Description of problem: While replica install it can setup ca files from /tmp/tmp.... directory until some point. After that install script remove file by using unlink. That couses a problem. Because further install proccess is looking for same files, but isn't able to find it in /tmp/tmp.. directory Version-Release number of selected component (if applicable): OS = CentOS 7.2.1511 Updated (Both Master and Replica) IPA = 4.2.0 API=2.156 (Both Master and Replica) How reproducible: To reproduce that need to go around some previus problems First, - take a copy of /etc/ipa/ca.cer as PEM format. Because prepare script makes it changed in to binary file # touch /root/cacerts.p12 "because prepare scripts looks for it" and "makes it changed" - as decribed in formal redhat 7 replica doc - run prepare script on master - cp gpg file to replica with scp on master - install ipa-server and ipa-dns-server on replica - run ipa-replica-install --setup-ca --setup-dns --no-forvarder /path/replica.example.com.gpg Actual results: File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 634, in create_from_pkcs12 raise RuntimeError("Could not find a CA cert in %s" % pkcs12_fname) 2016-06-15T13:42:30Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Could not find a CA cert in /tmp/tmp80pzXcipa/realm_info/dscert.p12 2016-06-15T13:42:30Z ERROR Could not find a CA cert in /tmp/tmp80pzXcipa/realm_info/dscert.p12 if you do setup with strace you can see that in middle of the process lstat("/tmp/tmpfDD_Lzipa/realm_info/dirsrv_pin.txt", {st_mode=S_IFREG|0644, st_size=1, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/dirsrv_pin.txt") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/cacert.p12", {st_mode=S_IFREG|0644, st_size=12404, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/cacert.p12") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/dscert.p12", {st_mode=S_IFREG|0600, st_size=2746, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/dscert.p12") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/dogtagcert.p12", {st_mode=S_IFREG|0600, st_size=2746, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/dogtagcert.p12") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/dogtag_directory_port.txt", {st_mode=S_IFREG|0644, st_size=4, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/dogtag_directory_port.txt") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/http_pin.txt", {st_mode=S_IFREG|0644, st_size=1, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/http_pin.txt") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/pwdfile.txt.orig", {st_mode=S_IFREG|0400, st_size=40, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/pwdfile.txt.orig") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/pwdfile.txt", {st_mode=S_IFREG|0600, st_size=40, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/pwdfile.txt") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/httpcert.p12", {st_mode=S_IFREG|0600, st_size=2746, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/httpcert.p12") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/ra.p12", {st_mode=S_IFREG|0600, st_size=3578, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/ra.p12") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/ca.crt", {st_mode=S_IFREG|0444, st_size=12404, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/ca.crt") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/preferences.html", {st_mode=S_IFREG|0644, st_size=3089, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/preferences.html") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/configure.jar", {st_mode=S_IFREG|0644, st_size=3411, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/configure.jar") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/default.conf", {st_mode=S_IFREG|0644, st_size=248, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/default.conf") = 0 lstat("/tmp/tmpfDD_Lzipa/realm_info/realm_info", {st_mode=S_IFREG|0644, st_size=167, ...}) = 0 unlink("/tmp/tmpfDD_Lzipa/realm_info/realm_info") = 0 rmdir("/tmp/tmpfDD_Lzipa/realm_info") = 0 rmdir("/tmp/tmpfDD_Lzipa") Expected results: Success
in actual result, i paste different install procces result. it should be like this 2016-06-15T13:42:30Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Could not find a CA cert in /tmp/tmpfDD_Lzipa/realm_info/dscert.p12 2016-06-15T13:42:30Z ERROR Could not find a CA cert in /tmp/tmpfDD_Lzipa/realm_info/dscert.p12
The temp folder should contain content of the replica file generated by ipa-replica-prepare util.So it is expected that it will be eventually deleted/unlinked. Isn't the unlinking done in cleanup after failed installation? Could you attach ipareplica-install.log?
Created attachment 1169675 [details] ipareplica-install
Created attachment 1169676 [details] install log with strace
Is fixed in FreeIPA 4.2.4: https://fedorahosted.org/freeipa/ticket/5598 http://koji.fedoraproject.org/koji/buildinfo?buildID=746422