Re: [Freeipa-users] error while installin ipa-replica with ca
On Mon, Jan 11, 2016 at 12:55:52PM +0100, Martin Kosek wrote:
> On 01/11/2016 12:51 PM, Arthur Fayzullin wrote:
> > Bingo!!!
> > that it is!!!
> > dm password contains % - symbol!
> >
> > I am not sure but with previous versions that have not caused any problem.
>
> Good :-)
>
> Still, it would be nice to fix Dogtag installation procedures to not parse
> passwords that way. Endi, please just make sure there is a Dogtag Bugzilla
> filed and in some realistic milestone as this bug's root cause is not so
> obvious.
>
There is an existing BZ and upstream ticket:
https://bugzilla.redhat.com/show_bug.cgi?id=1283631
https://fedorahosted.org/pki/ticket/1703
> >
> > Thanks a lot!
> >
> > 11.01.2016 16:48, Martin Kosek пишет:
> >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
> >>> Good day, Colleagues!
> >>>
> >>> And Happy New Year!
> >>>
> >>> I have tried to install test stend with ipa v4.2 and 2 master-master
> >>> servers.
> >>>
> >>> files /etc/hosts on both servers contain:
> >>> 127.0.0.1 localhost localhost.localdomain localhost4
> >>> localhost4.localdomain4
> >>> ::1 localhost localhost.localdomain localhost6
> >>> localhost6.localdomain6
> >>>
> >>> 10.254.1.114 radipa00.test.ckt radipa00
> >>> 10.254.1.154 radipa01.test.ckt radipa01
> >>>
> >>> prepare key for replica server:
> >>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
> >>> radipa01.test.ckt
> >>>
> >>> copy it to replica:
> >>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
> >>> r...@radipa01.test.ckt:/var/lib/ipa/
> >>>
> >>> then on replica start installation:
> >>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
> >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
> >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3
> >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
> >>>
> >>> and!!! I have got such error:
> >>> [2/23]: configuring certificate server instance
> >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
> >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
> >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
> >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
> >>> installation logs and the following files/directories for more
> >>> information:
> >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
> >>> /var/log/pki-ca-install.log
> >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
> >>> /var/log/pki/pki-tomcat
> >>> [error] RuntimeError: CA configuration failed.
> >>> Your system may be partly configured.
> >>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >>>
> >>> log file contains this error:
> >>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log
> >>> 'application_version': '[APPLICATION_VERSION]'}
> >>> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could
> >>> not be parsed correctly. This might be because of unescaped '%%'
> >>> characters. You must escape '%%' characters in deployment files
> >>> (example - 'setting=foobar').
> >>> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error
> >>> ('%' must be followed by '%' or '(', found: '%')
> >>>
> >>> I have reproduced that error several times with cenos7 and fedora23
> >>> installations.
> >>>
> >>> I am really confused if I am doing something wrong or may it is
> >>> something else...
> >>> what it can be?
> >>>
> >>> Best wishes!
> >> CCing Endi. There used to be an error, when DM password (used also for
> >> Dogtag)
> >> contained special characters, PKI installer choked on it. I could not find
> >> the
> >> bug number right now.
> >
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] error while installin ipa-replica with ca
On 01/11/2016 12:51 PM, Arthur Fayzullin wrote:
> Bingo!!!
> that it is!!!
> dm password contains % - symbol!
>
> I am not sure but with previous versions that have not caused any problem.
Good :-)
Still, it would be nice to fix Dogtag installation procedures to not parse
passwords that way. Endi, please just make sure there is a Dogtag Bugzilla
filed and in some realistic milestone as this bug's root cause is not so
obvious.
>
> Thanks a lot!
>
> 11.01.2016 16:48, Martin Kosek пишет:
>> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
>>> Good day, Colleagues!
>>>
>>> And Happy New Year!
>>>
>>> I have tried to install test stend with ipa v4.2 and 2 master-master
>>> servers.
>>>
>>> files /etc/hosts on both servers contain:
>>> 127.0.0.1 localhost localhost.localdomain localhost4
>>> localhost4.localdomain4
>>> ::1 localhost localhost.localdomain localhost6
>>> localhost6.localdomain6
>>>
>>> 10.254.1.114 radipa00.test.ckt radipa00
>>> 10.254.1.154 radipa01.test.ckt radipa01
>>>
>>> prepare key for replica server:
>>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
>>> radipa01.test.ckt
>>>
>>> copy it to replica:
>>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>>> r...@radipa01.test.ckt:/var/lib/ipa/
>>>
>>> then on replica start installation:
>>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
>>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
>>> --forwarder=77.88.8.7 --forwarder=77.88.8.3
>>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>>>
>>> and!!! I have got such error:
>>> [2/23]: configuring certificate server instance
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
>>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
>>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
>>> installation logs and the following files/directories for more information:
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
>>> /var/log/pki-ca-install.log
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
>>> /var/log/pki/pki-tomcat
>>> [error] RuntimeError: CA configuration failed.
