[Freeipa-users] error while installin ipa-replica with ca

Arthur Fayzullin arthur at deus.pro
Mon Jan 11 11:51:49 UTC 2016 

Bingo!!!
that it is!!!
dm password contains % - symbol!

I am not sure but with previous versions that have not caused any problem.

Thanks a lot!

11.01.2016 16:48, Martin Kosek пишет:
> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
>> Good day, Colleagues!
>>
>> And Happy New Year!
>>
>> I have tried to install test stend with ipa v4.2 and 2 master-master
>> servers.
>>
>> files /etc/hosts on both servers contain:
>> 127.0.0.1   localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>>
>> 10.254.1.114 radipa00.test.ckt radipa00
>> 10.254.1.154 radipa01.test.ckt radipa01
>>
>> prepare key for replica server:
>> [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
>> radipa01.test.ckt
>>
>> copy it to replica:
>> [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>> root at radipa01.test.ckt:/var/lib/ipa/
>>
>> then on replica start installation:
>> [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
>> --forwarder=77.88.8.7 --forwarder=77.88.8.3
>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>>
>> and!!! I have got such error:
>>   [2/23]: configuring certificate server instance
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
>> installation logs and the following files/directories for more information:
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
>> /var/log/pki-ca-install.log
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
>> /var/log/pki/pki-tomcat
>>   [error] RuntimeError: CA configuration failed.
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> log file contains this error:
>> [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log
>>     'application_version': '[APPLICATION_VERSION]'}
>> 2016-01-11 15:06:34 pkispawn    : ERROR    ....... Deployment file could
>> not be parsed correctly.  This might be because of unescaped '%%'
>> characters.  You must escape '%%' characters in deployment files
>> (example - 'setting=foo%%%%bar').
>> 2016-01-11 15:06:34 pkispawn    : ERROR    ....... Interpolation error
>> ('%' must be followed by '%' or '(', found: '%')
>>
>> I have reproduced that error several times with cenos7 and fedora23
>> installations.
>>
>> I am really confused if I am doing something wrong or may it is
>> something else...
>> what it can be?
>> ____________
>> Best wishes!
> CCing Endi. There used to be an error, when DM password (used also for Dogtag)
> contained special characters, PKI installer choked on it. I could not find the
> bug number right now.

More information about the Freeipa-users mailing list