subject:"Re\: \[Freeipa\-users\] ipa\-replica\-prepare error\: Profile caIPAserviceCert Not Found"

Re: [Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found

2015-12-22 Thread Fraser Tweedale

On Tue, Dec 22, 2015 at 10:06:55AM +0100, Karl Forner wrote:
> Hi Fraser,
> The ipa-replica-prepare ran in a adelton/freeipa-server:lastest-systemd
> docker, which I think is based on fedora 23 and contains freeIPA v 4.2.3.
> I can try to patch it, but I'm really not used to fedora, and moreover
> there's a debian/docker bug that prevents me from building the docker image
> on my computers.
> 
> Thanks,
> Karl
> 
OK, fair enough.  A couple of follow-up questions:

- Is the issue always reproducible or only some of the time?

- Are you running replica-prepare immediately after starting the
  container?  Does the issue still occur after waiting a while?

If you attach your /var/log/pki/pki-tomcat/ca/debug log it will help
pinpoint the cause and confirm/deny whether the existing patch will
fix it.

Cheers,
Fraser

> On Tue, Dec 22, 2015 at 2:46 AM, Fraser Tweedale 
> wrote:
> 
> > On Mon, Dec 21, 2015 at 01:57:02PM +0100, Karl Forner wrote:
> > > Hello,
> > >
> > > Running:
> > > ipa-replica-prepare ipa-h3s1.example.com --ip-address xx.xx.xx.xx -d -v
> > > fails
> > > with
> > > ipa: DEBUG: Protocol: TLS1.2
> > > ipa: DEBUG: Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> > > ipa: DEBUG: request status 200
> > > ipa: DEBUG: request reason_phrase u'OK'
> > > ipa: DEBUG: request headers {'date': 'Mon, 21 Dec 2015 12:50:59 GMT',
> > > 'content-length': '148', 'content-type': 'application/xml', 'server':
> > > 'Apache-Coyote/1.1'}
> > > ipa: DEBUG: request body ' > > standalone="no"?>1Profile
> > > caIPAserviceCert Not Found'
> > > ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG:   File
> > > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> > > execute
> > >
> > > The context is probably unusual:
> > > I run the command on a replica with CA from a server in freeipa v4.1.4
> > (in
> > > a adelton/freeipa-server docker)
> > > which is a freeipa v4.2.3  running in
> > > adelton/freeipa-server:lastest-systemd docker
> > >
> > > I found this ticket which looks similar:
> > > https://fedorahosted.org/freeipa/ticket/5376
> > >
> > > Is there something wrong with my replica knowing that it has been
> > > replicated from a 4.1.4 ?
> > > Is there a work-around ?
> > >
> > > Thanks
> > > Karl
> >
> > Hi Karl,
> >
> > I have a patch for Dogtag that I think will fix this issue.  Would
> > you be willing to test it?  If so, which version of Fedora/RHEL are
> > you using and I will prepare a build.
> >
> > Regards,
> > Fraser
> >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> >
> >

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found

2015-12-22 Thread Karl Forner

Hi Fraser,
The ipa-replica-prepare ran in a adelton/freeipa-server:lastest-systemd
docker, which I think is based on fedora 23 and contains freeIPA v 4.2.3.
I can try to patch it, but I'm really not used to fedora, and moreover
there's a debian/docker bug that prevents me from building the docker image
on my computers.

Thanks,
Karl

On Tue, Dec 22, 2015 at 2:46 AM, Fraser Tweedale 
wrote:

> On Mon, Dec 21, 2015 at 01:57:02PM +0100, Karl Forner wrote:
> > Hello,
> >
> > Running:
> > ipa-replica-prepare ipa-h3s1.example.com --ip-address xx.xx.xx.xx -d -v
> > fails
> > with
> > ipa: DEBUG: Protocol: TLS1.2
> > ipa: DEBUG: Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> > ipa: DEBUG: request status 200
> > ipa: DEBUG: request reason_phrase u'OK'
> > ipa: DEBUG: request headers {'date': 'Mon, 21 Dec 2015 12:50:59 GMT',
> > 'content-length': '148', 'content-type': 'application/xml', 'server':
> > 'Apache-Coyote/1.1'}
> > ipa: DEBUG: request body ' > standalone="no"?>1Profile
> > caIPAserviceCert Not Found'
> > ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG:   File
> > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> > execute
> >
> > The context is probably unusual:
> > I run the command on a replica with CA from a server in freeipa v4.1.4
> (in
> > a adelton/freeipa-server docker)
> > which is a freeipa v4.2.3  running in
> > adelton/freeipa-server:lastest-systemd docker
> >
> > I found this ticket which looks similar:
> > https://fedorahosted.org/freeipa/ticket/5376
> >
> > Is there something wrong with my replica knowing that it has been
> > replicated from a 4.1.4 ?
> > Is there a work-around ?
> >
> > Thanks
> > Karl
>
> Hi Karl,
>
> I have a patch for Dogtag that I think will fix this issue.  Would
> you be willing to test it?  If so, which version of Fedora/RHEL are
> you using and I will prepare a build.
>
> Regards,
> Fraser
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found

2015-12-21 Thread Fraser Tweedale

On Mon, Dec 21, 2015 at 01:57:02PM +0100, Karl Forner wrote:
> Hello,
> 
> Running:
> ipa-replica-prepare ipa-h3s1.example.com --ip-address xx.xx.xx.xx -d -v
> fails
> with
> ipa: DEBUG: Protocol: TLS1.2
> ipa: DEBUG: Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> ipa: DEBUG: request status 200
> ipa: DEBUG: request reason_phrase u'OK'
> ipa: DEBUG: request headers {'date': 'Mon, 21 Dec 2015 12:50:59 GMT',
> 'content-length': '148', 'content-type': 'application/xml', 'server':
> 'Apache-Coyote/1.1'}
> ipa: DEBUG: request body ' standalone="no"?>1Profile
> caIPAserviceCert Not Found'
> ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG:   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
> 
> The context is probably unusual:
> I run the command on a replica with CA from a server in freeipa v4.1.4 (in
> a adelton/freeipa-server docker)
> which is a freeipa v4.2.3  running in
> adelton/freeipa-server:lastest-systemd docker
> 
> I found this ticket which looks similar:
> https://fedorahosted.org/freeipa/ticket/5376
> 
> Is there something wrong with my replica knowing that it has been
> replicated from a 4.1.4 ?
> Is there a work-around ?
> 
> Thanks
> Karl

Hi Karl,

I have a patch for Dogtag that I think will fix this issue.  Would
you be willing to test it?  If so, which version of Fedora/RHEL are
you using and I will prepare a build.

Regards,
Fraser

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found

Re: [Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found

Re: [Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found

3 matches

Site Navigation

Mail list logo

Footer information