Quoting Endi Sukma Dewata <[email protected]>:
On 1/6/2015 4:55 AM, Anthony Messina wrote:I'm discussing this with Ade (CC'd). Based on the stack trace it looks like the replica thinks the master returns an incomplete information about the security domain, probably due to the different Dogtag versions used in master and replica. We need some additional info: 1. What is the pki-ca version on the master (F20)?pki-ca-10.1.2-7.fc20.noarch2. What is the pki-ca version on the replica (F21)?pki-ca-10.2.0-5.fc21.noarch3. What is the output of this URL on the master? https://<master>:8443/ca/rest/securityDomain/domainInfo<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <DomainInfo id="IPA"> <Subsystem id="CA"> <Host id="CA ipa1.example.com 443"> <Clone>FALSE</Clone> <DomainManager>TRUE</DomainManager> <Hostname>ipa1.example.com</Hostname> <Port>80</Port> <SecureAdminPort>443</SecureAdminPort> <SecureAgentPort>443</SecureAgentPort> <SecureEEClientAuthPort>443</SecureEEClientAuthPort> <SecurePort>443</SecurePort> <SubsystemName>CA ipa1.example.com 8443</SubsystemName> </Host> <Host id="CA ipa2.example.com 443"> <Clone>TRUE</Clone> <DomainManager>TRUE</DomainManager> <Hostname>ipa2.example.com</Hostname> <Port>80</Port> <SecureAdminPort>443</SecureAdminPort> <SecureAgentPort>443</SecureAgentPort> <SecureEEClientAuthPort>443</SecureEEClientAuthPort> <SecurePort>443</SecurePort> <SubsystemName>CA ipa2.example.com 8443</SubsystemName> </Host> </Subsystem> </DomainInfo>Thanks for the info. This is indeed a bug. I filed the following ticket for Dogtag:https://fedorahosted.org/pki/ticket/1235 -- Endi S. Dewata
Thank you Endi. -A -- Anthony - https://messinet.com - https://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
pgpwxk4G712M3.pgp
Description: PGP Digital Signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
