[Freeipa-devel] Possible fix for CA install bug?

Martin Kosek mkosek at redhat.com
Fri May 3 10:43:02 UTC 2013

On 05/02/2013 07:51 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Nathaniel McCallum wrote:
>>> When installing beta1, I encountered a bug where the CA install would
>>> fail. This may have already been fixed in dogtag or elsewhere, but if
>>> not, this patch WorksForMe. I have no idea if it is the "right" fix.
>> Good catch. This change apparently was added during the last week of
>> 10.0.2 development and I'm not sure how I missed it. I did at least one
>> successful install using those bits. Maybe either my test was bogus or I
>> had left-over kruft.
>> In any case, we can specify the location directly to pkispawn and not
>> have to move the file.
> BTW, My patch 1098 bumps up the minimum version of dogtag to 10.0.2.
> rob

I tested 1100 and it works great on master server. However when I am on
replica, it always fails:

# ipa-ca-install replica-info-vm-024.idm.lab.bos.redhat.com.gpg
Directory Manager (existing master) password:
Connection check OK
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
  [1/16]: creating certificate server user
  [2/16]: configuring certificate server instance
ipa         : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpRR0ic3' returned non-zero exit status 1

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Configuration of CA failed

CA installation log including pkispawn error attached.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipareplica-ca-install.log
Type: text/x-log
Size: 11472 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130503/bfb65835/attachment.bin>

More information about the Freeipa-devel mailing list