On 05/03/2013 12:43 PM, Martin Kosek wrote:
On 05/02/2013 07:51 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
Nathaniel McCallum wrote:
When installing beta1, I encountered a bug where the CA install would
fail. This may have already been fixed in dogtag or elsewhere, but if
not, this patch WorksForMe. I have no idea if it is the "right" fix.

Good catch. This change apparently was added during the last week of
10.0.2 development and I'm not sure how I missed it. I did at least one
successful install using those bits. Maybe either my test was bogus or I
had left-over kruft.

In any case, we can specify the location directly to pkispawn and not
have to move the file.

BTW, My patch 1098 bumps up the minimum version of dogtag to 10.0.2.


I tested 1100 and it works great on master server. However when I am on
replica, it always fails:

# ipa-ca-install replica-info-vm-024.idm.lab.bos.redhat.com.gpg
Directory Manager (existing master) password:
Connection check OK
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 
   [1/16]: creating certificate server user
   [2/16]: configuring certificate server instance
ipa         : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpRR0ic3' returned non-zero exit status 1

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Configuration of CA failed

CA installation log including pkispawn error attached.


The bug Martin found was unrelated, and will be fixed with https://fedorahosted.org/freeipa/ticket/3601.

ACK for rcrit-1100.


Freeipa-devel mailing list

Reply via email to