[Freeipa-users] ipa-replica install failing
David Christensen
David.Christensen at viveli.com
Wed Sep 30 19:09:51 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When I installed my first ipa server I used the self signed ssl cert and
soon followed up with a replica. Shortly after installing the replica I
attempted to import a wild card CA signed cert and ran into an issue.
I discovered (thanks to the helpful folks on the FREEIPA irc, that a
regex in /usr/lib/python2.5/site-packages/ipaserver/certs.py for
root_nickname was bad. I modified root_nickname = re.match('\
*"(.*)".*', chain[0]).groups()[0] to re.match('\ *"(.*)" \[.*',
chain[0]).groups()[0] and was able to import the cert.
I had to do the same thing to the replica and replication continued.
Now I am trying to create a 3rd replica and have run into what I think
is a similar issue. I can export the replica package from the "master"
ipa server using the pk12 options however the replica install fails.
I ran the debug on the replica install and this is where the install fails:
root : INFO
creation of replica failed: Could not find a CA cert in
/tmp/tmplO4Bp3ipa/realm_info/dscert.p12
root : DEBUG Could not find a CA cert in
/tmp/tmplO4Bp3ipa/realm_info/dscert.p12
File "/usr/sbin/ipa-replica-install", line 294, in <module>
main()
File "/usr/sbin/ipa-replica-install", line 244, in main
ds = install_ds(config)
File "/usr/sbin/ipa-replica-install", line 115, in install_ds
ds.create_instance(config.ds_user, config.realm_name,
config.host_name, config.domain_name, config.dirman_password, pkcs12_info)
File "/usr/lib/python2.5/site-packages/ipaserver/dsinstance.py", line
193, in create_instance
self.start_creation("Configuring directory server:")
File "/usr/lib/python2.5/site-packages/ipaserver/service.py", line
139, in start_creation
method()
File "/usr/lib/python2.5/site-packages/ipaserver/dsinstance.py", line
345, in __enable_ssl
ca.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1])
File "/usr/lib/python2.5/site-packages/ipaserver/certs.py", line 472,
in create_from_pkcs12
raise RuntimeError("Could not find a CA cert in %s" % pkcs12_fname)
Your system may be partly configured.
Is this issue similar to what I experienced with the ssl cert import or
is it something entirely different?
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkrDrP8ACgkQ5B+8XEnAvqtBCgCgnO75V05RxkDtpxTzK0gdk1Cg
pRQAniFkA0G4JHjChzeyZ7bP/oTHTurz
=F7r+
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list