Bug 1454603
Summary: | Unable to install IPA server due to pkispawn error | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Abhijeet Kasurde <akasurde> |
Component: | pki-core | Assignee: | Matthew Harmsen <mharmsen> |
Status: | CLOSED ERRATA | QA Contact: | Abhijeet Kasurde <akasurde> |
Severity: | unspecified | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.4 | CC: | arubin, ksiddiqu, mbasti, mharmsen, pvoborni, rcritten, tscherf |
Target Milestone: | rc | Keywords: | TestBlocker |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.4.1-6.el7 | Doc Type: | No Doc Update |
Doc Text: |
undefined
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 22:52:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Abhijeet Kasurde
2017-05-23 07:18:04 UTC
IPA server installation works with pki-server-10.4.1-4.el7.noarch. Moving to pki-core because traceback is in pkispawn not in IPA To fix this, we will simply always check for FIPS in the initialization scriptlet: diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 0e31543..4dc4e9a 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -42,6 +42,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # ALWAYS establish 'uid' and 'gid' deployer.identity.set_uid(deployer.mdict['pki_user']) deployer.identity.set_gid(deployer.mdict['pki_group']) + # ALWAYS check FIPS mode + deployer.fips.is_fips_enabled() # ALWAYS initialize HSMs (when and if present) deployer.hsm.initialize() if config.str2bool(deployer.mdict['pki_skip_installation']): Verified using PKI server :: pki-server-10.4.1-6.el7.noarch in both FIPS and non-FIPS enabled environments. Marking BZ as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2110 |