#7742 External CA installer removes Dogtag's client DB after step 1
Closed: fixed 3 years ago Opened 3 years ago by cheimes.


FreeIPA removes Dogtag's client db in /root/.dogtag/pki-tomcat after every CA and KRA installation. This includes step 1 of external CA installation process. Dogtag 10.6.7 has changed behavior and willl no longer going to re-recreate the DB. Dogtag also requires the client DB to continue installation in step 2.

Steps to Reproduce

  1. Install Dogtag 10.6.7
  2. Install FreeIPA with external CA

Actual behavior


Step two fails with

2018-10-26 08:59:22 pkispawn      : DEBUG    ....... Error Message: [Errno 2] No such file or directory: '/root/.dogtag/pki-tomcat/ca/alias/noise'
2018-10-26 08:59:22 pkispawn      : DEBUG    .......   File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 534, in main
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 702, in spawn
    admin_setup_request = deployer.config_client.create_admin_setup_request()
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 4093, in create_admin_setup_request
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 4532, in set_admin_parameters
    with open(noise_file, 'w') as f:

Expected behavior

No error

Additional info:

See https://pagure.io/dogtagpki/issue/3076

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2497

3 years ago


  • ec54fa7 Keep Dogtag's client db in external CA step 1
  • 204353e Use tasks.install_master() in external_ca tests


  • 78bf80e Keep Dogtag's client db in external CA step 1
  • 6214fc5 Use tasks.install_master() in external_ca tests

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.