New release of custodia will probably help as it improves some encoding issues.
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1411810
Description of problem: When running ipa-replica-install in a container, the process ends with Done configuring the web interface (httpd). Applying LDAP updates Upgrading IPA: [1/9]: stopping directory server [2/9]: saving configuration [3/9]: disabling listeners [4/9]: enabling DS global lock [5/9]: starting directory server [6/9]: upgrading server [7/9]: stopping directory server [8/9]: restoring configuration [9/9]: starting directory server Done. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR 406 Client Error: Key name ca/caSigningCert%20cert-pki-ca does not match subject ca/caSigningCert cert-pki-ca for url: https://ipa.example.test/ipa/keys/ca/caSigningCert%20cert- pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJra WQiOm51bGx9.eu3DOhYXXz8MLWBskVZNSIMKriM80lKAxr47NIU0FMgKqiQdpnIOWL9zFa02-7g1q3o bkI79AE60VY3Wiaf1e8jBhg6VZpDSzcC3WYToEWjI4PtipgrjO-NaJMElb6yZOjl0MfWsWcGZ_XtuIM IvjIYTxAV79gebyJhEkof4gj-I2JH5r9Eg4hI3y5UW0C51-6EbUitZLlCu5nGNrzu7eIJ689vaTs-rU rOqbWfhFDY1CRky3JkPrK6O6gjz_ZZch0vyplBOSoZQKNjQ6v6ZXlsfWq96psFvYRnRBqBsWaJZfZ6X UZpClOzzfyVHaGVle1i-BCXa_NnUk_ejfR4X5A.uHCvi1pP2NOQpWqQ3Hdl0w.moz77uszWhRWVjBY1 FtsoIJie6P9LpGskkITtZQF5zmw5AuwsX6D_gLoFr00YxbgNZYd9h_dR9lHeabwOaJPHn-a3ZIEWEbu kDpgqdPH-_YFiGFbAUOHfLS1omiMdy6HfFNpkId5v3A0NSSRXhlzZLNN5654oNOiFEW6DC4im8zom12 TS0E6lyfjLyb8eFFAg7UqUqmBH4OtEBJo6777QPm6kBgfAwO6rMOV06uHzaP6yyDy5D14c-Zd9Y_-kn WmzxGo-0B8MHdWHn0_5vYyYPazSy1H3x-nlCAzRDAFrEHlbEoXSf9Lx9J2lvzHSmst6DbXaWqDO5mFj FRlXElwZvxegpYCBhDO_kwPWNEUocwqAZyGzELtxuaCVu5RQq514ueFKNNgwyknIn5aZ_MXJXk3D0Pl Gi5eCzkhccV2RYltQZ1chRUUZzIjq4doCm9uIHj1aRoxLBz43RGLGSJrjvl8as9y6W_T-6SsPuREdZp QZigTXPajxo5V0_UwVxIpKYAjjJS6MMTXUCZSXFhCKO21hYTh1iopkVCIKEE4yHl8g3k18v9XRyi14P bf_cBAEeoPjOI_W-RY5sTglKPftphtVNTT5dy7wP6oLdpa22dfG8qgevKGCrxpG1Gnqw1865ULy1SXG NYHMMGOd7o5_gQ3FE5WfRkKqnkQ2YNFYWo.MU1o2NgIww9haxlDRJsjAN5opFrI6i2hu1qAH4RfiPM ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Version-Release number of selected component (if applicable): freeipa-server-4.4.3-2.fc26.x86_64 How reproducible: Seen once, assume deterministic. Steps to Reproduce: 1. Have existing IPA master, for example in a container. 2. Run docker run -t --name freeipa-replica-container -h replica.example.test --tmpfs /run --tmpfs /tmp -v /dev/urandom:/dev/random:ro -v /opt/ipa-replica-fedora-rawhide:/data -v /sys/fs/cgroup:/sys/fs/cgroup:ro --link freeipa-server-container:ipa.example.test --net freeipa-network --net-alias replica.example.test --cap-add=SYS_TIME -e IPA_SERVER_INSTALL_OPTS='' freeipa-server with ipa-replica-install-options containing -U --skip-conncheck --principal admin --password Secret123 --setup-ca --server ipa.example.test --domain example.test Actual results: Configuring client side components Client hostname: replica.example.test Realm: EXAMPLE.TEST DNS Domain: example.test IPA Server: ipa.example.test BaseDN: dc=example,dc=test Skipping synchronizing time with NTP server. