Re: [Freeipa-devel] ipa-kra-install at domain level 0

Wed, 11 Nov 2015 06:54:06 -0800 


On 11.11.2015 15:43, Oleg Fayans wrote:

Hi Martin,


On 11/11/2015 03:32 PM, Martin Basti wrote:



On 11.11.2015 09:26, Oleg Fayans wrote:

Hi all,

when running ipa-kra-install on a replica with domain level 0 and with
replica file proivided, I get the following error:

$ ipa-kra-install -U -p <dirman_pass>
/home/ofayans/ipatests/replica-info.gpg

Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.

Too many parameters provided. No replica file is required.
The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information

---------------------------------------------------------------------

However, when I issue the same command without the replica file, the
installation starts, but fails in the middle, without any reasonable
error message that I do need a replica file:

$ ipa-kra-install -p <dirman_pass> -U

===================================================================
This program will setup Dogtag KRA for the FreeIPA Server.



Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 
seconds

  [1/8]: configuring KRA instance
Failed to configure KRA instance: Command ''/usr/sbin/pkispawn' '-s'
'KRA' '-f' '/tmp/tmpPQGCs0'' returned non-zero exit status 1
See the installation logs and the following files/directories for more
information:
  /var/log/pki-ca-install.log
  /var/log/pki/pki-tomcat
  [error] RuntimeError: KRA configuration failed.

Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.

KRA configuration failed.
The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information

--------------------------------------------------------------------

Both logs are attached



Just to be sure, do you have KRA installed on master?




Great catch, actually I did not. So is this the reason? Should not we 
provide a more meaningful error message in this case?



There is right error: "No replica file is required"


However IIRC in this case, ipa-kra-install without replica file should 
work, so this is the bug.









--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code






















					Reply via email to