Commenting only on the 2 remaining patches that need to be committed,
inline.
On 15/10/15 04:45, Jan Cholasta wrote:
On 23.9.2015 19:47, Simo Sorce wrote:
"Allow ipa-ca-install to use the new promotion code":
1) The --replica option was not removed:
Will do, thanks for spotting.
On 22.9.2015 10:45, Jan Cholasta wrote:
1) The --replica option is redundant. You can safely decide whether this
is the first CA master or not based on information in cn=masters.
2) ipa-ca-install prompts for both admin and DM password:
# ipa-ca-install -r
Password for ad...@abc.idm.lab.eng.brq.redhat.com:
Directory Manager (existing master) password:
DM password should not be required, right?
Unfortunately if you install the CA in a separate step we still need to
ask for the DM password because dogtag uses simple binds over ldaps://
and not ldapi://, we do not need that if you pass --setup-ca because we
generate a random DM password and replace it with the hash obtained by
the existing master only after all components are installed.
3) ipa-ca-install fails with:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 445, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 435, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
631, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 185, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 448, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
I guess I'm hitting the authentication bug in Dogtag. It is supposed to
be fixed in pki-core-10.2.6-10, but is it fixed in pki-core-10.2.7-0.2?
We might need a new 10.2.7 build.
I am not sure which version has it fixed, Endi ?
1) ipa-kra-install fails with:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
171, in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py",
line 220, in run
self._run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py",
line 200, in _run
if config.subject_base is None:
AttributeError: 'NoneType' object has no attribute 'subject_base'
I need to find out why this stopped working, will post a patch asap.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
