Bug 1409786
Summary: | Second phase of --external-ca ipa-server-install setup fails when dirsrv is not running | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Pazdziora <jpazdziora> |
Component: | ipa | Assignee: | fbarreto |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | enewland, fbarreto, frenaud, myusuf, ndehadra, pasik, pvoborni, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.5.4-9.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 16:40:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1405325 |
Description
Jan Pazdziora
2017-01-03 11:25:12 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6611 Fixed upstream master: https://pagure.io/freeipa/c/bf0b74bec4dc8b75a71d9e8d1374755a81d8b1df version: ipa-server-4.5.4-7.el7.x86_64 389-ds-base-1.3.7.5-11.el7.x86_64 Steps: 1. yum install -y ipa-server 2. ipa-server-install --external-ca -r TESTRELM.TEST -n testrelm.test -p Secret123 -a Secret123 -U 3. systemctl stop dirsrv 4. mkdir /var/tmp/testdb ; cd /var/tmp/testdb 5. certutil -N -d . --empty-password 6. echo -e "5\n9\nn\ny\n10\ny\n5\n6\n7\n9\nn\n" | certutil -S -n "IPA ROOTCA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z /etc/hostname -2 -1 -5 7. certutil -L -d . -n "IPA ROOTCA certificate" -a > iparootca.crt 8. certutil -C -m 2346 -i /root/ipa.csr -o /root/ipa.crt -c "IPA ROOTCA certificate" -d . -a 9. ipa-server-install --external-cert-file=/root/ipa.crt --external-cert-file=/var/tmp/testdb/iparootca.crt -r TESTRELM.TEST -n testrelm.test -p Secret123 -a Secret123 -U Actual result: ipa install succeed. see attached console logs. Thus marking bug as verified. Moving to assigned as the backport was missing from ipa-4-5 Fixed upstream ipa-4-5: https://pagure.io/freeipa/c/d20cac725fcf47ed581841a0b234bd6ce918b51d IPA_SERVER-VERSION: ipa-server-4.5.4-9.el7.x86_64 DIRECTORY Server version: 389-ds-base-1.3.7.5-13.el7.x86_64 Verified the bug on the basis of following steps and observations: Steps: 1. yum install -y ipa-server 2. ipa-server-install --external-ca -r TESTRELM.TEST -n testrelm.test -p Secret123 -a Secret123 -U 3. systemctl stop dirsrv 4. mkdir /var/tmp/testdb ; cd /var/tmp/testdb 5. certutil -N -d . --empty-password 6. echo -e "5\n9\nn\ny\n10\ny\n5\n6\n7\n9\nn\n" | certutil -S -n "IPA ROOTCA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z /etc/hostname -2 -1 -5 7. certutil -L -d . -n "IPA ROOTCA certificate" -a > iparootca.crt 8. certutil -C -m 2346 -i /root/ipa.csr -o /root/ipa.crt -c "IPA ROOTCA certificate" -d . -a 9. ipa-server-install --external-cert-file=/root/ipa.crt --external-cert-file=/var/tmp/testdb/iparootca.crt -r TESTRELM.TEST -n testrelm.test -p Secret123 -a Secret123 -U Observation: 1. ipa server installation is successful. 2. No error messages are observed: [root@auto-hv-01-guest05 testdb]# cat /var/log/ipaserver-install.log | grep "Failed to configure CA instance" [root@auto-hv-01-guest05 testdb]# cat /var/log/ipaserver-install.log | grep "CA configuration failed" [root@auto-hv-01-guest05 testdb]# Thus on the basis of above observations, marking the status of bug to 'VERIFIED'. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0918 |