https://bugzilla.redhat.com/show_bug.cgi?id=717494
When running ipa-replica-install, it will fail at the following step:
Configuring the web interface: Estimated time 1 minute [1/11]: disabling mod_ssl in httpd [2/11]: setting mod_nss port to 443 [3/11]: setting mod_nss password file [4/11]: adding URL rewriting rules [5/11]: configuring httpd [6/11]: setting up ssl [7/11]: publish CA cert [8/11]: creating a keytab for httpd [9/11]: configuring SELinux for httpd [10/11]: restarting httpd creation of replica failed: Command '/sbin/service httpd restart ' returned non-zero exit status 1
Looking in /var/log/httpd/error_log shows:
[Tue Jun 28 14:50:35 2011] [error] Certificate not found: 'Server-Cert'
This seems to be because the password file (/etc/httpd/conf/password.conf) for the certificate db is empty.
Every time (for my install at least)
Steps to Reproduce: - ipa-replica-prepare ipareplica.example.com - scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root@ipareplica:/var/lib/ipa/ - ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg
Additional info:
It can be fixed by changing line 300 of ipaserver/install/certs.py from:
if passwd is not None:
to:
if passwd is not None and passwd is not "":
This will force create_passwd_file to generate a password if its blank. The source of the problem could also be create_from_cacert(), since its definition makes the passwd default to * instead of None like all others.
The attached patch file should apply the fix.
attachment freeipa-rcrit-829-dbpasswd.patch
master: d43ba53
ipa-2-0: 5fab457
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.