On 11.11.2015 15:43, Oleg Fayans wrote:
Hi Martin,
On 11/11/2015 03:32 PM, Martin Basti wrote:
On 11.11.2015 09:26, Oleg Fayans wrote:
Hi all,
when running ipa-kra-install on a replica with domain level 0 and with
replica file proivided, I get the following error:
$ ipa-kra-install -U -p <dirman_pass>
/home/ofayans/ipatests/replica-info.gpg
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
Too many parameters provided. No replica file is required.
The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information
---------------------------------------------------------------------
However, when I issue the same command without the replica file, the
installation starts, but fails in the middle, without any reasonable
error message that I do need a replica file:
$ ipa-kra-install -p <dirman_pass> -U
===================================================================
This program will setup Dogtag KRA for the FreeIPA Server.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6
seconds
[1/8]: configuring KRA instance
Failed to configure KRA instance: Command ''/usr/sbin/pkispawn' '-s'
'KRA' '-f' '/tmp/tmpPQGCs0'' returned non-zero exit status 1
See the installation logs and the following files/directories for more
information:
/var/log/pki-ca-install.log
/var/log/pki/pki-tomcat
[error] RuntimeError: KRA configuration failed.
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
KRA configuration failed.
The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information
--------------------------------------------------------------------
Both logs are attached
Just to be sure, do you have KRA installed on master?
Great catch, actually I did not. So is this the reason? Should not we
provide a more meaningful error message in this case?
There is right error: "No replica file is required"
However IIRC in this case, ipa-kra-install without replica file should
work, so this is the bug.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code