Bug 1437502 - ipa-replica-install fails with requirement to use --force-join that is a client install option.
Summary: ipa-replica-install fails with requirement to use --force-join that is a clie...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Abhijeet Kasurde
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-30 12:24 UTC by German Parente
Modified: 2017-08-01 09:47 UTC (History)
7 users (show)

Fixed In Version: ipa-4.5.0-7.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:47:49 UTC
Target Upstream Version:


Attachments (Terms of Use)
console.log (6.50 KB, text/plain)
2017-06-02 08:23 UTC, Abhijeet Kasurde
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description German Parente 2017-03-30 12:24:38 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 German Parente 2017-03-30 12:28:16 UTC
Bug was saved without description:

Customer is installing replica:

ipa-replica-install --server <server> --domain <domain> --realm <realm> --setup-ca --setup-dns --no-forwarders --principal admin --admin-password some-passwd
Configuring client side components
Client hostname: XXXX
Realm: XXXXX
DNS Domain: XXXX
IPA Server: xXXXXXX
BaseDN: XXXXXXXX

Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=XXXX
    Issuer:      CN=Certificate Authority,O=XXXX
    Valid From:  Wed Mar 01 11:51:48 2017 UTC
    Valid Until: Sun Mar 01 11:51:48 2037 UTC

Joining realm failed: Host is already joined.

Use --force-join option to override the host entry on the server and force client enrollment.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Removing client side components
IPA client is not configured on this system.


But when he wants to install replica with --force-join, it does not work because it's an ipa-client-install option.

The workaround is to do a first ipa-client-install --force-join and then a ipa-replica-install

Comment 3 Petr Vobornik 2017-04-04 10:12:57 UTC
If there is high demand we might try to fix this in 7.4(add --force-join option to replica installer) (there was already a preliminary patch), if not, I'd rather post-pone to future release.

Comment 5 Petr Vobornik 2017-04-05 08:47:26 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6183

Comment 8 Abhijeet Kasurde 2017-06-02 08:23:15 UTC
Version verified using IPA version ::

ipa-server-4.5.0-14.el7.x86_64

Marking BZ as verified. See attachment as console.log.

Comment 9 Abhijeet Kasurde 2017-06-02 08:23:38 UTC
Created attachment 1284349 [details]
console.log

Comment 10 errata-xmlrpc 2017-08-01 09:47:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.