Bug 1444787 - Update warning message when KRA installation fails
Summary: Update warning message when KRA installation fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Abhijeet Kasurde
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-24 09:58 UTC by Abhijeet Kasurde
Modified: 2017-08-01 09:48 UTC (History)
5 users (show)

Fixed In Version: ipa-4.5.0-10.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:48:56 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Abhijeet Kasurde 2017-04-24 09:58:33 UTC 
Description of problem:
As per https://github.com/freeipa/freeipa/pull/556/ IPA doesn't allow standalone KRA uninstallation. We should update warning message presented when IPA KRA installation fails with some error. 

# ipa-kra-install
Directory Manager password:


===================================================================
This program will setup Dogtag KRA for the IPA Server.


Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes
  [1/9]: creating installation admin user
  [error] ACIError: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Decrypt integrity check failed)

Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.

Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Decrypt integrity check failed)
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information

Version-Release number of selected component (if applicable):
# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.5.0-7.el7.x86_64
ipa-client-4.5.0-7.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64
pki-ca-10.4.1-2.el7.noarch
krb5-server-1.15.1-7.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install IPA KRA without kinit 

Actual results:
User is presented with 'Run ipa-kra-install --uninstall to clean up.'

Expected results:
Above error should be rephrased as standalone KRA uninstall is not supported. Also, man page should be updated.
Comment 2 Petr Vobornik 2017-05-03 09:45:56 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6923
Comment 5 Abhijeet Kasurde 2017-05-25 09:31:19 UTC 
Verified using IPA Server version:: ipa-server-4.5.0-13.el7.x86_64

Warning message is updated to "If you run into issues, you may have to re-install IPA on this server." 

Marking BZ as verified.
Comment 6 errata-xmlrpc 2017-08-01 09:48:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304
Note You need to log in before you can comment on or make changes to this bug.