I have no idea how.


From: Rob Crittenden <rcrit...@redhat.com>
Sent: Tuesday, 17 February 2015 10:40 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a 
RHEL6.6 cluster so I can upgrade.

Steven Jones wrote:
> While attempting to initialise the new server I am getting,
> [root@xx <mailto:root@vuwunicoipam001> replica-files]# ipa-replica-install 
> --setup-dns --forwarder= --no-reverse replica-info-xxx.gpg 
> --skip-conncheck --debug
> =====8><----
> packages/ipaserver/install/plugins/update_uniqueness.py'
> ipa         : DEBUG    importing plugin module 
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py'
> ipa         : DEBUG    importing plugin module 
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py'
> ipa.ipaserver.install.installutils: DEBUG    group dirsrv exists
> ipa.ipaserver.install.installutils: DEBUG    user dirsrv exists
> ipa.ipaserver.plugins.ldap2.ldap2: DEBUG    Created connection 
> context.ldap2_59928528
> ipa.ipapython.ipaldap.SchemaCache: DEBUG    flushing 
> ldaps://vuwunicoipam002.ods.vuw.ac.nz from SchemaCache
> ipa.ipapython.ipaldap.SchemaCache: DEBUG    retrieving schema for SchemaCache 
> url=ldaps://vuwunicoipam002.ods.vuw.ac.nz 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x39d9ef0>
> error copying files: failed to decode certificate: 
> (SEC_ERROR_LIBRARY_FAILURE) security library failure.
> ipa.ipaserver.plugins.ldap2.ldap2: DEBUG    Destroyed connection 
> context.ldap2_59928528
> ipa         : DEBUG      File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 
> 646, in run_script
>     return_value = main_function()
>   File "/sbin/ipa-replica-install", line 658, in main
>     install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)
>   File "/sbin/ipa-replica-install", line 227, in install_ca_cert
>     sys.exit(1)
> ipa         : DEBUG    The ipa-replica-install command failed, exception: 
> SystemExit: 1
> ========
> Any idea what is wrong please?

What a strange error. My initial thought was that it couldn't read or
parse the CA cert from the 3.0 master, but this security library error
is unexpected.

I might be sending you on a wild goose chase but take a look at the CA
cert in cn=CAcert,cn=ipa,cn=etc,$SUFFIX

There was a bug quite a while back where the cert value was
double-base64-encoded. I wouldn't expect this error from this problem
but who knows.


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to