[Freeipa-devel] Possible fix for CA install bug?
mkosek at redhat.com
Fri May 3 10:43:02 UTC 2013
On 05/02/2013 07:51 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Nathaniel McCallum wrote:
>>> When installing beta1, I encountered a bug where the CA install would
>>> fail. This may have already been fixed in dogtag or elsewhere, but if
>>> not, this patch WorksForMe. I have no idea if it is the "right" fix.
>> Good catch. This change apparently was added during the last week of
>> 10.0.2 development and I'm not sure how I missed it. I did at least one
>> successful install using those bits. Maybe either my test was bogus or I
>> had left-over kruft.
>> In any case, we can specify the location directly to pkispawn and not
>> have to move the file.
> BTW, My patch 1098 bumps up the minimum version of dogtag to 10.0.2.
I tested 1100 and it works great on master server. However when I am on
replica, it always fails:
# ipa-ca-install replica-info-vm-024.idm.lab.bos.redhat.com.gpg
Directory Manager (existing master) password:
Connection check OK
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
[1/16]: creating certificate server user
[2/16]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpRR0ic3' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Configuration of CA failed
CA installation log including pkispawn error attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 11472 bytes
Desc: not available
More information about the Freeipa-devel