freeipa

Clone
Source Code
GIT

#6433 Refactor installer code requesting certificates
Closed: Fixed None Opened 7 years ago by frenaud.

Closed: Fixed
Reopen Issue

Currently FreeIPA installer is using inconsistent methods to request the certificates for the Renewal agent, LDAP and HTTP services.
The goal is to use certmonger for all certificate requests.

master:

  • 7462ade Use autobind instead of host keytab authentication in dogtag-ipa-ca-renew-agent
  • 808b143 Refactor installer code requesting certificates

master:

  • 198cd5f Fix renewal lock issues on installation

I still encounter certmonger timeouts during master installation.

How to reproduce

  1. Install master
  2. Uninstall it
  3. Install again with the same options

  4. Enjoy the timeout message:

    ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR request timed out
    ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

installation log is attached

master:

  • 9e3c17c Increase the timeout waiting for certificate issuance in installer

Metadata Update from @frenaud:
- Issue assigned to frenaud
- Issue set to the milestone: FreeIPA 4.5
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Installation
None
https://github.com/freeipa/freeipa/pull/219, https://github.com/freeipa/freeipa/pull/229
None
None
jcholast, ftweedal
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.