Description of problem:

Running ipa-replica-prepare to setup a gpg package file for IPA fails with a
gpg error:

[root@rhel7-1 quickinstall]# ipa-replica-prepare -p PASSWORD
--ip-address=192.168.122.72 rhel7-2.testrelm.com
Preparing replica for rhel7-2.testrelm.com from rhel7-1.testrelm.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Saving dogtag Directory Server port
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into
/var/lib/ipa/replica-info-rhel7-2.testrelm.com.gpg
Command '/usr/bin/gpg --batch --homedir /tmp/tmpjpuyvfipa/ipa-YIoufT/.gnupg
--passphrase-fd 0 --yes --no-tty -o
/var/lib/ipa/replica-info-rhel7-2.testrelm.com.gpg -c
/var/lib/ipa/replica-info-rhel7-2.testrelm.com' returned non-zero exit status 2

Version-Release number of selected component (if applicable):
[root@rhel7-1 ~]# rpm -q ipa-server gnupg2
ipa-server-3.2.1-1.el7.x86_64
gnupg2-2.0.20-1.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1.  Setup RHEL7 IPA master server (with --setup-dns in my tests)
2.  ipa-replica-prepare -p <password> --ip-address=<ip_of_replica>
<hostname_of_replica>


Actual results:
Fails with GPG error listed above.


Expected results:
Finishes and adds DNS entries to IPA

Additional info:
I re-ran with --debug and in the output I see more info:

ipa: DEBUG: args=/usr/bin/gpg --batch --homedir
/tmp/tmp44UQJjipa/ipa-_y0LHZ/.gnupg --passphrase-fd 0 --y
es --no-tty -o /var/lib/ipa/replica-info-rhel7-2.testrelm.com.gpg -c
/var/lib/ipa/replica-info-rhel7-2.te
strelm.com
ipa: DEBUG: Process finished, return code=2
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=gpg: WARNING: unsafe permissions on homedir
`/tmp/tmp44UQJjipa/ipa-_y0LHZ/.gnupg'
gpg: keyring `/tmp/tmp44UQJjipa/ipa-_y0LHZ/.gnupg/pubring.gpg' created
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running