#8366 CA-less replica deployment fails with --setup-ca
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by twoerner.

Issue

With a ca-less PR for ansible-freeipa I ran into an issue with setting up CA-less replica and the option ipareplica_setup_ca: https://github.com/freeipa/ansible-freeipa/pull/298#issuecomment-641849890
The command line installer is failing in the same way when I combine --[http,dirsrv,pkinit]-cert-file options with --setup-ca:

The remote master does not have a CA installed, can't set up CA

Example

ipa-replica-install --dirsrv-cert-file ca-less-test/dirsrv.p12 --dirsrv-cert-name dirsrv-cert --dirsrv-pin SomePKCS12password --http-cert-file ca-less-test/httpd.p12 --http-cert-name httpd-cert --http-pin SomePKCS12password --pkinit-cert-file ca-less-test/pkinit.p12 --pkinit-cert-name pkinit-cert --pkinit-pin SomePKCS12password -P admin -p <password> --setup-ca


Metadata Update from @frenaud:
- Issue assigned to frenaud

3 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/4802

3 years ago

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.8.8

3 years ago

master:

  • 51cb631 ipa-replica-install: --setup-ca and *-cert-file are mutually exclusive
  • 98c1017 ipatests: add a test for ipa-replica-install --setup-ca --http-cert-file

ipa-4-8:

  • 32c4df7 ipa-replica-install: --setup-ca and *-cert-file are mutually exclusive
  • 0e325bd ipatests: add a test for ipa-replica-install --setup-ca --http-cert-file

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata