[Freeipa-devel] [PATCH] 762 Let the framework be able to override the hostname
Martin Kosek
mkosek at redhat.com
Thu May 12 11:05:03 UTC 2011
On Tue, 2011-05-10 at 09:48 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
> >> The hostname is passed in during the server installation. We should use
> >> this hostname for the resulting server as well. It was being discarded
> >> and we always used the system hostname value.
> >>
> >> ticket 1052
> >>
> >> rob
> >
> > Looks good for both server and a client install with a custom hostname.
> > However, I was unable to install a CA-powered replica, when a master was
> > configured with custom hostname:
> >
> > ipareplica-install.log:
> > ...
> > #############################################
> > Attempting to connect to: vm-102.idm.lab.bos.redhat.com:9445
> > Connected.
> > Posting Query = https://vm-102.idm.lab.bos.redhat.com:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6792677911037453899&xml=true
> > RESPONSE STATUS: HTTP/1.1 200 OK
> > RESPONSE HEADER: Server: Apache-Coyote/1.1
> > RESPONSE HEADER: Content-Type: text/html;charset=UTF-8
> > RESPONSE HEADER: Date: Mon, 09 May 2011 14:17:46 GMT
> > RESPONSE HEADER: Connection: close
> > Exception in SecurityDomainLoginPanel(): java.lang.Exception: Invalid clone_uri
> > ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure
> > ERROR: unable to create CA
> >
> > #######################################################################
> >
> > 2011-05-09 10:17:47,039 DEBUG stderr=java.lang.Exception: Invalid clone_uri
> > at ConfigureCA.SecurityDomainLoginPanel(ConfigureCA.java:384)
> > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1239)
> > at ConfigureCA.main(ConfigureCA.java:1761)
> >
> > 2011-05-09 10:17:47,040 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname vm-102.idm.lab.bos.redhat.com -cs_port 9445 -client_certdb_dir /tmp/tmp-Ou9Wd4 -client_certdb_pwd 'XXXXXXXX' -preop_pin qTFTDIjO9j9LdtvjLCz1 -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IDM.LAB.BOS.REDHAT.COM" -ldap_host vm-102.idm.lab.bos.redhat.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_server_cert_subject_name "CN=vm-102.idm.lab.bos.redhat!
.co
> m,O=IDM.LAB.BOS.REDHAT.COM" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IDM.LAB.BOS.REDHAT.COM" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IDM.LAB.BOS.REDHAT.COM" -external false -clone true -clone_p12_file ca.p12 -clone_p12_password 'XXXXXXXX' -sd_hostname ipa.idm.lab.bos.redhat.com -sd_admin_port 9445 -sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri https://ipa.idm.lab.bos.redhat.com:9444' returned non-zero exit status 255
> > 2011-05-09 10:17:47,070 DEBUG Configuration of CA failed
> > File "/usr/sbin/ipa-replica-install", line 543, in<module>
> > main()
> >
> > File "/usr/sbin/ipa-replica-install", line 486, in main
> > (CA, cs) = install_ca(config)
> >
> > File "/usr/sbin/ipa-replica-install", line 186, in install_ca
> > subject_base=config.subject_base)
> >
> > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance
> > self.start_creation("Configuring certificate server", 360)
> >
> > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 289, in start_creation
> > method()
> > ...
> >
> > Did that worked for you?
>
> It worked for me, I remember testing both. Ade, do you know what would
> cause dogtag to throw "Invalid clone_uri"?
>
> rob
I can provide a VM with reproduced problem if that would help. However,
the reproduction scenario is simple (I tried that again just right now):
1) Install IPA server with CA,DNS support with custom --hostname
2) Try to install replica on another F-15 -> installation fails
My dogtag version: pki-ca-9.0.7-1.fc15.noarch
Martin
More information about the Freeipa-devel
mailing list