[Freeipa-users] error while installin ipa-replica with ca

Arthur Fayzullin arthur at deus.pro
Mon Jan 11 11:01:37 UTC 2016 

Good day, Colleagues!

And Happy New Year!

I have tried to install test stend with ipa v4.2 and 2 master-master
servers.

files /etc/hosts on both servers contain:
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6

10.254.1.114 radipa00.test.ckt radipa00
10.254.1.154 radipa01.test.ckt radipa01

prepare key for replica server:
[root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
radipa01.test.ckt

copy it to replica:
[root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
root at radipa01.test.ckt:/var/lib/ipa/

then on replica start installation:
[root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
--mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
--forwarder=77.88.8.7 --forwarder=77.88.8.3
/var/lib/ipa/replica-info-radipa01.test.ckt.gpg

and!!! I have got such error:
  [2/23]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpvgc4S6'' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
/var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

log file contains this error:
[root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log
    'application_version': '[APPLICATION_VERSION]'}
2016-01-11 15:06:34 pkispawn    : ERROR    ....... Deployment file could
not be parsed correctly.  This might be because of unescaped '%%'
characters.  You must escape '%%' characters in deployment files
(example - 'setting=foo%%%%bar').
2016-01-11 15:06:34 pkispawn    : ERROR    ....... Interpolation error
('%' must be followed by '%' or '(', found: '%')

I have reproduced that error several times with cenos7 and fedora23
installations.

I am really confused if I am doing something wrong or may it is
something else...
what it can be?
____________
Best wishes!

More information about the Freeipa-users mailing list