When /etc/ipa doesn't exist, ipa-client-install fails with a misleading error:
Discovery was successful! Hostname: vm-059.idm.lab.eng.brq.redhat.com Realm: IDM.LAB.ENG.BRQ.REDHAT.COM DNS Domain: idm.lab.eng.brq.redhat.com IPA Server: vm-089.idm.lab.eng.brq.redhat.com BaseDN: dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin@IDM.LAB.ENG.BRQ.REDHAT.COM: Cannot obtain CA certificate 'ldap://vm-089.idm.lab.eng.brq.redhat.com' doesn't have a certificate. Installation failed. Rolling back changes. IPA client is not configured on this system.
The client installer should create the directory if it doesn't exist.
The freeipa-python RPM has /etc/ipa/ca.crt and /etc/ipa/default.conf ghost entries. It should also own the directory itself.
tbabej just noticed that this error reproduces when user have a clean VM, then installs just freeipa-client + freeipa-python and then runs ipa-client-install.
freeipa-client
freeipa-python
ipa-client-install
This makes me think that this error should be fixed sooner than in Pilsner to avoid unpleasant user experience. A fix for this issue should: 1. Make sure that /etc/ipa is owned and created by freeipa-python package 2. Make sure that ipa-client-install reports some meaningful error when it is missing
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=952686
master: 2a8f1b0
ipa-3-1: 69332d9
Reopening - /etc/ipa should not be owned by apache group.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=953905 (Fedora)
master: cc3c543[[BR]] ipa-3-1: 6e443eb
Metadata Update from @pviktori: - Issue assigned to akrivoka - Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)
Log in to comment on this ticket.