On 2/6/2015 8:39 AM, Martin Kosek wrote:
Reinstalling the pki-selinux rpm (found references in some other forum posts)
via yum reinstall pki-selinux is not enough to help.
The solution is as follows:
yum downgrade pki-selinux pki-ca pki-common pki-setup pki-silent pki-java-tools
pki-symkey pki-util pki-native-tools
which takes components back to 9.0.3-32
then
yum -y update pki-selinux pki-ca pki-common pki-setup pki-silent
pki-java-tools pki-symkey pki-util pki-native-tools
then (after cleaning up half installed pki components)
ipa-ca-install /var/lib/ipa/replica-info-sb1sys02.mydomain.gpg
Then, the CA replication completes successfully.
Regards,
Les
I saw this one around, e.g. in:
http://www.redhat.com/archives/freeipa-devel/2014-May/msg00507.html
Did you try reinstalling pki-selinux before ipa-server-install?
Endi/Matthew, do we have a bug/fix for this?
Thanks,
Martin
Yes, we have a ticket for this:
https://fedorahosted.org/pki/ticket/1243
The default selinux-policy is version 3.7.19-231. It needs to be updated
to at least version 3.7.19-260.
--
Endi S. Dewata
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project