Bug 1437502

Summary: ipa-replica-install fails with requirement to use --force-join that is a client install option.
Product: Red Hat Enterprise Linux 7 Reporter: German Parente <gparente>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Abhijeet Kasurde <akasurde>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: akasurde, ksiddiqu, ndehadra, pvoborni, rcritten, tkrizek, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.5.0-7.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 09:47:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
console.log none

Description German Parente 2017-03-30 12:24:38 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 German Parente 2017-03-30 12:28:16 UTC 
Bug was saved without description:

Customer is installing replica:

ipa-replica-install --server <server> --domain <domain> --realm <realm> --setup-ca --setup-dns --no-forwarders --principal admin --admin-password some-passwd
Configuring client side components
Client hostname: XXXX
Realm: XXXXX
DNS Domain: XXXX
IPA Server: xXXXXXX
BaseDN: XXXXXXXX

Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=XXXX
    Issuer:      CN=Certificate Authority,O=XXXX
    Valid From:  Wed Mar 01 11:51:48 2017 UTC
    Valid Until: Sun Mar 01 11:51:48 2037 UTC

Joining realm failed: Host is already joined.

Use --force-join option to override the host entry on the server and force client enrollment.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Removing client side components
IPA client is not configured on this system.


But when he wants to install replica with --force-join, it does not work because it's an ipa-client-install option.

The workaround is to do a first ipa-client-install --force-join and then a ipa-replica-install
Comment 3 Petr Vobornik 2017-04-04 10:12:57 UTC 
If there is high demand we might try to fix this in 7.4(add --force-join option to replica installer) (there was already a preliminary patch), if not, I'd rather post-pone to future release.
Comment 5 Petr Vobornik 2017-04-05 08:47:26 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6183
Comment 6 Tomas Krizek 2017-04-12 13:54:07 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/87051f51c695afa3e9ba072da7005cf1a4194668
https://pagure.io/freeipa/c/db84516d23d3a6e53e95881828d494fb80647602
ipa-4-5:
https://pagure.io/freeipa/c/72f0ecde783be7d304044eff60c8c85e160d65d8
https://pagure.io/freeipa/c/534df55ea5ae736db832e0885520a6dfbd09299a
Comment 8 Abhijeet Kasurde 2017-06-02 08:23:15 UTC 
Version verified using IPA version ::

ipa-server-4.5.0-14.el7.x86_64

Marking BZ as verified. See attachment as console.log.
Comment 9 Abhijeet Kasurde 2017-06-02 08:23:38 UTC 
Created attachment 1284349 [details]
console.log
Comment 10 errata-xmlrpc 2017-08-01 09:47:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304