When installing replica in CA-less topology, installation fails due to an attempt to issue a certificate for the HTTP server.
Example command:
ipa-replica-install --admin-password 4me2Test --unattended \ --http-cert-file ~ftweedal/nssdb/ca1/replica.p12 --http-pin 4me2Test \ --dirsrv-cert-file ~ftweedal/nssdb/ca1/replica.p12 --dirsrv-pin 4me2Test
Traceback:
2016-12-19T12:17:47Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 334, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 328, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 352, in execute for _nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 423, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 384, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 381, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 618, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 423, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 481, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 478, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 413, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 384, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 381, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 594, in main replica_install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 390, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1345, in install config.subject_base) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 84, in install_http_certs db.request_service_cert('Server-Cert', principal, host_name, True) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 660, in request_service_cert passwd_fname=self.passwd_fname) File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 316, in request_and_wait_for_cert raise RuntimeError("Certificate issuance failed ({})".format(state)) 2016-12-19T12:17:47Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE) 2016-12-19T12:17:47Z ERROR Certificate issuance failed (CA_UNREACHABLE) 2016-12-19T12:17:47Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
master:
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: FreeIPA 4.5
Log in to comment on this ticket.