Hello list,

I'm currently attempting to add a second CA server to our IPA cluster (all
servers Centos 7.2 with IPA 4.2.0). However, it is failing no matter how I
try to setup the CA (ipa-replica-install with --setup-ca or
ipa-replica-install followed by ipa-ca-install). The only useful thing in
the logs is an error about a missing key for "trust_flags" in the pki
setup. Our infrastructure uses FreeIPA with an external CA.

Any ideas/help would be greatly appreciated. Here are the logs snips from
my most recent attempt:

Command output snip from "ipa-replica-install
/root/replica-info-auth-002.XXX.gpg --setup-ca"
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
  [1/24]: creating certificate server user
  [2/24]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure
CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpYofMPt''
returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    CA configuration
failed


Log snip from ipareplica-install.log:

2016-09-20T23:42:27Z DEBUG Starting external process
2016-09-20T23:42:27Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpYofMPt'
2016-09-20T23:42:31Z DEBUG Process finished, return code=1
2016-09-20T23:42:31Z DEBUG stdout=Log file:
/var/log/pki/pki-ca-spawn.20160920234227.log
Loading deployment configuration from /tmp/tmpYofMPt.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.

Installation failed.


2016-09-20T23:42:31Z DEBUG
stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
Traceback (most recent call last):
  File "/bin/pki", line 254, in <module>
    cli.execute(sys.argv)
  File "/bin/pki", line 240, in execute
    module.execute(module_args)
  File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 195, in
execute
    module.execute(module_args)
  File "/usr/lib/python2.7/site-packages/pki/cli/pkcs12.py", line 222, in
execute
    trust_flags = cert_info['trust_flags']
KeyError: 'trust_flags'


-- 
Korey
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to