Bug 725184 - IPA Server install fails at configuring SSL for DS instance
Summary: IPA Server install fails at configuring SSL for DS instance
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.1
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-23 19:26 UTC by Kyle Gonzales
Modified: 2015-01-04 23:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-25 12:53:55 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Kyle Gonzales 2011-07-23 19:26:17 UTC 
Description of problem:
Running "ipa-server-install --setup-dns" works until I get the following error:
  [16/32]: configuring ssl for ds instance
Unexpected error - see ipaserver-install.log for details:
 [Errno 2] No such file or directory

The error log is not helpful:
2011-07-23 15:18:59,015 DEBUG stderr=
2011-07-23 15:18:59,030 DEBUG [Errno 2] No such file or directory
  File "/usr/sbin/ipa-server-install", line 944, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 786, in main
    hbac_allow=not options.hbac_allow)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 262, in create_instance
    self.start_creation("Configuring directory server", 60)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 301, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 524, in __enable_ssl
    dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/certs.py", line 460, in track_server_cert
    (stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file)

  File "/usr/lib/python2.6/site-packages/ipapython/certmonger.py", line 205, in start_tracking
    (stdout, stderr, returncode) = ipautil.run(args)

  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 132, in run
    close_fds=True, env=env)

  File "/usr/lib64/python2.6/subprocess.py", line 639, in __init__
    errread, errwrite)

  File "/usr/lib64/python2.6/subprocess.py", line 1220, in _execute_child
    raise child_exception


Version-Release number of selected component (if applicable):
# rpm -q ipa-server
ipa-server-2.0.0-23.el6_1.1.x86_64

How reproducible:
Every time so far

Steps to Reproduce:
1. Run "ipa-server-install --setup-dns" on my system
2. I get the error
3.
  
Actual results:
I get the error.

Expected results:
It installs without error.
Comment 2 Rob Crittenden 2011-07-24 14:00:58 UTC 
Do you have the certmonger package installed? Does /usr/bin/ipa-getcert exist?
Comment 3 Kyle Gonzales 2011-07-24 14:36:51 UTC 
Yes, the certmonger package is installed:

# rpm -q certmonger
certmonger-0.42-1.el6.x86_64

However, /usr/bin/ipa-getcert does not exist.  Odd.  Reinstalled certmonger and the file is now there.  The installation is proceeding.  I might have removed it when the installed crashed in the middle and the "uninstall" command did not work on an earlier run.

So, a question: why is a file for IPA in certmonger?  Should not that file be in ipa-client or ipa-server instead?
Comment 4 Rob Crittenden 2011-07-25 12:53:55 UTC 
certmonger has built-in support for talking to an IPA server over XML-RPC.
Note You need to log in before you can comment on or make changes to this bug.