When httpd instance gets created on domain level 1, it is set not to publish its CA certificate.
This may possibly cause problems in a corner case during client installation when the certificate fails to download from LDAP and is also not supplied by the user.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1387779
master:
ipa-4-4:
This breaks the replica installation on DL1 with
2016-10-31T11:35:07Z DEBUG [12/20]: publish CA cert 2016-10-31T11:35:07Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-10-31T11:35:07Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 387, in __publish_ca_cert ca_db.publish_ca_cert(paths.CA_CRT) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 654, in publish_ca_cert shutil.copy(self.cacert_fname, location) File "/usr/lib64/python2.7/shutil.py", line 119, in copy copyfile(src, dst) File "/usr/lib64/python2.7/shutil.py", line 82, in copyfile with open(src, 'rb') as fsrc: IOError: [Errno 2] No such file or directory: '/etc/httpd/alias/cacert.asc'
Metadata Update from @stlaz: - Issue assigned to stlaz - Issue set to the milestone: FreeIPA 4.4.3
Log in to comment on this ticket.