freeipa

Clone
Source Code
GIT

#6573 CA-less replica installation fails due to attempted cert issuance
Closed: Fixed None Opened 7 years ago by ftweedal.

Closed: Fixed
Reopen Issue

When installing replica in CA-less topology, installation fails due to
an attempt to issue a certificate for the HTTP server.

Example command:

ipa-replica-install --admin-password 4me2Test --unattended \
  --http-cert-file ~ftweedal/nssdb/ca1/replica.p12 --http-pin 4me2Test \
  --dirsrv-cert-file ~ftweedal/nssdb/ca1/replica.p12 --dirsrv-pin 4me2Test

Traceback:

2016-12-19T12:17:47Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 334, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 328, in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 352, in execute
    for _nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 423, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 384, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 381, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 618, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 423, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 481, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 478, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 384, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 381, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
    for _nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 594, in main
    replica_install(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 390, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1345, in install
    config.subject_base)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 84, in install_http_certs
    db.request_service_cert('Server-Cert', principal, host_name, True)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 660, in request_service_cert
    passwd_fname=self.passwd_fname)
  File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 316, in request_and_wait_for_cert
    raise RuntimeError("Certificate issuance failed ({})".format(state))

2016-12-19T12:17:47Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
2016-12-19T12:17:47Z ERROR Certificate issuance failed (CA_UNREACHABLE)
2016-12-19T12:17:47Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

master:

  • 4028ad7 Fix DL1 replica installation in CA-less topology

Metadata Update from @ftweedal:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.5
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
None
None
defect
None
None
Installation
None
https://github.com/freeipa/freeipa/pull/354
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.