Re: [Freeipa-users] error while installin ipa-replica with ca
On Mon, Jan 11, 2016 at 12:55:52PM +0100, Martin Kosek wrote: > On 01/11/2016 12:51 PM, Arthur Fayzullin wrote: > > Bingo!!! > > that it is!!! > > dm password contains % - symbol! > > > > I am not sure but with previous versions that have not caused any problem. > > Good :-) > > Still, it would be nice to fix Dogtag installation procedures to not parse > passwords that way. Endi, please just make sure there is a Dogtag Bugzilla > filed and in some realistic milestone as this bug's root cause is not so > obvious. > There is an existing BZ and upstream ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1283631 https://fedorahosted.org/pki/ticket/1703 > > > > Thanks a lot! > > > > 11.01.2016 16:48, Martin Kosek пишет: > >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: > >>> Good day, Colleagues! > >>> > >>> And Happy New Year! > >>> > >>> I have tried to install test stend with ipa v4.2 and 2 master-master > >>> servers. > >>> > >>> files /etc/hosts on both servers contain: > >>> 127.0.0.1 localhost localhost.localdomain localhost4 > >>> localhost4.localdomain4 > >>> ::1 localhost localhost.localdomain localhost6 > >>> localhost6.localdomain6 > >>> > >>> 10.254.1.114 radipa00.test.ckt radipa00 > >>> 10.254.1.154 radipa01.test.ckt radipa01 > >>> > >>> prepare key for replica server: > >>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 > >>> radipa01.test.ckt > >>> > >>> copy it to replica: > >>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > >>> r...@radipa01.test.ckt:/var/lib/ipa/ > >>> > >>> then on replica start installation: > >>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra > >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns > >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3 > >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > >>> > >>> and!!! I have got such error: > >>> [2/23]: configuring certificate server instance > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the > >>> installation logs and the following files/directories for more > >>> information: > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > >>> /var/log/pki-ca-install.log > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > >>> /var/log/pki/pki-tomcat > >>> [error] RuntimeError: CA configuration failed. > >>> Your system may be partly configured. > >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. > >>> > >>> log file contains this error: > >>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log > >>> 'application_version': '[APPLICATION_VERSION]'} > >>> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could > >>> not be parsed correctly. This might be because of unescaped '%%' > >>> characters. You must escape '%%' characters in deployment files > >>> (example - 'setting=foobar'). > >>> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error > >>> ('%' must be followed by '%' or '(', found: '%') > >>> > >>> I have reproduced that error several times with cenos7 and fedora23 > >>> installations. > >>> > >>> I am really confused if I am doing something wrong or may it is > >>> something else... > >>> what it can be? > >>> > >>> Best wishes! > >> CCing Endi. There used to be an error, when DM password (used also for > >> Dogtag) > >> contained special characters, PKI installer choked on it. I could not find > >> the > >> bug number right now. > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] error while installin ipa-replica with ca
On 01/11/2016 12:51 PM, Arthur Fayzullin wrote: > Bingo!!! > that it is!!! > dm password contains % - symbol! > > I am not sure but with previous versions that have not caused any problem. Good :-) Still, it would be nice to fix Dogtag installation procedures to not parse passwords that way. Endi, please just make sure there is a Dogtag Bugzilla filed and in some realistic milestone as this bug's root cause is not so obvious. > > Thanks a lot! > > 11.01.2016 16:48, Martin Kosek пишет: >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: >>> Good day, Colleagues! >>> >>> And Happy New Year! >>> >>> I have tried to install test stend with ipa v4.2 and 2 master-master >>> servers. >>> >>> files /etc/hosts on both servers contain: >>> 127.0.0.1 localhost localhost.localdomain localhost4 >>> localhost4.localdomain4 >>> ::1 localhost localhost.localdomain localhost6 >>> localhost6.localdomain6 >>> >>> 10.254.1.114 radipa00.test.ckt radipa00 >>> 10.254.1.154 radipa01.test.ckt radipa01 >>> >>> prepare key for replica server: >>> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 >>> radipa01.test.ckt >>> >>> copy it to replica: >>> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >>> r...@radipa01.test.ckt:/var/lib/ipa/ >>> >>> then on replica start installation: >>> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3 >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >>> >>> and!!! I have got such error: >>> [2/23]: configuring certificate server instance >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the >>> installation logs and the following files/directories for more information: >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >>> /var/log/pki-ca-install.log >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >>> /var/log/pki/pki-tomcat >>> [error] RuntimeError: CA configuration failed. >>> Your system may be partly configured. >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>> >>> log file contains this error: >>> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log >>> 'application_version': '[APPLICATION_VERSION]'} >>> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could >>> not be parsed correctly. This might be because of unescaped '%%' >>> characters. You must escape '%%' characters in deployment files >>> (example - 'setting=foobar'). >>> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error >>> ('%' must be followed by '%' or '(', found: '%') >>> >>> I have reproduced that error several times with cenos7 and fedora23 >>> installations. >>> >>> I am really confused if I am doing something wrong or may it is >>> something else... >>> what it can be? >>> >>> Best wishes! >> CCing Endi. There used to be an error, when DM password (used also for >> Dogtag) >> contained special characters, PKI installer choked on it. I could not find >> the >> bug number right now. > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] error while installin ipa-replica with ca
