Issue #7736: freeipa replica installation failed in freeipa 4.4.4 - freeipa

freeipa

#7736 freeipa replica installation failed in freeipa 4.4.4

Closed: wontfix 5 years ago Opened 5 years ago by gowsalai.

Request for enhancement

As user , I want to have a freeipa server and a client replica promoted to a server. Server installation is seamless, during the client installation haveing the below issue.

Issue

[description of the issue]
During ipa_client_install i'm getting the error below.

ipa : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
ipa : DEBUG Configuring client side components
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/sbin/ipa-client-install --unattended --no-ntp --domain example.test --server freeipa-0.example.test --realm EXAMPLE.TEST --hostname freeipa-1.example.test --principal admin --ssh-trust-dns
Client hostname: freeipa-1.example.test
Realm: EXAMPLE.TEST
DNS Domain: example.test
IPA Server: freeipa-0.example.test
BaseDN: dc=example,dc=test
Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.TEST
Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
Valid From: Thu Oct 18 06:58:20 2018 UTC
Valid Until: Mon Oct 18 06:58:20 2038 UTC

Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining: Issuer certificate is invalid.

Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration

Steps to Reproduce

It is happening only in this environment.

Actual behavior

client installation fails.

Expected behavior

client intallation followed by replica install need to be successful

Version/Release/Distribution

Dockerised fedora-25 base image which has freeipa 4.4.4 version.
Not using external CA.

Additional info:

The same docker image is successfully installed in local environment, seeing the issue for the first time.

cheimes commented 5 years ago

The server certificate is invalid: libcurl failed to execute the HTTP POST transaction, explaining: Issuer certificate is invalid.. You can get more information about the failing certificate with either curl -v https://freeipa-0.example.test -o /dev/null or openssl s_client -connect freeipa-0.example.test:443.

By the way, Fedora 25 and FreeIPA 4.4 are really old and no longer supported. Please upgrade to at least Fedora 27.

Metadata Update from @cheimes:
- Issue assigned to cheimes

5 years ago

Metadata Update from @cheimes:
- Issue set to the milestone: FreeIPA 4.4.4

5 years ago

cheimes commented 5 years ago

Neither Fedora 25 nor FreeIPA 4.4 are supported any more. Please update to Fedora 27 or newer.

Metadata Update from @cheimes:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

cheimes

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

FreeIPA 4.4.4

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7736 freeipa replica installation failed in freeipa 4.4.4 Closed: wontfix 5 years ago Opened 5 years ago by gowsalai.

Request for enhancement

Issue

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Additional info:

Metadata

#7736 freeipa replica installation failed in freeipa 4.4.4

Closed: wontfix 5 years ago Opened 5 years ago by gowsalai.