[Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found
Fraser Tweedale
ftweedal at redhat.com
Tue Dec 22 11:03:35 UTC 2015
On Tue, Dec 22, 2015 at 10:06:55AM +0100, Karl Forner wrote:
> Hi Fraser,
> The ipa-replica-prepare ran in a adelton/freeipa-server:lastest-systemd
> docker, which I think is based on fedora 23 and contains freeIPA v 4.2.3.
> I can try to patch it, but I'm really not used to fedora, and moreover
> there's a debian/docker bug that prevents me from building the docker image
> on my computers.
>
> Thanks,
> Karl
>
OK, fair enough. A couple of follow-up questions:
- Is the issue always reproducible or only some of the time?
- Are you running replica-prepare immediately after starting the
container? Does the issue still occur after waiting a while?
If you attach your /var/log/pki/pki-tomcat/ca/debug log it will help
pinpoint the cause and confirm/deny whether the existing patch will
fix it.
Cheers,
Fraser
> On Tue, Dec 22, 2015 at 2:46 AM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
>
> > On Mon, Dec 21, 2015 at 01:57:02PM +0100, Karl Forner wrote:
> > > Hello,
> > >
> > > Running:
> > > ipa-replica-prepare ipa-h3s1.example.com --ip-address xx.xx.xx.xx -d -v
> > > fails
> > > with
> > > ipa: DEBUG: Protocol: TLS1.2
> > > ipa: DEBUG: Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> > > ipa: DEBUG: request status 200
> > > ipa: DEBUG: request reason_phrase u'OK'
> > > ipa: DEBUG: request headers {'date': 'Mon, 21 Dec 2015 12:50:59 GMT',
> > > 'content-length': '148', 'content-type': 'application/xml', 'server':
> > > 'Apache-Coyote/1.1'}
> > > ipa: DEBUG: request body '<?xml version="1.0" encoding="UTF-8"
> > > standalone="no"?><XMLResponse><Status>1</Status><Error>Profile
> > > caIPAserviceCert Not Found</Error></XMLResponse>'
> > > ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File
> > > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> > > execute
> > >
> > > The context is probably unusual:
> > > I run the command on a replica with CA from a server in freeipa v4.1.4
> > (in
> > > a adelton/freeipa-server docker)
> > > which is a freeipa v4.2.3 running in
> > > adelton/freeipa-server:lastest-systemd docker
> > >
> > > I found this ticket which looks similar:
> > > https://fedorahosted.org/freeipa/ticket/5376
> > >
> > > Is there something wrong with my replica knowing that it has been
> > > replicated from a 4.1.4 ?
> > > Is there a work-around ?
> > >
> > > Thanks
> > > Karl
> >
> > Hi Karl,
> >
> > I have a patch for Dogtag that I think will fix this issue. Would
> > you be willing to test it? If so, which version of Fedora/RHEL are
> > you using and I will prepare a build.
> >
> > Regards,
> > Fraser
> >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> >
> >
More information about the Freeipa-users
mailing list