We added a test to see if IPA is already installed and this is breaking installing with an external CA which requires the installer to be run twice.
IMO we should fix it in 2.0
One problem is that the pki-cad service returns well before the CA is actually up when doing a start/restart. Filed bug https://bugzilla.redhat.com/show_bug.cgi?id=673199
Fix external CA installation, make it much more robust in handling a cache failure (/root/.ipa_cache).
Also wait for dogtag to be up and running before proceeding.
The tests I ran were:
- Basic IPA install: ipa-server-install - External CA install: ipa-server-install --external-ca; ipa-server-install --external_cert_file=/path/to/file --external_ca_file=/path/to/file - External CA install with cache removal: ipa-server-instasll --external-ca; rm /root/.ipa_cache; ipa-server-install --external_cert_file=/path/to/file --external_ca_file=/path/to/file - Using just stage two of an external CA install which should fail: ipa-server-install --external_cert_file=/path/to/file --external_ca_file=/path/to/file
attachment freeipa-rcrit-694-externalca.patch
master: f3d04bf
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)
Login to comment on this ticket.