$ ipa-kra-install -p megasecret
=================================================================== This program will setup Dogtag KRA for the FreeIPA Server.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds [1/8]: configuring KRA instance Failed to configure KRA instance: Command /usr/sbin/pkispawn' '-s' 'KRA' '-f' '/tmp/tmph1PpZ0 returned non-zero exit status 1 See the installation logs and the following files/directories for more information: /var/log/pki-ca-install.log /var/log/pki/pki-tomcat [error] RuntimeError: KRA configuration failed.
Your system may be partly configured. Run ipa-kra-install --uninstall to clean up.
KRA configuration failed. The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information
Steps to reproduce: 1. setup master and replica with domain level 1, without installing kra on master 2. issue the ipa-kra-install command on replica (it fails). 3. observer the above error message 4. Clean kra installation on replica: ipa-kra-install --uninstall -U 5. setup kra on master 6. setup kra on replica (it succeeds)
attachment ipaserver-kra-install.log
error in pkispawn log:
2015-11-19 13:49:05 pkispawn : INFO ....... constructing PKI configuration data. 2015-11-19 13:49:05 pkispawn : DEBUG ....... Error Type: IOError 2015-11-19 13:49:05 pkispawn : DEBUG ....... Error Message: [Errno 2] No such file or directory: '/root/.dogtag/pki-tomcat/ca_admin.cert' 2015-11-19 13:49:05 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 597, in main rv = instance.spawn(deployer) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 112, in spawn data = deployer.config_client.construct_pki_configuration_data() File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3992, in construct_pki_configuration_data self.set_admin_parameters(data) File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 4372, in set_admin_parameters with open(self.mdict['pki_admin_cert_file'], "r") as f:
Creation of the file /root/.dogtag/pki-tomcat/ca_admin.cert has been commented in krainstance:
# FIXME # # create admin cert file if it does not exist # cert = DogtagInstance.get_admin_cert(self) # with open(paths.ADMIN_CERT_PATH, "w") as admin_path: # admin_path.write(cert)
in commit bc39cc9
What is the reason?
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1285071 (Red Hat Enterprise Linux 7)
Happens also on 4.2 branch.
master:
IPA 4.2 patches are still on review
No longer a blocker(for 4.3) given that it's pushed to master.
ipa-4-2:
Metadata Update from @ofayans: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2.4
Login to comment on this ticket.