From issue reported here:
Configuring the web interface (httpd). Estimated time: 1 minute
[1/19]: setting mod_nss port to 443
[2/19]: setting mod_nss cipher suite
[3/19]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
[4/19]: setting mod_nss password file
[5/19]: enabling mod_nss renegotiate
[6/19]: adding URL rewriting rules
[7/19]: configuring httpd
[8/19]: setting up httpd keytab
[9/19]: setting up ssl
[error] NotFound: no such entry
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR no such entry
ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
During installation replica cannot find HTTP service and installer fails.
This is not 100% reproducible, but is is caused by replication when http entry is not replicated on time from master server.
Steps are following (IPA 4.4):
1. install DS on replica
1. create the http service entry on master for replica (using remote_api; install_http_certs(config, fstore, remote_api))
1. install other services, including http
1. http service fails to install in case that ldap entry from is not replicated yet to replica from master
This is reproducible mainly with ca-less install because in that case replication has less time to replicate entries from master.
Proposed fix: wait after install_http_certs until http service entry is replicated
This bug is 100% reproducible in my CA-less environment as per https://www.redhat.com/archives/freeipa-users/2016-December/msg00391.html.
I'm happy to test out a patch or something.
Let me know if I can be of any assistance.
master is fixed, patch should be only for 4.4 branch
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1416454
Metadata Update from @mbasti:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4.4
to comment on this ticket.