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> log file contains this error:
>>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log
>>> 'application_version': '[APPLICATION_VERSION]'}
>>> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could
>>> not be parsed correctly. This might be because of unescaped '%%'
>>> characters. You must escape '%%' characters in deployment files
>>> (example - 'setting=foobar').
>>> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error
>>> ('%' must be followed by '%' or '(', found: '%')
>>>
>>> I have reproduced that error several times with cenos7 and fedora23
>>> installations.
>>>
>>> I am really confused if I am doing something wrong or may it is
>>> something else...
>>> what it can be?
>>>
>>> Best wishes!
>> CCing Endi. There used to be an error, when DM password (used also for
>> Dogtag)
>> contained special characters, PKI installer choked on it. I could not find
>> the
>> bug number right now.
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] error while installin ipa-replica with ca
Bingo!!!
that it is!!!
dm password contains % - symbol!
I am not sure but with previous versions that have not caused any problem.
Thanks a lot!
11.01.2016 16:48, Martin Kosek пишет:
> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
>> Good day, Colleagues!
>>
>> And Happy New Year!
>>
>> I have tried to install test stend with ipa v4.2 and 2 master-master
>> servers.
>>
>> files /etc/hosts on both servers contain:
>> 127.0.0.1 localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1 localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>>
>> 10.254.1.114 radipa00.test.ckt radipa00
>> 10.254.1.154 radipa01.test.ckt radipa01
>>
>> prepare key for replica server:
>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
>> radipa01.test.ckt
>>
>> copy it to replica:
>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>> r...@radipa01.test.ckt:/var/lib/ipa/
>>
>> then on replica start installation:
>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
>> --forwarder=77.88.8.7 --forwarder=77.88.8.3
>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>>
>> and!!! I have got such error:
>> [2/23]: configuring certificate server instance
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
>> installation logs and the following files/directories for more information:
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
>> /var/log/pki-ca-install.log
>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
>> /var/log/pki/pki-tomcat
>> [error] RuntimeError: CA configuration failed.
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> log file contains this error:
>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log
>> 'application_version': '[APPLICATION_VERSION]'}
>> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could
>> not be parsed correctly. This might be because of unescaped '%%'
>> characters. You must escape '%%' characters in deployment files
>> (example - 'setting=foobar').
>> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error
>> ('%' must be followed by '%' or '(', found: '%')
>>
>> I have reproduced that error several times with cenos7 and fedora23
>> installations.
>>
>> I am really confused if I am doing something wrong or may it is
>> something else...
>> what it can be?
>>
>> Best wishes!
> CCing Endi. There used to be an error, when DM password (used also for Dogtag)
> contained special characters, PKI installer choked on it. I could not find the
> bug number right now.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] error while installin ipa-replica with ca
On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
> Good day, Colleagues!
>
> And Happy New Year!
>
> I have tried to install test stend with ipa v4.2 and 2 master-master
> servers.
>
> files /etc/hosts on both servers contain:
> 127.0.0.1 localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6
> localhost6.localdomain6
>
> 10.254.1.114 radipa00.test.ckt radipa00
> 10.254.1.154 radipa01.test.ckt radipa01
>
> prepare key for replica server:
> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
> radipa01.test.ckt
>
> copy it to replica:
> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
> r...@radipa01.test.ckt:/var/lib/ipa/
>
> then on replica start installation:
> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
> --forwarder=77.88.8.7 --forwarder=77.88.8.3
> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>
> and!!! I have got such error:
> [2/23]: configuring certificate server instance
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
> installation logs and the following files/directories for more information:
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
> /var/log/pki-ca-install.log
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
> /var/log/pki/pki-tomcat
> [error] RuntimeError: CA configuration failed.
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> log file contains this error:
> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log
> 'application_version': '[APPLICATION_VERSION]'}
> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could
> not be parsed correctly. This might be because of unescaped '%%'
> characters. You must escape '%%' characters in deployment files
> (example - 'setting=foobar').
> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error
> ('%' must be followed by '%' or '(', found: '%')
>
> I have reproduced that error several times with cenos7 and fedora23
> installations.
>
> I am really confused if I am doing something wrong or may it is
> something else...
> what it can be?
>
> Best wishes!
CCing Endi. There used to be an error, when DM password (used also for Dogtag)
contained special characters, PKI installer choked on it. I could not find the
bug number right now.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
