[Freeipa-users] Trouble installing F21 4.1.2 replica from F20 3.3.5 master

Martin Kosek mkosek at redhat.com
Mon Jan 5 11:47:05 UTC 2015 

On 01/04/2015 12:29 AM, Anthony Messina wrote:
> I was hoping to "migrate" from F20 to F21 using:
> http://www.freeipa.org/page/Howto/Migration
> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master

The migration procedure is only needed if you run FreeIPA server with PKI based
on Dogtag (pki-ca package) 9. Do you? Is your Fedora 20 FreeIPA&PKI instance
functional? FreeIPA+Dogtag 9 is not supported since Fedora 18, so I was
surprised such setup worked in Fedora 20.

> Where the new F21 replica would become the new "master" from which I would 
> later create other F21 replica(s).
> 
> F20 master:  freeipa-server-3.3.5-1.fc20.x86_64
> F21 replica: freeipa-server-4.1.2-1.fc21.x86_64
> 
> The first F21 replica installation fails when attempting to setup the CA and 
> I'm not sure where to go from here.  Any guidance is appreciated.  Thanks.

CCing Fraser and Endi from PKI team to advise.

> 2015-01-03T23:09:39Z DEBUG Saving StateFile to 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-03T23:09:39Z DEBUG Starting external process
> 2015-01-03T23:09:39Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' 
> '/tmp/tmpZNHZWb'
> 2015-01-03T23:09:39Z DEBUG Process finished, return code=1
> 2015-01-03T23:09:39Z DEBUG stdout=Loading deployment configuration from 
> /tmp/tmpZNHZWb.
> 
> 2015-01-03T23:09:39Z DEBUG stderr=Traceback (most recent call last):
>   File "/usr/sbin/pkispawn", line 579, in <module>
>     main(sys.argv)
>   File "/usr/sbin/pkispawn", line 480, in main
>     info = parser.sd_get_info()
>   File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.py", 
> line 464, in sd_get_info
>     info = sd.get_security_domain_info()
>   File "/usr/lib/python2.7/site-packages/pki/system.py", line 96, in 
> get_security_domain_info
>     info = SecurityDomainInfo.from_json(response.json())
>   File "/usr/lib/python2.7/site-packages/pki/system.py", line 83, in from_json
>     ret.name = json_value['id']
> KeyError: 'id'
> 
> 2015-01-03T23:09:39Z CRITICAL failed to configure ca instance Command 
> ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpZNHZWb'' returned non-zero exit 
> status 1
> 2015-01-03T23:09:39Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 382, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 372, in run_step
>     method()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
> line 671, in __spawn_instance
>     raise RuntimeError('Configuration of CA failed')
> RuntimeError: Configuration of CA failed
> 
> 
>

More information about the Freeipa-users mailing list