Quoting Endi Sukma Dewata <edew...@redhat.com>:

On 1/6/2015 4:55 AM, Anthony Messina wrote:
I'm discussing this with Ade (CC'd). Based on the stack trace it looks
like the replica thinks the master returns an incomplete information
about the security domain, probably due to the different Dogtag versions
used in master and replica.

We need some additional info:

1. What is the pki-ca version on the master (F20)?

pki-ca-10.1.2-7.fc20.noarch

2. What is the pki-ca version on the replica (F21)?

pki-ca-10.2.0-5.fc21.noarch

3. What is the output of this URL on the master?
    https://<master>:8443/ca/rest/securityDomain/domainInfo

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<DomainInfo id="IPA">
  <Subsystem id="CA">
    <Host id="CA ipa1.example.com 443">
      <Clone>FALSE</Clone>
      <DomainManager>TRUE</DomainManager>
      <Hostname>ipa1.example.com</Hostname>
      <Port>80</Port>
      <SecureAdminPort>443</SecureAdminPort>
      <SecureAgentPort>443</SecureAgentPort>
      <SecureEEClientAuthPort>443</SecureEEClientAuthPort>
      <SecurePort>443</SecurePort>
      <SubsystemName>CA ipa1.example.com 8443</SubsystemName>
    </Host>
    <Host id="CA ipa2.example.com 443">
      <Clone>TRUE</Clone>
      <DomainManager>TRUE</DomainManager>
      <Hostname>ipa2.example.com</Hostname>
      <Port>80</Port>
      <SecureAdminPort>443</SecureAdminPort>
      <SecureAgentPort>443</SecureAgentPort>
      <SecureEEClientAuthPort>443</SecureEEClientAuthPort>
      <SecurePort>443</SecurePort>
      <SubsystemName>CA ipa2.example.com 8443</SubsystemName>
    </Host>
  </Subsystem>
</DomainInfo>

Thanks for the info. This is indeed a bug. I filed the following ticket for Dogtag:
https://fedorahosted.org/pki/ticket/1235

--
Endi S. Dewata

Thank you Endi.  -A
--
Anthony - https://messinet.com - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

Attachment: pgpwxk4G712M3.pgp
Description: PGP Digital Signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to