[Freeipa-devel] [PATCH] 1098 catch cert-find errors on upgraded servers
Rob Crittenden
rcritten at redhat.com
Mon Apr 29 20:52:17 UTC 2013
Petr Viktorin wrote:
> On 04/26/2013 09:53 PM, Rob Crittenden wrote:
>> A dogtag 9 -> 10 upgraded server doesn't provide the RESTful API so
>> therefore the cert-find command doesn't work. Starting with dogtag
>> 10.0.2 it is going to send back a 501 (HTTP Not implemented) in this
>> case so we at least have something to catch.
>>
>> This patch catches a 501 and returns a more specific message.
>>
>> 10.0.2 builds should be available this weekend, or you can pull from
>> their devel repo at:
>>
>> [dogtag-devel]
>> name=Dogtag development $releasever - $basearch
>> baseurl=http://nkinder.fedorapeople.org/dogtag-devel/fedora/$releasever/$basearch/os/
>>
>>
>> enabled=0
>> gpgcheck=0
>>
>
> With the new Dogtag, /root/.pki/pki-tomcat/ca_admin_cert.p12 is not
> created. Installation of a new server fails on copying that to
> /root/ca-agent.p12. Adding Ade to the thread, he should know more.
>
>
> On my instance upgraded from f17 to f18, I get 404 errors, not 501.
>
> $ rpm -q pki-base
> pki-base-10.0.2-1.fc18.noarch
> $ ./ipa cert-find
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (Not Found)
> $ curl -v http://`hostname`:9180/ca/rest/certs/search
> [...]
> < HTTP/1.1 404 Not Found
> < Server: Apache-Coyote/1.1
> < Content-Type: text/html
> < Content-Length: 5723
> < Date: Sun, 28 Apr 2013 23:08:44 GMT
> [...]
This is caused by some syntax errors in the dogtag upgrade script. They
are working on a respin. See /var/log/pki/pki-server-upgrade-*.log
rob
More information about the Freeipa-devel
mailing list