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=EXAMPLE.TEST Issuer: CN=Certificate Authority,O=EXAMPLE.TEST Valid From: Tue Jan 10 14:15:40 2017 UTC Valid Until: Sat Jan 10 14:15:40 2037 UTC Enrolled in IPA realm EXAMPLE.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.TEST trying https://ipa.example.test/ipa/json Forwarding 'schema' to json server 'https://ipa.example.test/ipa/json' trying https://ipa.example.test/ipa/json Forwarding 'ping' to json server 'https://ipa.example.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://ipa.example.test/ipa/json' Systemwide CA database updated. SSSD enabled Configured /etc/openldap/ldap.conf /etc/ssh/ssh_config not found, skipping configuration /etc/ssh/sshd_config not found, skipping configuration Configuring example.test as NIS domain. Client configuration complete. ipa : ERROR The host name ipa.example.test does not match the value freeipa-server-container.freeipa-network obtained by reverse lookup on IP address 172.18.0.2 Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/44]: creating directory server user [2/44]: creating directory server instance [3/44]: updating configuration in dse.ldif [4/44]: restarting directory server [5/44]: adding default schema [6/44]: enabling memberof plugin [7/44]: enabling winsync plugin [8/44]: configuring replication version plugin [9/44]: enabling IPA enrollment plugin [10/44]: enabling ldapi [11/44]: configuring uniqueness plugin [12/44]: configuring uuid plugin [13/44]: configuring modrdn plugin [14/44]: configuring DNS plugin [15/44]: enabling entryUSN plugin [16/44]: configuring lockout plugin [17/44]: configuring topology plugin [18/44]: creating indices [19/44]: enabling referential integrity plugin [20/44]: configuring certmap.conf [21/44]: configure autobind for root [22/44]: configure new location for managed entries [23/44]: configure dirsrv ccache [24/44]: enabling SASL mapping fallback [25/44]: restarting directory server [26/44]: creating DS keytab [27/44]: retrieving DS Certificate [28/44]: restarting directory server [29/44]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 1 seconds elapsed Update in progress, 2 seconds elapsed Update in progress, 3 seconds elapsed Update succeeded [30/44]: adding sasl mappings to the directory [31/44]: updating schema [32/44]: setting Auto Member configuration [33/44]: enabling S4U2Proxy delegation [34/44]: importing CA certificates from LDAP [35/44]: initializing group membership [36/44]: adding master entry [37/44]: initializing domain level [38/44]: configuring Posix uid/gid generation [39/44]: adding replication acis [40/44]: enabling compatibility plugin [41/44]: activating sidgen plugin [42/44]: activating extdom plugin [43/44]: tuning directory server [44/44]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring ipa-custodia [1/5]: Generating ipa-custodia config file [2/5]: Generating ipa-custodia keys [3/5]: Importing RA Key [4/5]: starting ipa-custodia [5/5]: configuring ipa-custodia to start on boot Done configuring ipa-custodia. MARK-LWD-LOOP -- 2017-01-10 09:22:30 -- Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds [1/4]: configuring KDC [2/4]: adding the password extension to the directory [3/4]: starting the KDC [4/4]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring the web interface (httpd). Estimated time: 1 minute [1/20]: setting mod_nss port to 443 [2/20]: setting mod_nss cipher suite [3/20]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2 [4/20]: setting mod_nss password file [5/20]: enabling mod_nss renegotiate [6/20]: adding URL rewriting rules [7/20]: configuring httpd [8/20]: configure certmonger for renewals [9/20]: setting up httpd keytab [10/20]: setting up ssl [11/20]: importing CA certificates from LDAP [12/20]: publish CA cert [13/20]: clean up any existing httpd ccache [14/20]: configuring SELinux for httpd [15/20]: create KDC proxy user [16/20]: create KDC proxy config [17/20]: enable KDC proxy [18/20]: restarting httpd [19/20]: configuring httpd to start on boot [20/20]: enabling oddjobd Done configuring the web interface (httpd). Applying LDAP updates Upgrading IPA: [1/9]: stopping directory server [2/9]: saving configuration [3/9]: disabling listeners [4/9]: enabling DS global lock [5/9]: starting directory server [6/9]: upgrading server [7/9]: stopping directory server [8/9]: restoring configuration [9/9]: starting directory server Done. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR 406 Client Error: Key name ca/caSigningCert%20cert-pki-ca does not match subject ca/caSigningCert cert-pki-ca for url: https://ipa.example.test/ipa/keys/ca/caSigningCert%20cert- pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJra WQiOm51bGx9.eu3DOhYXXz8MLWBskVZNSIMKriM80lKAxr47NIU0FMgKqiQdpnIOWL9zFa02-7g1q3o bkI79AE60VY3Wiaf1e8jBhg6VZpDSzcC3WYToEWjI4PtipgrjO-NaJMElb6yZOjl0MfWsWcGZ_XtuIM IvjIYTxAV79gebyJhEkof4gj-I2JH5r9Eg4hI3y5UW0C51-6EbUitZLlCu5nGNrzu7eIJ689vaTs-rU rOqbWfhFDY1CRky3JkPrK6O6gjz_ZZch0vyplBOSoZQKNjQ6v6ZXlsfWq96psFvYRnRBqBsWaJZfZ6X UZpClOzzfyVHaGVle1i-BCXa_NnUk_ejfR4X5A.uHCvi1pP2NOQpWqQ3Hdl0w.moz77uszWhRWVjBY1 FtsoIJie6P9LpGskkITtZQF5zmw5AuwsX6D_gLoFr00YxbgNZYd9h_dR9lHeabwOaJPHn-a3ZIEWEbu kDpgqdPH-_YFiGFbAUOHfLS1omiMdy6HfFNpkId5v3A0NSSRXhlzZLNN5654oNOiFEW6DC4im8zom12 TS0E6lyfjLyb8eFFAg7UqUqmBH4OtEBJo6777QPm6kBgfAwO6rMOV06uHzaP6yyDy5D14c-Zd9Y_-kn WmzxGo-0B8MHdWHn0_5vYyYPazSy1H3x-nlCAzRDAFrEHlbEoXSf9Lx9J2lvzHSmst6DbXaWqDO5mFj FRlXElwZvxegpYCBhDO_kwPWNEUocwqAZyGzELtxuaCVu5RQq514ueFKNNgwyknIn5aZ_MXJXk3D0Pl Gi5eCzkhccV2RYltQZ1chRUUZzIjq4doCm9uIHj1aRoxLBz43RGLGSJrjvl8as9y6W_T-6SsPuREdZp QZigTXPajxo5V0_UwVxIpKYAjjJS6MMTXUCZSXFhCKO21hYTh1iopkVCIKEE4yHl8g3k18v9XRyi14P bf_cBAEeoPjOI_W-RY5sTglKPftphtVNTT5dy7wP6oLdpa22dfG8qgevKGCrxpG1Gnqw1865ULy1SXG NYHMMGOd7o5_gQ3FE5WfRkKqnkQ2YNFYWo.MU1o2NgIww9haxlDRJsjAN5opFrI6i2hu1qAH4RfiPM ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information FreeIPA server configuration failed. The /var/log/ipareplica-install.log ends with 2017-01-10T14:23:59Z DEBUG Starting external process 2017-01-10T14:23:59Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket 2017-01-10T14:23:59Z DEBUG Process finished, return code=0 2017-01-10T14:23:59Z DEBUG stdout=active 2017-01-10T14:23:59Z DEBUG stderr= 2017-01-10T14:23:59Z DEBUG duration: 0 seconds 2017-01-10T14:23:59Z DEBUG [2/2]: configuring ipa-otpd to start on boot 2017-01-10T14:23:59Z DEBUG Starting external