On 12/14/2011 06:58 PM, Dmitri Pal wrote:
On 12/14/2011 11:04 AM, Mercer, Rodney wrote:
I've been attempting to install the virtual machine setup from
http://freeipa.org/page/FreeIPA_demonstration_tools

I install on fresh Fedora 15 x86_64 host, and I am able to complete the first 
two steps.

When I run the last script,
./ipa-demo.sh
I get from the ipa-demo-<date>.log
----
CRITICAL:root:failed to configure ca instance
----
and later in the log:
----
Warning: skipping DNS resolution of host master.example.com
The IPA Master Server will be configured with
Hostname:    master.example.com
IP address:  192.168.122.32
Domain name: example.com
----
and
----
Configuring certificate server: Estimated time 3 minutes 30 seconds
   [1/17]: creating certificate server user
   [2/17]: creating pki-ca instance
   [3/17]: configuring certificate server instance
Unexpected error - see ipaserver-install.log for details:
  Configuration of CA failed
Server installation failed!
Domain f15-ipa-server destroyed

Domain f15-ipa-server has been undefined
----

I see the dhcp address changing for master.example.com each time the script is 
run.
Is there a requirement for making the dhcp address consistent for 
master.example.com
and having the address in /etc/hosts so that it can reverse resolve via dnsmasq?

Or does the DNS resolution of ip to host have any bearing on the certificate 
creation as I suspect?


Consistent name resolution is a requirement for IPA.
Ondrej, can you please take a closer look and see if this is something
with the demo scripts or IPA itself?
I don't see a problem in scripts. When the virtual machines are created by ipa-demo, they acquire addresses from dhcp, then - before installation of freeipa - they're configured to use static addresses(the currently assigned ip address is chosen) and also the records are added into /etc/hosts.

I wasn't able to reproduce the problem on clean f15 x64, the installation was successful, but few errors like this one appeared:

ERROR:root:certmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 root : ERROR certmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1
WARNING:root:remove: '60' not in nsslapd-pluginPrecedence


--
Regards,

Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to