Hide Forgot
Cloned from upstream: https://pagure.io/freeipa/issue/6777 ipa-replica-install fails with: ``` [14/22]: publish CA cert [error] CalledProcessError: Command '/usr/bin/certutil -d /etc/httpd/alias -L -n ABC.IDM.LAB.ENG.BRQ.REDHAT.COM IPA CA -a -f /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 255 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Command '/usr/bin/certutil -d /etc/httpd/alias -L -n ABC.IDM.LAB.ENG.BRQ.REDHAT.COM IPA CA -a -f /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 255 ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information ```
Upstream ticket: https://pagure.io/freeipa/issue/6777
master: 9939aa53630a9c6a66e83140e64ec56539891c13 replica prepare: fix wrong IPA CA nickname in replica file ipa-4-5: df60e88e1bca6efd5ebf2a88e7825a5fd2631f08 replica prepare: fix wrong IPA CA nickname in replica file
IPA-versions: 1) RHEL 7.1.z : ipa-server-4.1.0-18.el7_1.4.x86_64 2) RHEL 7.2.z : ipa-server-4.2.0-15.el7_2.19.x86_64 REPLICA-Versions: ipa-server-4.5.0-14.el7.x86_64 1. Verified that ipa-replica install command run successfully when replica file is produced by ipa-replica-prepare from IPA-MASTER (In my case RHEL 7.1.z, RHEL 7.2.z). 2. Refer the console output below: 7.1.z: ======= MASTER: -------- [root@bkr-hv03-guest31 ipa]# rpm -q ipa-server ipa-server-4.1.0-18.el7_1.4.x86_64 [root@bkr-hv03-guest31 ipa]# ipa-replica-manage list bkr-hv03-guest31.testrelm.test: master auto-hv-02-guest01.testrelm.test: master REPLICA: -------- [root@auto-hv-02-guest01 ipa]# rpm -q ipa-server ipa-server-4.5.0-14.el7.x86_64 [root@auto-hv-02-guest01 ipa]# kinit admin Password for admin@TESTRELM.TEST: [root@auto-hv-02-guest01 ipa]# rpm -q selinux-policy selinux-policy-3.13.1-159.el7.noarch [root@auto-hv-02-guest01 ipa]# grep -rn "CalledProcessError" /var/log/ipareplica-install.log [root@auto-hv-02-guest01 ipa]# grep -rn "CompatServerReplicaInstall" /var/log/ipareplica-install.log [root@auto-hv-02-guest01 ipa]# tail -1 /var/log/ipareplica-install.log 2017-06-06T10:18:44Z INFO The ipa-replica-install command was successful 7.2.z: ======== MASTER: -------- [root@bkr-hv03-guest06 ipa]# rpm -q ipa-server ipa-server-4.2.0-15.el7_2.19.x86_64 [root@bkr-hv03-guest06 ipa]# ipa-replica-manage list bkr-hv03-guest06.testrelm.test: master ipaqavmh.testrelm.test: master REPLICA: -------- [root@ipaqavmh ipa]# rpm -q ipa-server ipa-server-4.5.0-14.el7.x86_64 [root@ipaqavmh ipa]# kinit admin Password for admin@TESTRELM.TEST: [root@ipaqavmh ipa]# grep -rn "CalledProcessError" /var/log/ipareplica-install.log [root@ipaqavmh ipa]# grep -rn "CompatServerReplicaInstall" /var/log/ipareplica-install.log [root@ipaqavmh ipa]# tail -1 /var/log/ipareplica-install.log 2017-06-06T10:09:51Z INFO The ipa-replica-install command was successful 3) For REPLICA install against IPA-MASTER configured at v3 (RHEL 6.9.z), there is a separate bug bz#1434910 Thus on the basis of above observations marking status of bug to "VERIFIED"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304