process 2017-01-10T14:23:59Z DEBUG args=/bin/systemctl is-enabled ipa-otpd.socket 2017-01-10T14:23:59Z DEBUG Process finished, return code=1 2017-01-10T14:23:59Z DEBUG stdout=disabled 2017-01-10T14:23:59Z DEBUG stderr= 2017-01-10T14:23:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-01-10T14:23:59Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-01-10T14:23:59Z DEBUG Starting external process 2017-01-10T14:23:59Z DEBUG args=/bin/systemctl disable ipa-otpd.socket 2017-01-10T14:23:59Z DEBUG Process finished, return code=0 2017-01-10T14:23:59Z DEBUG stdout= 2017-01-10T14:23:59Z DEBUG stderr= 2017-01-10T14:23:59Z DEBUG flushing ldap://replica.example.test:389 from SchemaCache 2017-01-10T14:23:59Z DEBUG retrieving schema for SchemaCache url=ldap://replica.example.test:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f784249e998> 2017-01-10T14:23:59Z DEBUG duration: 0 seconds 2017-01-10T14:23:59Z DEBUG Done configuring ipa-otpd. 2017-01-10T14:23:59Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 334, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 376, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 405, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 395, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 363, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 597, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 376, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 405, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 395, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 457, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 395, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 363, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1727, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 367, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1516, in promote custodia.get_ca_keys(config.ca_host_name, ca_data[0], ca_data[1]) File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 182, in get_ca_keys self.__get_keys(ca_host, cacerts_file, cacerts_pwd, data) File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 143, in __get_keys value = cli.fetch_key(os.path.join(prefix, nickname), False) File "/usr/lib/python2.7/site-packages/ipapython/secrets/client.py", line 98, in fetch_key r.raise_for_status() File "/usr/lib/python2.7/site-packages/requests/models.py", line 893, in raise_for_status raise HTTPError(http_error_msg, response=self) 2017-01-10T14:23:59Z DEBUG The ipa-replica-install command failed, exception: HTTPError: 406 Client Error: Key name ca/caSigningCert%20cert-pki-ca does not match subject ca/caSigningCert cert-pki-ca for url: https://ipa.example.test/ip a/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsIm VuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.eu3DOhYXXz8MLWBskVZNSIMKriM80lKAxr47 NIU0FMgKqiQdpnIOWL9zFa02-7g1q3obkI79AE60VY3Wiaf1e8jBhg6VZpDSzcC3WYToEWjI4Ptipgr jO-NaJMElb6yZOjl0MfWsWcGZ_XtuIMIvjIYTxAV79gebyJhEkof4gj-I2JH5r9Eg4hI3y5UW0C51-6 EbUitZLlCu5nGNrzu7eIJ689vaTs-rUrOqbWfhFDY1CRky3JkPrK6O6gjz_ZZch0vyplBOSoZQKNjQ6 v6ZXlsfWq96psFvYRnRBqBsWaJZfZ6XUZpClOzzfyVHaGVle1i-BCXa_NnUk_ejfR4X5A.uHCvi1pP2 