[Freeipa-devel] [PATCH] 762 Let the framework be able to override the hostname

Tue May 10 06:42:36 UTC 2011

On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
> The hostname is passed in during the server installation. We should use 
> this hostname for the resulting server as well. It was being discarded 
> and we always used the system hostname value.
> 
> ticket 1052
> 
> rob

Looks good for both server and a client install with a custom hostname.
However, I was unable to install a CA-powered replica, when a master was
configured with custom hostname:

ipareplica-install.log:
...
#############################################
Attempting to connect to: vm-102.idm.lab.bos.redhat.com:9445
Connected.
Posting Query = https://vm-102.idm.lab.bos.redhat.com:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6792677911037453899&xml=true
RESPONSE STATUS:  HTTP/1.1 200 OK
RESPONSE HEADER:  Server: Apache-Coyote/1.1
RESPONSE HEADER:  Content-Type: text/html;charset=UTF-8
RESPONSE HEADER:  Date: Mon, 09 May 2011 14:17:46 GMT
RESPONSE HEADER:  Connection: close
Exception in SecurityDomainLoginPanel(): java.lang.Exception: Invalid clone_uri
ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure
ERROR: unable to create CA

#######################################################################

2011-05-09 10:17:47,039 DEBUG stderr=java.lang.Exception: Invalid clone_uri
        at ConfigureCA.SecurityDomainLoginPanel(ConfigureCA.java:384)
        at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1239)
        at ConfigureCA.main(ConfigureCA.java:1761)

2011-05-09 10:17:47,040 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname vm-102.idm.lab.bos.redhat.com -cs_port 9445 -client_certdb_dir /tmp/tmp-Ou9Wd4 -client_certdb_pwd 'XXXXXXXX' -preop_pin qTFTDIjO9j9LdtvjLCz1 -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IDM.LAB.BOS.REDHAT.COM" -ldap_host vm-102.idm.lab.bos.redhat.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_server_cert_subject_name "CN=vm-102.idm.lab.bos.redhat.com,O=IDM.LAB.BOS.REDHAT.COM" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IDM.LAB.BOS.REDHAT.COM" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IDM.LAB.BOS.REDHAT.COM" -external false -clone true -clone_p12_file ca.p12 -clone_p12_password 'XXXXXXXX' -sd_hostname ipa.idm.lab.bos.redhat.com -sd_admin_port 9445 -sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri https://ipa.idm.lab.bos.redhat.com:9444' returned non-zero exit status 255
2011-05-09 10:17:47,070 DEBUG Configuration of CA failed
  File "/usr/sbin/ipa-replica-install", line 543, in <module>
    main()

  File "/usr/sbin/ipa-replica-install", line 486, in main
    (CA, cs) = install_ca(config)

  File "/usr/sbin/ipa-replica-install", line 186, in install_ca
    subject_base=config.subject_base)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance
    self.start_creation("Configuring certificate server", 360)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 289, in start_creation
    method()
...

Did that worked for you?
Martin