Bingo!!! that it is!!! dm password contains % - symbol! I am not sure but with previous versions that have not caused any problem. Thanks a lot! 11.01.2016 16:48, Martin Kosek пишет: > On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: >> Good day, Colleagues! >> >> And Happy New Year! >> >> I have tried to install test stend with ipa v4.2 and 2 master-master >> servers. >> >> files /etc/hosts on both servers contain: >> 127.0.0.1 localhost localhost.localdomain localhost4 >> localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 >> localhost6.localdomain6 >> >> 10.254.1.114 radipa00.test.ckt radipa00 >> 10.254.1.154 radipa01.test.ckt radipa01 >> >> prepare key for replica server: >> [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 >> radipa01.test.ckt >> >> copy it to replica: >> [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >> r...@radipa01.test.ckt:/var/lib/ipa/ >> >> then on replica start installation: >> [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra >> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns >> --forwarder=77.88.8.7 --forwarder=77.88.8.3 >> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >> >> and!!! I have got such error: >> [2/23]: configuring certificate server instance >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to >> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' >> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the >> installation logs and the following files/directories for more information: >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >> /var/log/pki-ca-install.log >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >> /var/log/pki/pki-tomcat >> [error] RuntimeError: CA configuration failed. >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> log file contains this error: >> [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log >> 'application_version': '[APPLICATION_VERSION]'} >> 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could >> not be parsed correctly. This might be because of unescaped '%%' >> characters. You must escape '%%' characters in deployment files >> (example - 'setting=foobar'). >> 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error >> ('%' must be followed by '%' or '(', found: '%') >> >> I have reproduced that error several times with cenos7 and fedora23 >> installations. >> >> I am really confused if I am doing something wrong or may it is >> something else... >> what it can be? >> >> Best wishes! > CCing Endi. There used to be an error, when DM password (used also for Dogtag) > contained special characters, PKI installer choked on it. I could not find the > bug number right now. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] error while installin ipa-replica with ca
On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: > Good day, Colleagues! > > And Happy New Year! > > I have tried to install test stend with ipa v4.2 and 2 master-master > servers. > > files /etc/hosts on both servers contain: > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 > > 10.254.1.114 radipa00.test.ckt radipa00 > 10.254.1.154 radipa01.test.ckt radipa01 > > prepare key for replica server: > [root@radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 > radipa01.test.ckt > > copy it to replica: > [root@radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > r...@radipa01.test.ckt:/var/lib/ipa/ > > then on replica start installation: > [root@radipa01 ~]# ipa-replica-install --setup-ca --setup-kra > --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns > --forwarder=77.88.8.7 --forwarder=77.88.8.3 > /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > > and!!! I have got such error: > [2/23]: configuring certificate server instance > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > '/tmp/tmpvgc4S6'' returned non-zero exit status 1 > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the > installation logs and the following files/directories for more information: > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > /var/log/pki-ca-install.log > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > /var/log/pki/pki-tomcat > [error] RuntimeError: CA configuration failed. > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > log file contains this error: > [root@radipa01 ~]# less /var/log/pki/pki-ca-spawn.2016050634.log > 'application_version': '[APPLICATION_VERSION]'} > 2016-01-11 15:06:34 pkispawn: ERROR... Deployment file could > not be parsed correctly. This might be because of unescaped '%%' > characters. You must escape '%%' characters in deployment files > (example - 'setting=foobar'). > 2016-01-11 15:06:34 pkispawn: ERROR... Interpolation error > ('%' must be followed by '%' or '(', found: '%') > > I have reproduced that error several times with cenos7 and fedora23 > installations. > > I am really confused if I am doing something wrong or may it is > something else... > what it can be? > > Best wishes! CCing Endi. There used to be an error, when DM password (used also for Dogtag) contained special characters, PKI installer choked on it. I could not find the bug number right now. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project