Bingo!!! that it is!!! dm password contains % - symbol! I am not sure but with previous versions that have not caused any problem.
Thanks a lot! 11.01.2016 16:48, Martin Kosek пишет: > On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: >> Good day, Colleagues! >> >> And Happy New Year! >> >> I have tried to install test stend with ipa v4.2 and 2 master-master >> servers. >> >> files /etc/hosts on both servers contain: >> 127.0.0.1 localhost localhost.localdomain localhost4 >> localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 >> localhost6.localdomain6 >> >> 10.254.1.114 radipa00.test.ckt radipa00 >> 10.254.1.154 radipa01.test.ckt radipa01 >> >> prepare key for replica server: >> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 >> radipa01.test.ckt >> >> copy it to replica: >> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >> r...@radipa01.test.ckt:/var/lib/ipa/ >> >> then on replica start installation: >> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra >> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns >> --forwarder=77.88.8.7 --forwarder=77.88.8.3 >> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >> >> and!!! I have got such error: >> [2/23]: configuring certificate server instance >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to >> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' >> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the >> installation logs and the following files/directories for more information: >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >> /var/log/pki-ca-install.log >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >> /var/log/pki/pki-tomcat >> [error] RuntimeError: CA configuration failed. >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> log file contains this error: >> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log >> 'application_version': '[APPLICATION_VERSION]'} >> 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could >> not be parsed correctly. This might be because of unescaped '%%' >> characters. You must escape '%%' characters in deployment files >> (example - 'setting=foo%%%%bar'). >> 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error >> ('%' must be followed by '%' or '(', found: '%') >> >> I have reproduced that error several times with cenos7 and fedora23 >> installations. >> >> I am really confused if I am doing something wrong or may it is >> something else... >> what it can be? >> ____________ >> Best wishes! > CCing Endi. There used to be an error, when DM password (used also for Dogtag) > contained special characters, PKI installer choked on it. I could not find the > bug number right now. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project