On Mon, Jan 11, 2016 at 12:55:52PM +0100, Martin Kosek wrote: > On 01/11/2016 12:51 PM, Arthur Fayzullin wrote: > > Bingo!!! > > that it is!!! > > dm password contains % - symbol! > > > > I am not sure but with previous versions that have not caused any problem. > > Good :-) > > Still, it would be nice to fix Dogtag installation procedures to not parse > passwords that way. Endi, please just make sure there is a Dogtag Bugzilla > filed and in some realistic milestone as this bug's root cause is not so > obvious. > There is an existing BZ and upstream ticket:
https://bugzilla.redhat.com/show_bug.cgi?id=1283631 https://fedorahosted.org/pki/ticket/1703 > > > > Thanks a lot! > > > > 11.01.2016 16:48, Martin Kosek пишет: > >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: > >>> Good day, Colleagues! > >>> > >>> And Happy New Year! > >>> > >>> I have tried to install test stend with ipa v4.2 and 2 master-master > >>> servers. > >>> > >>> files /etc/hosts on both servers contain: > >>> 127.0.0.1 localhost localhost.localdomain localhost4 > >>> localhost4.localdomain4 > >>> ::1 localhost localhost.localdomain localhost6 > >>> localhost6.localdomain6 > >>> > >>> 10.254.1.114 radipa00.test.ckt radipa00 > >>> 10.254.1.154 radipa01.test.ckt radipa01 > >>> > >>> prepare key for replica server: > >>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 > >>> radipa01.test.ckt > >>> > >>> copy it to replica: > >>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > >>> [email protected]:/var/lib/ipa/ > >>> > >>> then on replica start installation: > >>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra > >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns > >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3 > >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > >>> > >>> and!!! I have got such error: > >>> [2/23]: configuring certificate server instance > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the > >>> installation logs and the following files/directories for more > >>> information: > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > >>> /var/log/pki-ca-install.log > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > >>> /var/log/pki/pki-tomcat > >>> [error] RuntimeError: CA configuration failed. > >>> Your system may be partly configured. > >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. > >>> > >>> log file contains this error: > >>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log > >>> 'application_version': '[APPLICATION_VERSION]'} > >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could > >>> not be parsed correctly. This might be because of unescaped '%%' > >>> characters. You must escape '%%' characters in deployment files > >>> (example - 'setting=foo%%%%bar'). > >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error > >>> ('%' must be followed by '%' or '(', found: '%') > >>> > >>> I have reproduced that error several times with cenos7 and fedora23 > >>> installations. > >>> > >>> I am really confused if I am doing something wrong or may it is > >>> something else... > >>> what it can be? > >>> ____________ > >>> Best wishes! > >> CCing Endi. There used to be an error, when DM password (used also for > >> Dogtag) > >> contained special characters, PKI installer choked on it. I could not find > >> the > >> bug number right now. > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
