[Freeipa-users] error while installin ipa-replica with ca

Martin Kosek mkosek at redhat.com
Mon Jan 11 11:48:07 UTC 2016 

On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
> Good day, Colleagues!
> 
> And Happy New Year!
> 
> I have tried to install test stend with ipa v4.2 and 2 master-master
> servers.
> 
> files /etc/hosts on both servers contain:
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 
> 10.254.1.114 radipa00.test.ckt radipa00
> 10.254.1.154 radipa01.test.ckt radipa01
> 
> prepare key for replica server:
> [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
> radipa01.test.ckt
> 
> copy it to replica:
> [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
> root at radipa01.test.ckt:/var/lib/ipa/
> 
> then on replica start installation:
> [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
> --forwarder=77.88.8.7 --forwarder=77.88.8.3
> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
> 
> and!!! I have got such error:
>   [2/23]: configuring certificate server instance
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
> installation logs and the following files/directories for more information:
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
> /var/log/pki-ca-install.log
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
> /var/log/pki/pki-tomcat
>   [error] RuntimeError: CA configuration failed.
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> log file contains this error:
> [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log
>     'application_version': '[APPLICATION_VERSION]'}
> 2016-01-11 15:06:34 pkispawn    : ERROR    ....... Deployment file could
> not be parsed correctly.  This might be because of unescaped '%%'
> characters.  You must escape '%%' characters in deployment files
> (example - 'setting=foo%%%%bar').
> 2016-01-11 15:06:34 pkispawn    : ERROR    ....... Interpolation error
> ('%' must be followed by '%' or '(', found: '%')
> 
> I have reproduced that error several times with cenos7 and fedora23
> installations.
> 
> I am really confused if I am doing something wrong or may it is
> something else...
> what it can be?
> ____________
> Best wishes!

CCing Endi. There used to be an error, when DM password (used also for Dogtag)
contained special characters, PKI installer choked on it. I could not find the
bug number right now.

More information about the Freeipa-users mailing list