432904 – ipa-replica-install fails

Bug 432904 - ipa-replica-install fails

Summary: ipa-replica-install fails

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	freeipa10 429034
TreeView+	depends on / blocked

Reported:	2008-02-15 01:13 UTC by Rob Crittenden
Modified:	2015-01-04 23:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:	freeipa-2.0.0-1.fc15
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-27 07:16:54 UTC
Embargoed:

Attachments	(Terms of Use)
Don't export the CA into a PKCS#12 on replicas (3.43 KB, patch) 2008-02-15 01:40 UTC, Rob Crittenden	no flags	Details \| Diff
View All

Description Rob Crittenden 2008-02-15 01:13:31 UTC

Description of problem as reported by Yi:

Replica creation does not work for me.

Version-Release number of selected component (if applicable):

ipa-server-0.99-13.638.20080213

How reproducible:

Every time

Steps to Reproduce:
1. on ipaserver host, do "ipa-replica-prepare" --> success
2. copy the file "replica-info-IPAQA.COM" on host "ipaserver" to host
"ipareplica"  --> success
3. on ipareplica host, do "ipa-replica-install replica-info-IPAQA.COM" --> failed
  
Actual results:

[root@ipareplica ~]# ipa-replica-install replica-info-IPAQA.COM
Directory Manager (existing master) password:
Password (confirm):

Configuring directory server:
 [1/16]: creating directory server user
 [2/16]: creating directory server instance
 [3/16]: adding default schema
 [4/16]: enabling memberof plugin
 [5/16]: enabling referential integrity plugin
 [6/16]: enabling distributed numeric assignment plugin
 [7/16]: creating indices
 [8/16]: configuring ssl for ds instance
creation of replica failed: Command '/usr/bin/pk12util -d
/etc/dirsrv/slapd-IPAQA-COM/ -o /etc/dirsrv/slapd-IPAQA-COM//cacert.p12 -n CA
certificate -w /etc/dirsrv/slapd-IPAQA-COM//pwdfile.txt -k
/etc/dirsrv/slapd-IPAQA-COM//pwdfile.txt' returned non-zero exit status 24

Comment 1 Rob Crittenden 2008-02-15 01:40:20 UTC

Created attachment 294960 [details]
Don't export the CA into a PKCS#12 on replicas

Don't create a backup of the PKCS#12 cert on replicas
Name the file created by ipa-replica-prepare after the FQDN of the target

Comment 2 Rob Crittenden 2008-02-15 01:42:20 UTC

Committed as changeset 641

Comment 3 Yi Zhang 2008-04-03 18:21:03 UTC

qa verified, bug closed
build used: 4-3-2008 daily build

Note You need to log in before you can comment on or make changes to this bug.