#2074 ipa-server-install --hostname fails at step configuring certificate server instance
Closed: Fixed None Opened 12 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=751597

Description of problem:
I start with machine, whose hostname is ipa-replica.testrelm, with ip
10.16.19.135
# ipa-server-install --setup-dns --forwarder=10.14.63.12 --hostname
ipaserver.testrelm -r TESTRELM -n testrelm -p Secret123 -P Secret123 -a
Secret123 --ip-address 10.16.19.135

This fails with:
  [3/17]: configuring certificate server instance
CRITICAL:root:failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ipaserver.testrelm' '-cs_port'
'9445' '-client_certdb_dir' '/tmp/tmp-Ychuf6' '-client_certdb_pwd' XXXXXXXX
'-preop_pin' 'AIYjmiNBjk4DZ4G18R6C' '-domain_name' 'IPA' '-admin_user' 'admin'
'-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name'
'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa'
'-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM' '-ldap_host'
'ipaserver.testrelm' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager'
'-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size'
'2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true'
'-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal'
'-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM'
'-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM'
'-ca_server_cert_subject_name' 'CN=ipaserver.testrelm,O=TESTRELM'
'-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM'
'-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM' '-external'
'false' '-clone' 'false'' returned non-zero exit status 255
root        : CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ipaserver.testrelm' '-cs_port'
'9445' '-client_certdb_dir' '/tmp/tmp-Ychuf6' '-client_certdb_pwd' XXXXXXXX
'-preop_pin' 'AIYjmiNBjk4DZ4G18R6C' '-domain_name' 'IPA' '-admin_user' 'admin'
'-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name'
'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa'
'-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM' '-ldap_host'
'ipaserver.testrelm' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager'
'-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size'
'2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true'
'-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal'
'-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM'
'-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM'
'-ca_server_cert_subject_name' 'CN=ipaserver.testrelm,O=TESTRELM'
'-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM'
'-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM' '-external'
'false' '-clone' 'false'' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
 Configuration of CA failed


Version-Release number of selected component (if applicable):
ipa-server-2.1.3-8.el6.x86_64
bind-dyndb-ldap-0.2.0-7.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.use ipa-server-install with a different hostname than the current hostname
as indicated above


Actual results:
error as indicated above

Expected results:
install to be successful

Additional info:

Env before install:
# hostname
ipa-replica.testrelm

# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
#10.16.19.135  ipa-replica.testrelm ipa-replica

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ipa-replica.testrelm

# cat /etc/resolv.conf
# Generated by NetworkManager
domain bos.redhat.com
search bos.redhat.com redhat.com testrelm
nameserver 10.16.255.2
nameserver 10.16.255.3
nameserver 10.11.255.155


Env after install:
# hostname
ipaserver.testrelm

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ipaserver.testrelm

Patch freeipa-mkosek-160-hosts-file-not-updated-when-ip-is-passed-as-option.patch sent for review

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.0 Core Effort - 2011/11

7 years ago

Login to comment on this ticket.

Metadata