[Freeipa-devel] Possible fix for CA install bug?
Martin Kosek
mkosek at redhat.com
Mon May 6 11:38:19 UTC 2013
On 05/06/2013 01:05 PM, Petr Viktorin wrote:
> On 05/03/2013 12:43 PM, Martin Kosek wrote:
>> On 05/02/2013 07:51 PM, Rob Crittenden wrote:
>>> Rob Crittenden wrote:
>>>> Nathaniel McCallum wrote:
>>>>> When installing beta1, I encountered a bug where the CA install would
>>>>> fail. This may have already been fixed in dogtag or elsewhere, but if
>>>>> not, this patch WorksForMe. I have no idea if it is the "right" fix.
>>>>
>>>> Good catch. This change apparently was added during the last week of
>>>> 10.0.2 development and I'm not sure how I missed it. I did at least one
>>>> successful install using those bits. Maybe either my test was bogus or I
>>>> had left-over kruft.
>>>>
>>>> In any case, we can specify the location directly to pkispawn and not
>>>> have to move the file.
>>>
>>> BTW, My patch 1098 bumps up the minimum version of dogtag to 10.0.2.
>>>
>>> rob
>>
>> I tested 1100 and it works great on master server. However when I am on
>> replica, it always fails:
>>
>> # ipa-ca-install replica-info-vm-024.idm.lab.bos.redhat.com.gpg
>> Directory Manager (existing master) password:
>> ...
>> Connection check OK
>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
>> seconds
>> [1/16]: creating certificate server user
>> [2/16]: configuring certificate server instance
>> ipa : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpRR0ic3' returned non-zero exit status 1
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> Configuration of CA failed
>>
>> CA installation log including pkispawn error attached.
>>
>> Martin
>>
>
> The bug Martin found was unrelated, and will be fixed with
> https://fedorahosted.org/freeipa/ticket/3601.
Right.
>
> ACK for rcrit-1100.
>
Pushed to master, ipa-3-1.
Martin
More information about the Freeipa-devel
mailing list