[Freeipa-devel] Possible fix for CA install bug?
mkosek at redhat.com
Mon May 6 11:38:19 UTC 2013
On 05/06/2013 01:05 PM, Petr Viktorin wrote:
> On 05/03/2013 12:43 PM, Martin Kosek wrote:
>> On 05/02/2013 07:51 PM, Rob Crittenden wrote:
>>> Rob Crittenden wrote:
>>>> Nathaniel McCallum wrote:
>>>>> When installing beta1, I encountered a bug where the CA install would
>>>>> fail. This may have already been fixed in dogtag or elsewhere, but if
>>>>> not, this patch WorksForMe. I have no idea if it is the "right" fix.
>>>> Good catch. This change apparently was added during the last week of
>>>> 10.0.2 development and I'm not sure how I missed it. I did at least one
>>>> successful install using those bits. Maybe either my test was bogus or I
>>>> had left-over kruft.
>>>> In any case, we can specify the location directly to pkispawn and not
>>>> have to move the file.
>>> BTW, My patch 1098 bumps up the minimum version of dogtag to 10.0.2.
>> I tested 1100 and it works great on master server. However when I am on
>> replica, it always fails:
>> # ipa-ca-install replica-info-vm-024.idm.lab.bos.redhat.com.gpg
>> Directory Manager (existing master) password:
>> Connection check OK
>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
>> [1/16]: creating certificate server user
>> [2/16]: configuring certificate server instance
>> ipa : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpRR0ic3' returned non-zero exit status 1
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>> Configuration of CA failed
>> CA installation log including pkispawn error attached.
> The bug Martin found was unrelated, and will be fixed with
> ACK for rcrit-1100.
Pushed to master, ipa-3-1.
More information about the Freeipa-devel