On 01/11/2016 12:51 PM, Arthur Fayzullin wrote: > Bingo!!! > that it is!!! > dm password contains % - symbol! > > I am not sure but with previous versions that have not caused any problem.
Good :-) Still, it would be nice to fix Dogtag installation procedures to not parse passwords that way. Endi, please just make sure there is a Dogtag Bugzilla filed and in some realistic milestone as this bug's root cause is not so obvious. > > Thanks a lot! > > 11.01.2016 16:48, Martin Kosek пишет: >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: >>> Good day, Colleagues! >>> >>> And Happy New Year! >>> >>> I have tried to install test stend with ipa v4.2 and 2 master-master >>> servers. >>> >>> files /etc/hosts on both servers contain: >>> 127.0.0.1 localhost localhost.localdomain localhost4 >>> localhost4.localdomain4 >>> ::1 localhost localhost.localdomain localhost6 >>> localhost6.localdomain6 >>> >>> 10.254.1.114 radipa00.test.ckt radipa00 >>> 10.254.1.154 radipa01.test.ckt radipa01 >>> >>> prepare key for replica server: >>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 >>> radipa01.test.ckt >>> >>> copy it to replica: >>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >>> [email protected]:/var/lib/ipa/ >>> >>> then on replica start installation: >>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3 >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >>> >>> and!!! I have got such error: >>> [2/23]: configuring certificate server instance >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the >>> installation logs and the following files/directories for more information: >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >>> /var/log/pki-ca-install.log >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >>> /var/log/pki/pki-tomcat >>> [error] RuntimeError: CA configuration failed. >>> Your system may be partly configured. >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>> >>> log file contains this error: >>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log >>> 'application_version': '[APPLICATION_VERSION]'} >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could >>> not be parsed correctly. This might be because of unescaped '%%' >>> characters. You must escape '%%' characters in deployment files >>> (example - 'setting=foo%%%%bar'). >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error >>> ('%' must be followed by '%' or '(', found: '%') >>> >>> I have reproduced that error several times with cenos7 and fedora23 >>> installations. >>> >>> I am really confused if I am doing something wrong or may it is >>> something else... >>> what it can be? >>> ____________ >>> Best wishes! >> CCing Endi. There used to be an error, when DM password (used also for >> Dogtag) >> contained special characters, PKI installer choked on it. I could not find >> the >> bug number right now. > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