NOQpWqQ3Hdl0w.moz77uszWhRWVjBY1FtsoIJie6P9LpGskkITtZQF5zmw5AuwsX6D_gLoFr00YxbgN ZYd9h_dR9lHeabwOaJPHn-a3ZIEWEbukDpgqdPH-_YFiGFbAUOHfLS1omiMdy6HfFNpkId5v3A0NSSR XhlzZLNN5654oNOiFEW6DC4im8zom12TS0E6lyfjLyb8eFFAg7UqUqmBH4OtEBJo6777QPm6kBgfAwO 6rMOV06uHzaP6yyDy5D14c-Zd9Y_-knWmzxGo-0B8MHdWHn0_5vYyYPazSy1H3x-nlCAzRDAFrEHlbE oXSf9Lx9J2lvzHSmst6DbXaWqDO5mFjFRlXElwZvxegpYCBhDO_kwPWNEUocwqAZyGzELtxuaCVu5RQ q514ueFKNNgwyknIn5aZ_MXJXk3D0PlGi5eCzkhccV2RYltQZ1chRUUZzIjq4doCm9uIHj1aRoxLBz4 3RGLGSJrjvl8as9y6W_T-6SsPuREdZpQZigTXPajxo5V0_UwVxIpKYAjjJS6MMTXUCZSXFhCKO21hYT h1iopkVCIKEE4yHl8g3k18v9XRyi14Pbf_cBAEeoPjOI_W-RY5sTglKPftphtVNTT5dy7wP6oLdpa22 dfG8qgevKGCrxpG1Gnqw1865ULy1SXGNYHMMGOd7o5_gQ3FE5WfRkKqnkQ2YNFYWo.MU1o2NgIww9ha xlDRJsjAN5opFrI6i2hu1qAH4RfiPM 2017-01-10T14:23:59Z ERROR 406 Client Error: Key name ca/caSigningCert%20cert-pki-ca does not match subject ca/caSigningCert cert-pki-ca for url: https://ipa.example.test/ipa/keys/ca/caSigningCert%20cert- pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJra WQiOm51bGx9.eu3DOhYXXz8MLWBskVZNSIMKriM80lKAxr47NIU0FMgKqiQdpnIOWL9zFa02-7g1q3o bkI79AE60VY3Wiaf1e8jBhg6VZpDSzcC3WYToEWjI4PtipgrjO-NaJMElb6yZOjl0MfWsWcGZ_XtuIM IvjIYTxAV79gebyJhEkof4gj-I2JH5r9Eg4hI3y5UW0C51-6EbUitZLlCu5nGNrzu7eIJ689vaTs-rU rOqbWfhFDY1CRky3JkPrK6O6gjz_ZZch0vyplBOSoZQKNjQ6v6ZXlsfWq96psFvYRnRBqBsWaJZfZ6X UZpClOzzfyVHaGVle1i-BCXa_NnUk_ejfR4X5A.uHCvi1pP2NOQpWqQ3Hdl0w.moz77uszWhRWVjBY1 FtsoIJie6P9LpGskkITtZQF5zmw5AuwsX6D_gLoFr00YxbgNZYd9h_dR9lHeabwOaJPHn-a3ZIEWEbu kDpgqdPH-_YFiGFbAUOHfLS1omiMdy6HfFNpkId5v3A0NSSRXhlzZLNN5654oNOiFEW6DC4im8zom12 TS0E6lyfjLyb8eFFAg7UqUqmBH4OtEBJo6777QPm6kBgfAwO6rMOV06uHzaP6yyDy5D14c-Zd9Y_-kn WmzxGo-0B8MHdWHn0_5vYyYPazSy1H3x-nlCAzRDAFrEHlbEoXSf9Lx9J2lvzHSmst6DbXaWqDO5mFj FRlXElwZvxegpYCBhDO_kwPWNEUocwqAZyGzELtxuaCVu5RQq514ueFKNNgwyknIn5aZ_MXJXk3D0Pl Gi5eCzkhccV2RYltQZ1chRUUZzIjq4doCm9uIHj1aRoxLBz43RGLGSJrjvl8as9y6W_T-6SsPuREdZp QZigTXPajxo5V0_UwVxIpKYAjjJS6MMTXUCZSXFhCKO21hYTh1iopkVCIKEE4yHl8g3k18v9XRyi14P bf_cBAEeoPjOI_W-RY5sTglKPftphtVNTT5dy7wP6oLdpa22dfG8qgevKGCrxpG1Gnqw1865ULy1SXG NYHMMGOd7o5_gQ3FE5WfRkKqnkQ2YNFYWo.MU1o2NgIww9haxlDRJsjAN5opFrI6i2hu1qAH4RfiPM 2017-01-10T14:23:59Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Expected results: No error, replica set up. Additional info: I currently do not have capacity to reproduce outside of containers. Note that the setup is without DNS servers, due to bug 1403352.
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @mbasti: - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
The issue has been fixed by custodia release 0.3.1. Upstream bug https://github.com/https://github.com/latchset/custodia/issues/135
Metadata Update from @cheimes: - Custom field component reset - Custom field rhbz reset - Custom field type reset - Issue set to the milestone: None (was: FreeIPA 4.5.1)
Dependencies bumped in: ipa-4-5:
master:
Metadata Update from @mbasti: - Custom field component adjusted to IPA - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1411810 - Custom field type adjusted to defect - Issue close_status updated to: fixed - Issue set to the milestone: FreeIPA 4.5.1 - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.