[Freeipa-users] bug in pki during install of CA replica and workaround/solution
Les Stott
Less at imagine-sw.com
Fri Feb 6 22:38:44 UTC 2015
> -----Original Message-----
> From: Endi Sukma Dewata [mailto:edewata at redhat.com]
> Sent: Saturday, 7 February 2015 1:53 AM
> To: Martin Kosek; Les Stott; freeipa-users at redhat.com; Matthew Harmsen
> Subject: Re: [Freeipa-users] bug in pki during install of CA replica and
> workaround/solution
>
> On 2/6/2015 8:39 AM, Martin Kosek wrote:
> >> Reinstalling the pki-selinux rpm (found references in some other forum
> posts) via yum reinstall pki-selinux is not enough to help.
> >>
> >> The solution is as follows:
> >>
> >> yum downgrade pki-selinux pki-ca pki-common pki-setup pki-silent
> >> pki-java-tools pki-symkey pki-util pki-native-tools which takes
> >> components back to 9.0.3-32 then yum -y update pki-selinux pki-ca
> >> pki-common pki-setup pki-silent pki-java-tools pki-symkey pki-util
> >> pki-native-tools then (after cleaning up half installed pki
> >> components) ipa-ca-install
> >> /var/lib/ipa/replica-info-sb1sys02.mydomain.gpg
> >>
> >> Then, the CA replication completes successfully.
> >>
> >> Regards,
> >>
> >> Les
> >
> > I saw this one around, e.g. in:
> >
> > http://www.redhat.com/archives/freeipa-devel/2014-
> May/msg00507.html
> >
> > Did you try reinstalling pki-selinux before ipa-server-install?
> >
> > Endi/Matthew, do we have a bug/fix for this?
> >
> > Thanks,
> > Martin
> >
>
> Yes, we have a ticket for this:
> https://fedorahosted.org/pki/ticket/1243
> The default selinux-policy is version 3.7.19-231. It needs to be updated to at
> least version 3.7.19-260.
>
> --
> Endi S. Dewata
I will test this out (update to 3.7.19-260) next week as I've got a few more CA replicas to setup.
Thanks,
Les
More information about the Freeipa-users
mailing list