#6541 ipa-replica-install fails to import DS cert from replica file
Closed: Fixed None Opened 7 years ago by mbabinsk.

When running ipa-replica-install using RPMS built from recent master branch using valid replica file (checked by reverting to 4.4.2 and installing replica successfully), the command fails:

# ipa-replica-install --setup-ca /shared/replica-info-replica1.ipa.test.gpg -p Secret123 -w Secret123
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd

ipa         : ERROR    unknown error import pkcs#12 file /tmp/tmpqyIO8Fipa/realm_info/dscert.p12
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    Server cert is not valid. Please run ipa-replica-prepare to create a new replica file.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

In /var/log/ipareplica-install.log, the following errors is being seen:

2016-12-07T16:38:12Z DEBUG Starting external process
2016-12-07T16:38:12Z DEBUG args=/usr/bin/pk12util -d /tmp/tmpZ9j3Rqipa -i /tmp/tmpqyIO8Fipa/realm_info/dscert.p12 -k /tmp/tmpZ9j3Rqipa/pwdfile.txt -v -w /tmp/tmpV37XJo
2016-12-07T16:38:12Z DEBUG Process finished, return code=1
2016-12-07T16:38:12Z DEBUG stdout=
2016-12-07T16:38:12Z DEBUG stderr=password file contains no data

2016-12-07T16:38:12Z ERROR unknown error import pkcs#12 file /tmp/tmpqyIO8Fipa/realm_info/dscert.p12
2016-12-07T16:38:12Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 334, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 326, in run
    self.validate()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 335, in validate
    for _nothing in self._validator():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in _handle_validate_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 384, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 381, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 596, in _configure
    next(validator)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in _handle_validate_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 481, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 478, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 384, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 381, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
    for _nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 600, in main
    replica_install_check(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 388, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 410, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 727, in install_check
    "Server cert is not valid. Please run ipa-replica-prepare to "

2016-12-07T16:38:12Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Server cert is not valid. Please run ipa-replica-prepare to create a new replica file.
2016-12-07T16:38:12Z ERROR Server cert is not valid. Please run ipa-replica-prepare to create a new replica file.
2016-12-07T16:38:12Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

This seems to be a regression introduced during refactoring sprint, as FreeIPA 4.4.2 works correctly in this case.


master:

  • a35f518 certdb: fix PKCS#12 import with empty password

Metadata Update from @mbabinsk:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Login to comment on this ticket.

Metadata