[Freeipa-users] bug in pki during install of CA replica and workaround/solution
Endi Sukma Dewata
edewata at redhat.com
Fri Feb 6 14:53:06 UTC 2015
On 2/6/2015 8:39 AM, Martin Kosek wrote:
>> Reinstalling the pki-selinux rpm (found references in some other forum posts) via yum reinstall pki-selinux is not enough to help.
>>
>> The solution is as follows:
>>
>> yum downgrade pki-selinux pki-ca pki-common pki-setup pki-silent pki-java-tools pki-symkey pki-util pki-native-tools
>> which takes components back to 9.0.3-32
>> then
>> yum -y update pki-selinux pki-ca pki-common pki-setup pki-silent pki-java-tools pki-symkey pki-util pki-native-tools
>> then (after cleaning up half installed pki components)
>> ipa-ca-install /var/lib/ipa/replica-info-sb1sys02.mydomain.gpg
>>
>> Then, the CA replication completes successfully.
>>
>> Regards,
>>
>> Les
>
> I saw this one around, e.g. in:
>
> http://www.redhat.com/archives/freeipa-devel/2014-May/msg00507.html
>
> Did you try reinstalling pki-selinux before ipa-server-install?
>
> Endi/Matthew, do we have a bug/fix for this?
>
> Thanks,
> Martin
>
Yes, we have a ticket for this:
https://fedorahosted.org/pki/ticket/1243
The default selinux-policy is version 3.7.19-231. It needs to be updated
to at least version 3.7.19-260.
--
Endi S. Dewata
More information about the Freeipa-users
mailing list