Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1254038
Description of problem: attempting a test ipa-replica-install with a replica info file generated using pkcs12 files is erroring after OTP setup: Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Command ''/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i' '/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w' '/tmp/tmpYIVF03'' returned non-zero exit status 10 Version-Release number of selected component (if applicable): ipa-server-4.2.0-4.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Install IPA Server: ipa-server-install --setup-dns --forwarder=192.168.122.1 -r TESTRELM.TEST -n testrelm.test -a Secret123 -p Secret123 -U [root@rhel7-1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.122.71 master.testrelm.test master 192.168.122.72 replica.testrelm.test 2. Create Replica info file to use to get pkcs12 certs for http and ds: ipa-replica-prepare -p Secret123 replica.testrelm.test 3. Unarchive replica info file: echo Secret123 | gpg --batch --passphrase-fd 0 -d /var/lib/ipa/replica-info-replica.testrelm.test.gpg |tar xvf - 4. Remove of info file rm -rf /var/lib/ipa/replica-info-* 5. Generate new info file with the pkcs12 certs: ipa-replica-prepare -p Secret123 --ip-address=192.168.122.72 --reverse-zone=122.168.192.in-addr.arpa. replica.testrelm.test --dirsrv_pkcs12=realm_info/dscert.p12 --dirsrv_pin='' --http_pkcs12=realm_info/httpcert.p12 --http_pin='' 6. Install on replica using new replica info file scp root@192.168.122.71:/var/lib/ipa/replica-info-replica.testrelm.test.gpg . ipa-replica-install -w Secret123 -p Secret123 ./replica-info-replica.testrelm.test.gpg Actual results: Errors out with pk12util error 10. Expected results: Installs without errors. Additional info: ipareplica-install.log: 2015-08-17T00:52:38Z DEBUG Starting external process 2015-08-17T00:52:38Z DEBUG args='/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i' '/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w' '/tmp/tmpYIVF03' 2015-08-17T00:52:38Z DEBUG Process finished, return code=10 2015-08-17T00:52:38Z DEBUG stdout= 2015-08-17T00:52:38Z DEBUG stderr=pk12util: File Open failed: /tmp/tmp_RtEI_ipa/realm_info/ra.p12: PR_FILE_NOT_FOUND_ERROR: File not found 2015-08-17T00:52:38Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 308, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 280, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 302, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 342, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 523, in _configure executor.next() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 342, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 420, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 417, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 887, in main install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 295, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 587, in install CA.import_ra_cert(config.dir + "/ra.p12") File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 900, in import_ra_cert import_pkcs12(rafile, agent_name, self.ra_agent_db, self.ra_agent_pwd) File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 134, in import_pkcs12 "-w", input_passwd]) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 373, in run raise CalledProcessError(p.returncode, arg_string, stdout) 2015-08-17T00:52:38Z DEBUG The ipa-replica-install command failed, exception: CalledProcessError: Command ''/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i' '/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w' '/tmp/tmpYIVF03'' returned non-zero exit status 10 2015-08-17T00:52:38Z ERROR Command ''/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i' '/tmp/tmp_RtEI_ipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w' '/tmp/tmpYIVF03'' returned non-zero exit status 10
master:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.