ca(config)
> >
> >    File "/usr/sbin/ipa-replica-install", line 186, in install_ca
> >      subject_base=config.subject_base)
> >
> >    File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance
> >      self.start_creation("Configuring certificate server", 360)
> >
> >    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 289, in start_creation
> >      method()
> > ...
> >
> > Did that worked for you?
> 
> It worked for me, I remember testing both. Ade, do you know what would 
> cause dogtag to throw "Invalid clone_uri"?
> 
> rob

I can provide a VM with reproduced problem if that would help. However,
the reproduction scenario is simple (I tried that again just right now):

1) Install IPA server with CA,DNS support with custom --hostname
2) Try to install replica on another F-15 -> installation fails

My dogtag version: pki-ca-9.0.7-1.fc15.noarch

Martin

More information about the Freeipa-devel mailing list