Description of problem: Installation of freeipa-server fails during CA installation. The log shows the message: File '/etc/pki/pki-tomcat/alias/cert8.db' is either missing or is NOT a regular file! This is probably caused by the switch to SQL format in nssdb. https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql Version-Release number of selected component (if applicable): pki-ca-10.5.2-1.fc28.noarch Additional info: See complete pki-ca-spawn.log at https://fedorapeople.org/groups/freeipa/prci/jobs/16a786a0-d930-11e7-aab2-6cf04961d829/test_integration-test_simple_replication.py-TestSimpleReplication--test_user_replication_to_replica/master.ipa.test/var/log/pki/pki-ca-spawn.20171204204301.log.gz
(In reply to Tomas Krizek from comment #0) > Description of problem: > > Installation of freeipa-server fails during CA installation. The log shows > the message: > File '/etc/pki/pki-tomcat/alias/cert8.db' is either missing or is NOT a > regular file! > > This is probably caused by the switch to SQL format in nssdb. > https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql > > > Version-Release number of selected component (if applicable): > pki-ca-10.5.2-1.fc28.noarch > > > Additional info: > See complete pki-ca-spawn.log at > https://fedorapeople.org/groups/freeipa/prci/jobs/16a786a0-d930-11e7-aab2- > 6cf04961d829/test_integration-test_simple_replication.py- > TestSimpleReplication--test_user_replication_to_replica/master.ipa.test/var/ > log/pki/pki-ca-spawn.20171204204301.log.gz Yes -- we are dealing with this in phases -- first phase will probably be to make some changes to allow Dogtag to still work in Rawhide using NSS DBM (see associated Pagure ticket referenced in Devel Whiteboard).
Thank you Matthew for the explanation. Since we're trying to test FreeIPA on Rawhide, I am adding the TestBlocker keyword since this issue blocks us from testing FreeIPA properly there.
commit 29d23b0f027bd046d0a6547bd8292fb28f5d1c88 Author: Matthew Harmsen <mharmsen> Date: Wed Dec 6 16:38:33 2017 -0700 Set the default NSS DB type dogtagpki Pagure Issue #2862 - Create a mechanism to select the default NSS DB type The following changes are based upon the results of an investigation by jmagne in which he suggested using the NSS_DEFAULT_DB_TYPE environment variable to control NSS use of 'dbm' vs. 'sql'. . . . commit 69137ebe20ad97b26ef387a2b866a27f3e1ed3f3 (HEAD -> master, origin/master, origin/HEAD) Author: Matthew Harmsen <mharmsen> Date: Wed Dec 6 16:44:03 2017 -0700 Set the default NSS DB type for console dogtagpki Pagure Issue #2862 - Create a mechanism to select the default NSS DB type (console) The following changes are based upon the results of an investigation by jmagne in which he suggested using the NSS_DEFAULT_DB_TYPE environment variable to control NSS use of 'dbm' vs. 'sql'. . . .
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
freeipa-4.6.90.pre1-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2fd7295cb9
dogtag-pki-10.6.0-0.2.fc28, dogtag-pki-theme-10.6.0-0.2.fc28, freeipa-4.6.90.pre1-1.fc28, pki-console-10.6.0-0.2.fc28, pki-core-10.6.0-0.2.fc28, tomcat-8.5.29-1.fc28, tomcatjss-7.3.0-0.2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2fd7295cb9
dogtag-pki-10.6.0-0.2.fc28, dogtag-pki-theme-10.6.0-0.2.fc28, freeipa-4.6.90.pre1-1.fc28, pki-console-10.6.0-0.2.fc28, pki-core-10.6.0-0.2.fc28, tomcat-8.5.29-1.fc28, tomcatjss-7.3.0-0.2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.