[Freeipa-devel] [PATCH] 762 Let the framework be able to override the hostname
Rob Crittenden
rcritten at redhat.com
Tue May 10 13:48:56 UTC 2011
Martin Kosek wrote:
> On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
>> The hostname is passed in during the server installation. We should use
>> this hostname for the resulting server as well. It was being discarded
>> and we always used the system hostname value.
>>
>> ticket 1052
>>
>> rob
>
> Looks good for both server and a client install with a custom hostname.
> However, I was unable to install a CA-powered replica, when a master was
> configured with custom hostname:
>
> ipareplica-install.log:
> ...
> #############################################
> Attempting to connect to: vm-102.idm.lab.bos.redhat.com:9445
> Connected.
> Posting Query = https://vm-102.idm.lab.bos.redhat.com:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6792677911037453899&xml=true
> RESPONSE STATUS: HTTP/1.1 200 OK
> RESPONSE HEADER: Server: Apache-Coyote/1.1
> RESPONSE HEADER: Content-Type: text/html;charset=UTF-8
> RESPONSE HEADER: Date: Mon, 09 May 2011 14:17:46 GMT
> RESPONSE HEADER: Connection: close
> Exception in SecurityDomainLoginPanel(): java.lang.Exception: Invalid clone_uri
> ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure
> ERROR: unable to create CA
>
> #######################################################################
>
> 2011-05-09 10:17:47,039 DEBUG stderr=java.lang.Exception: Invalid clone_uri
> at ConfigureCA.SecurityDomainLoginPanel(ConfigureCA.java:384)
> at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1239)
> at ConfigureCA.main(ConfigureCA.java:1761)
>
> 2011-05-09 10:17:47,040 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname vm-102.idm.lab.bos.redhat.com -cs_port 9445 -client_certdb_dir /tmp/tmp-Ou9Wd4 -client_certdb_pwd 'XXXXXXXX' -preop_pin qTFTDIjO9j9LdtvjLCz1 -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IDM.LAB.BOS.REDHAT.COM" -ldap_host vm-102.idm.lab.bos.redhat.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_server_cert_subject_name "CN=vm-102.idm.lab.bos.redhat.co
m,O=IDM.LAB.BOS.REDHAT.COM" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IDM.LAB.BOS.REDHAT.COM" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IDM.LAB.BOS.REDHAT.COM" -external false -clone true -clone_p12_file ca.p12 -clone_p12_password 'XXXXXXXX' -sd_hostname ipa.idm.lab.bos.redhat.com -sd_admin_port 9445 -sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri https://ipa.idm.lab.bos.redhat.com:9444' returned non-zero exit status 255
> 2011-05-09 10:17:47,070 DEBUG Configuration of CA failed
> File "/usr/sbin/ipa-replica-install", line 543, in<module>
> main()
>
> File "/usr/sbin/ipa-replica-install", line 486, in main
> (CA, cs) = install_ca(config)
>
> File "/usr/sbin/ipa-replica-install", line 186, in install_ca
> subject_base=config.subject_base)
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance
> self.start_creation("Configuring certificate server", 360)
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 289, in start_creation
> method()
> ...
>
> Did that worked for you?
It worked for me, I remember testing both. Ade, do you know what would
cause dogtag to throw "Invalid clone_uri"?
rob
More information about the Freeipa-devel
mailing list