#5226 ipa-replica-install pk12util error returns exit status 10
Closed: Fixed None Opened 8 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1254038

Description of problem:

attempting a test ipa-replica-install with a replica info file generated using
pkcs12 files is erroring after OTP setup:

Configuring ipa-otpd
  [1/2]: starting ipa-otpd
  [2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Command
''/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i'
'/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w'
'/tmp/tmpYIVF03'' returned non-zero exit status 10


Version-Release number of selected component (if applicable):
ipa-server-4.2.0-4.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1.  Install IPA Server:

ipa-server-install --setup-dns --forwarder=192.168.122.1 -r TESTRELM.TEST -n
testrelm.test -a Secret123 -p Secret123 -U
[root@rhel7-1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.71  master.testrelm.test master
192.168.122.72 replica.testrelm.test

2.  Create Replica info file to use to get pkcs12 certs for http and ds:

ipa-replica-prepare -p Secret123 replica.testrelm.test

3.  Unarchive replica info file:

echo Secret123 | gpg --batch --passphrase-fd 0 -d
/var/lib/ipa/replica-info-replica.testrelm.test.gpg |tar xvf -

4.  Remove of info file

rm -rf /var/lib/ipa/replica-info-*

5.  Generate new info file with the pkcs12 certs:

ipa-replica-prepare -p Secret123 --ip-address=192.168.122.72
--reverse-zone=122.168.192.in-addr.arpa. replica.testrelm.test
--dirsrv_pkcs12=realm_info/dscert.p12 --dirsrv_pin=''
--http_pkcs12=realm_info/httpcert.p12 --http_pin=''

6.  Install on replica using new replica info file

scp root@192.168.122.71:/var/lib/ipa/replica-info-replica.testrelm.test.gpg .
ipa-replica-install -w Secret123 -p Secret123
./replica-info-replica.testrelm.test.gpg


Actual results:
Errors out with pk12util error 10.

Expected results:
Installs without errors.

Additional info:

ipareplica-install.log:

2015-08-17T00:52:38Z DEBUG Starting external process
2015-08-17T00:52:38Z DEBUG args='/usr/bin/pk12util' '-d' '/etc/httpd/alias'
'-i' '/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt'
'-w' '/tmp/tmpYIVF03'
2015-08-17T00:52:38Z DEBUG Process finished, return code=10
2015-08-17T00:52:38Z DEBUG stdout=
2015-08-17T00:52:38Z DEBUG stderr=pk12util: File Open failed:
/tmp/tmp_RtEI_ipa/realm_info/ra.p12: PR_FILE_NOT_FOUND_ERROR: File not found

2015-08-17T00:52:38Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 308,
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 280,
in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 302,
in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 342,
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364,
in _handle_exception
    util.raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332,
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87,
in run_generator_with_yield_from
    raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 523,
in _configure
    executor.next()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 342,
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 420,
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364,
in _handle_exception
    util.raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 417,
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364,
in _handle_exception
    util.raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332,
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87,
in run_generator_with_yield_from
    raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63,
in _install
    for nothing in self._installer(self.parent):
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 887, in main
    install(self)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 295, in decorated
    func(installer)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 587, in install
    CA.import_ra_cert(config.dir + "/ra.p12")
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
900, in import_ra_cert
    import_pkcs12(rafile, agent_name, self.ra_agent_db, self.ra_agent_pwd)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
134, in import_pkcs12
    "-w", input_passwd])
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 373, in
run
    raise CalledProcessError(p.returncode, arg_string, stdout)

2015-08-17T00:52:38Z DEBUG The ipa-replica-install command failed, exception:
CalledProcessError: Command ''/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i'
'/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w'
'/tmp/tmpYIVF03'' returned non-zero exit status 10
2015-08-17T00:52:38Z ERROR Command ''/usr/bin/pk12util' '-d' '/etc/httpd/alias'
'-i' '/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt'
'-w' '/tmp/tmpYIVF03'' returned non-zero exit status 10

master:

  • ff1e663 install: Fix replica install with custom certificates

ipa-4-2:

  • bfe9377 install: Fix replica install with custom certificates

Metadata Update from @pvoborni:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Login to comment on this ticket.

Metadata