Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1318186 - Misleading error message during external-ca IPA master install
Misleading error message during external-ca IPA master install
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Mohammad Rizwan
:
: 1340096 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-16 04:59 EDT by Kaleem
Modified: 2017-08-01 05:37 EDT (History)
8 users (show)

See Also:
Fixed In Version: ipa-4.5.0-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 05:37:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
console logs (5.17 KB, text/plain)
2017-06-08 02:13 EDT, Mohammad Rizwan 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 08:41:35 EDT

  None (edit)
Description Kaleem 2016-03-16 04:59:43 EDT 
Description of problem:
During second attempt of IPA external-ca install after first successful attempt, following error message shown which is misleading.


ipa.ipapython.install.cli.install_tool(Server): ERROR    Failed to load /root/ipa-ca/ipa.crt

Honza helped me to figured out the cause for this.

Here, uninstallation of IPA external-ca was not removing the certs from /etc/httpd/alias which is already reported in https://fedorahosted.org/freeipa/ticket/4639. 

But instead of error message "Failed to load /root/ipa-ca/ipa.crt
", we expect error message like

 "(SEC_ERROR_REUSED_ISSUER_AND_SERIAL) You are attempting to import a cert with the same issuer/serial as an existing cert"

Also warning message is not logged in ipaserver-install.log .

Version-Release number of selected component (if applicable):
[root@auto-hv-01-guest02 ~]# rpm -q ipa-server 
ipa-server-4.2.0-15.el7_2.10.x86_64
[root@auto-hv-01-guest02 ~]# 

How reproducible:
Always

Steps to Reproduce:
1. Installl IPA with external-ca
2. Uninstall IPA 
3. Install IPA with external-ca again

Actual results:
Installation of IPA fails in second attempt

Expected results:
Installation of IPA should be successful in second attempt also

Additional info:
1. After removing the certs from /etc/httpd/alias, able to install IPA successfully.
Comment 2 Petr Vobornik 2016-03-24 15:26:20 EDT 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4639
Comment 3 Martin Bašti 2016-05-26 10:00:41 EDT 
*** Bug 1340096 has been marked as a duplicate of this bug. ***
Comment 4 Abhijeet Kasurde 2017-02-03 04:47:53 EST 
I have encountered same error message in RHEL 7.3. Any plan of fixing this ?
Comment 12 Mohammad Rizwan 2017-06-08 02:13 EDT 
Created attachment 1285980 [details]
console logs
Comment 13 Mohammad Rizwan 2017-06-08 02:14:41 EDT 
verified on ipa-server-4.5.0-15.el7.x86_64 too.

Installation logs are attached.
Comment 14 errata-xmlrpc 2017-08-01 05:37:23 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.