[Freeipa-users] Possible bug in ipa-replica-install/pkispawn - or maybe lib mismatch
David Kupka
dkupka at redhat.com
Tue Oct 6 06:40:04 UTC 2015
On 23/09/15 10:35, Michael Lasevich wrote:
> Ok, I just went through process of migrating our IPA setup from 4.1.2
> running on Fedora 20 (?? may have been 21) to 4.1.4 on CentOS 7 (MKosek
> Copr version) and run into a nasty bug. The replica-install crashes during
> CA configuration with something like:
>
> ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpXXXXXX'' returned non-zero
> exit status 1
>
> Skipping CA works, but I needed the CA.
>
> Upon digging into this, I found the issue appears to be in pki python, in
> file:
>
> /usr/lib/python2.7/site-packages/pki/system.py
>
> It looks like it makes a call to "/ca/rest/securityDomain/domainInfo" and
> gets an XML doc which it converts to JSON. Somehow it gets mangled before
> it looks at it. XML has outermost tag of "DomainInfo" - but JSON starts
> with "Subsystem" (one layer lower) - I am guessing JSON converted strips
> the "root" tag.
>
> I bypassed this by hardcoding id as "IPA" - but obviously that is
> sub-optimal
>
> Looking at Fedora box, it looks like the difference is in the version of
> PKI package that provides the lib - on Centos you get pki-base 10.1.2
> (pki-base-10.1.2-7.1.el7.centos.noarch) - while on Fedore it was a 10.2
> branch (and significantly different content in that file)
>
> Anyway, I saw some reports of this bug in searches and no answers - so I
> figured I would offer this pointer in (hopefully) the right direction.
>
> -M
>
>
>
Hello Michael!
Thanks for notifying us. Martin just updated the copr repository
(https://copr.fedoraproject.org/coprs/mkosek/freeipa/) with newer
version of PKI packages and I tested replication between Fedora 21 and
CentOS 7.1 (both FreeIPA 4.1.4) and it works for me as expected.
Could you please try it again?
--
David Kupka
More information about the Freeipa-users
mailing list