Bug 432904

Summary: ipa-replica-install fails
Product: [Retired] freeIPA Reporter: Rob Crittenden <rcritten>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 1.0CC: benl, yzhang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-27 07:16:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 246164, 429034    
Attachments:
Description Flags
Don't export the CA into a PKCS#12 on replicas none

Description Rob Crittenden 2008-02-15 01:13:31 UTC 
Description of problem as reported by Yi:

Replica creation does not work for me.

Version-Release number of selected component (if applicable):

ipa-server-0.99-13.638.20080213

How reproducible:

Every time

Steps to Reproduce:
1. on ipaserver host, do "ipa-replica-prepare" --> success
2. copy the file "replica-info-IPAQA.COM" on host "ipaserver" to host
"ipareplica"  --> success
3. on ipareplica host, do "ipa-replica-install replica-info-IPAQA.COM" --> failed
  
Actual results:

[root@ipareplica ~]# ipa-replica-install replica-info-IPAQA.COM
Directory Manager (existing master) password:
Password (confirm):

Configuring directory server:
 [1/16]: creating directory server user
 [2/16]: creating directory server instance
 [3/16]: adding default schema
 [4/16]: enabling memberof plugin
 [5/16]: enabling referential integrity plugin
 [6/16]: enabling distributed numeric assignment plugin
 [7/16]: creating indices
 [8/16]: configuring ssl for ds instance
creation of replica failed: Command '/usr/bin/pk12util -d
/etc/dirsrv/slapd-IPAQA-COM/ -o /etc/dirsrv/slapd-IPAQA-COM//cacert.p12 -n CA
certificate -w /etc/dirsrv/slapd-IPAQA-COM//pwdfile.txt -k
/etc/dirsrv/slapd-IPAQA-COM//pwdfile.txt' returned non-zero exit status 24
Comment 1 Rob Crittenden 2008-02-15 01:40:20 UTC 
Created attachment 294960 [details]
Don't export the CA into a PKCS#12 on replicas

Don't create a backup of the PKCS#12 cert on replicas
Name the file created by ipa-replica-prepare after the FQDN of the target
Comment 2 Rob Crittenden 2008-02-15 01:42:20 UTC 
Committed as changeset 641
Comment 3 Yi Zhang 2008-04-03 18:21:03 UTC 
qa verified, bug closed
build used: 4-3-2008 daily build