[Freeipa-devel] ipa-kra-install at domain level 0

Oleg Fayans ofayans at redhat.com
Wed Nov 11 14:43:15 UTC 2015 

Hi Martin,


On 11/11/2015 03:32 PM, Martin Basti wrote:
>
>
> On 11.11.2015 09:26, Oleg Fayans wrote:
>> Hi all,
>>
>> when running ipa-kra-install on a replica with domain level 0 and with
>> replica file proivided, I get the following error:
>>
>> $ ipa-kra-install -U -p <dirman_pass>
>> /home/ofayans/ipatests/replica-info.gpg
>>
>> Your system may be partly configured.
>> Run ipa-kra-install --uninstall to clean up.
>>
>> Too many parameters provided. No replica file is required.
>> The ipa-kra-install command failed. See
>> /var/log/ipaserver-kra-install.log for more information
>>
>> ---------------------------------------------------------------------
>>
>> However, when I issue the same command without the replica file, the
>> installation starts, but fails in the middle, without any reasonable
>> error message that I do need a replica file:
>>
>> $ ipa-kra-install -p <dirman_pass> -U
>>
>> ===================================================================
>> This program will setup Dogtag KRA for the FreeIPA Server.
>>
>>
>> Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds
>>   [1/8]: configuring KRA instance
>> Failed to configure KRA instance: Command ''/usr/sbin/pkispawn' '-s'
>> 'KRA' '-f' '/tmp/tmpPQGCs0'' returned non-zero exit status 1
>> See the installation logs and the following files/directories for more
>> information:
>>   /var/log/pki-ca-install.log
>>   /var/log/pki/pki-tomcat
>>   [error] RuntimeError: KRA configuration failed.
>>
>> Your system may be partly configured.
>> Run ipa-kra-install --uninstall to clean up.
>>
>> KRA configuration failed.
>> The ipa-kra-install command failed. See
>> /var/log/ipaserver-kra-install.log for more information
>>
>> --------------------------------------------------------------------
>>
>> Both logs are attached
>>
>>
> Just to be sure, do you have KRA installed on master?
>

Great catch, actually I did not. So is this the reason? Should not we 
provide a more meaningful error message in this case?

>>
>>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list