Bug 1292099

Summary: --setup-dns is forgotten for using an external PKI
Product: [Fedora] Fedora Reporter: hdunkel
Component: freeipaAssignee: David Kupka <dkupka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 23CC: abokovoy, ipa-maint, jhrozek, mbasti, mkosek, pviktori, pvoborni, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-4.2.4-1.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-01 00:27:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description hdunkel 2015-12-16 13:17:35 UTC 
If I run

	ipa-server-install -n example.com -r EXAMPLE.COM --external-ca --subject="O=example AG,C=DE" --setup-dns --forwarder ...

then it asks me get signed certificates and to run ipa-server-install again. Quote:

	The next step is to get /root/ipa.csr signed by your CA and re-run /usr/sbin/ipa-server-install as:
	/usr/sbin/ipa-server-install --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate

If I do, then DNS is not setup. I have to add the DNS specific options again. This is highly misleading. ipa-server-install should show *all* necessary command line arguments to complete the second step, according to step 1.

Unfortunately the log file is gone. Did you know that ipa-server-install overwrites its own logfiles?
Comment 1 Petr Vobornik 2015-12-17 11:11:18 UTC 
This is a regression in 4.2.
Comment 2 Petr Vobornik 2015-12-17 11:13:20 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5556
Comment 3 Martin Bašti 2015-12-21 17:39:27 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/30fbc7e948739f0ee758e01d0ef1a3a0a53984b0
https://fedorahosted.org/freeipa/changeset/f0703d3c2a399012fa4cae0b856c08ff18b42463
ipa-4-3:
https://fedorahosted.org/freeipa/changeset/264748b14e1177a16133c65a1ee9e0d995b17732
https://fedorahosted.org/freeipa/changeset/2b3a0a4519b409c4c363afcb61da77ad9b9a1436
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/2bead374900a597234e09b483c380574a6c53d14
https://fedorahosted.org/freeipa/changeset/d655b949d3bd8f5d192605acd579314e82492b86
Comment 4 Petr Vobornik 2016-01-07 14:51:39 UTC 
*** Bug 1292042 has been marked as a duplicate of this bug. ***
Comment 5 Jan Kurik 2016-02-24 15:37:55 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
Comment 6 Fedora Update System 2016-03-21 15:23:03 UTC 
freeipa-4.2.4-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-cb0ac4420c
Comment 7 Fedora Update System 2016-03-22 15:22:31 UTC 
freeipa-4.2.4-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-cb0ac4420c
Comment 8 Fedora Update System 2016-04-01 00:27:27 UTC 
freeipa-4.2.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.