All related installers refactoring tickets should be blockers of this ticket.
Related ticket: #6393
Related ticket: #6413
master:
There seems to be a regression: ipa-replica-install tries to install a CA if there is a CA in the topology, even if --setup-ca is not provided.
ipa-replica-install
--setup-ca
Seems to have occurred in 822e1bc, where instances of if config.setup_ca: were replaced with if ca_enabled:.
if config.setup_ca:
if ca_enabled:
Fraser can you provide steps to reproduce? I haven't been able to reproduce it:
My steps:
[master ~]# ipa-server-install # with CA [replica ~]# ipa-client-install --server <server> --domain <domain> [replica ~]# ipa-replica-install [replica ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING ipa_memcached Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING ipa-otpd Service: RUNNING ipa: INFO: The ipactl command was successful
There is a regression related to ipa-replica-install. The RA agent certificate is not tracked any more, while it used to be on all replicas in ca-full installation (whether the replica was running a CA or not).
getcert list -n ipaCert
does not output anything.
It seems that commit 822e1bc is responsible for this issue.
There is a regression with ipa-server-install --external-ca:
[...] [48/48]: configuring directory to start on boot Done configuring directory server (dirsrv). ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR 'dm_password' ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
The exception is:
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 774, in install write_cache(cache_vars) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 148, in write_cache options['dm_password'], top_dir) 2016-11-14T17:40:02Z DEBUG The ipa-server-install command failed, exception: KeyError: 'dm_password' 2016-11-14T17:40:02Z ERROR 'dm_password' 2016-11-14T17:40:02Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
mbasti: I can't repro either. Maybe I had some local changes that broke it... ¯_(ツ)_/¯
regression fix: master:
KRA agent PEM file is no longer present after ipa-server-install in /etc/httpd/alias/ caused by 822e1bc.
Has a PR: github#356
KRA agent PEM file is no longer present after ipa-replica-install in /etc/httpd/alias/
Metadata Update from @mbasti: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @mbasti: - Issue close_status updated to: None
Metadata Update from @jcholast: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.