freeipa

Clone
Source Code
GIT

#7852 pki spawn fails for IPA replica install from RHEL6 IPA master
Closed: fixed 5 years ago by frenaud. Opened 5 years ago by frenaud.

Closed: fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla: Bug 1672180

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

+++ This bug was initially created as a clone of Bug #1667434 +++

Description of problem:
pki instance creation fails during replica install on RHEL-7.6 master from
RHEL6.10 master.

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/28]: configuring certificate server instance
ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance:
Command '/usr/sbin/pkispawn -s CA -f /tmp/tmp8tf06l' returned non-zero exit
status 1
ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the
following files/directories for more information:
ipaserver.install.dogtaginstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipapython.admintool: ERROR    CA configuration failed.
ipapython.admintool: ERROR    The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install IPA master on RHEL-6.10
2. Copy copy-schema-to-ca.py from 7.6 replica on Master and execute it
3. Generate replica gpg file on RHEL-6.10 master
4. Install replica on 7.6 replica with --setup-ca option


Actual results:
Replica install fails

Expected results:
Replica install should be successful

Additional info:
1. Replica install without --setup-ca option is successful
2. log files of pki instance are attached.

dogtag updated its cipher list, disabling a lot of ciphers, which causes an overlap problem with a RHEL 6.x IPA master.

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1672180
5 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2805
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 4.6.5
5 years ago

master:

  • ed74b89 Update mod_nss cipher list so there is overlap with a 4.x master

ipa-4-6:

  • 515ee7f Update mod_nss cipher list so there is overlap with a 4.x master

ipa-4-7:

  • bcfd61e Update mod_nss cipher list so there is overlap with a 4.x master

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/2805
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1672180
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.