[Freeipa-devel] Possible fix for CA install bug?

Petr Viktorin pviktori at redhat.com
Mon May 6 11:05:48 UTC 2013

On 05/03/2013 12:43 PM, Martin Kosek wrote:
> On 05/02/2013 07:51 PM, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Nathaniel McCallum wrote:
>>>> When installing beta1, I encountered a bug where the CA install would
>>>> fail. This may have already been fixed in dogtag or elsewhere, but if
>>>> not, this patch WorksForMe. I have no idea if it is the "right" fix.
>>> Good catch. This change apparently was added during the last week of
>>> 10.0.2 development and I'm not sure how I missed it. I did at least one
>>> successful install using those bits. Maybe either my test was bogus or I
>>> had left-over kruft.
>>> In any case, we can specify the location directly to pkispawn and not
>>> have to move the file.
>> BTW, My patch 1098 bumps up the minimum version of dogtag to 10.0.2.
>> rob
> I tested 1100 and it works great on master server. However when I am on
> replica, it always fails:
> # ipa-ca-install replica-info-vm-024.idm.lab.bos.redhat.com.gpg
> Directory Manager (existing master) password:
> ...
> Connection check OK
> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
>    [1/16]: creating certificate server user
>    [2/16]: configuring certificate server instance
> ipa         : CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpRR0ic3' returned non-zero exit status 1
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> Configuration of CA failed
> CA installation log including pkispawn error attached.
> Martin

The bug Martin found was unrelated, and will be fixed with 

ACK for rcrit-1100.


More information about the Freeipa-devel mailing list