[Freeipa-users] ipa-replica install failing

David Christensen David.Christensen at viveli.com
Wed Sep 30 19:09:51 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When I installed my first ipa server I used the self signed ssl cert and
soon followed up with a replica.  Shortly after installing the replica I
 attempted to import a wild card CA signed cert and ran into an issue.

I discovered (thanks to the helpful folks on the FREEIPA irc, that a
regex in /usr/lib/python2.5/site-packages/ipaserver/certs.py for
root_nickname was bad.  I modified root_nickname = re.match('\
*"(.*)".*', chain[0]).groups()[0] to re.match('\ *"(.*)" \[.*',
chain[0]).groups()[0] and was able to import the cert.

I had to do the same thing to the replica and replication continued.

Now I am trying to create a 3rd replica and have run into what I think
is a similar issue.  I can export the replica package from the "master"
ipa server using the pk12 options however the replica install fails.

I ran the debug on the replica install and this is where the install fails:

root        : INFO
creation of replica failed: Could not find a CA cert in
/tmp/tmplO4Bp3ipa/realm_info/dscert.p12
root        : DEBUG    Could not find a CA cert in
/tmp/tmplO4Bp3ipa/realm_info/dscert.p12
  File "/usr/sbin/ipa-replica-install", line 294, in <module>
    main()

  File "/usr/sbin/ipa-replica-install", line 244, in main
    ds = install_ds(config)

  File "/usr/sbin/ipa-replica-install", line 115, in install_ds
    ds.create_instance(config.ds_user, config.realm_name,
config.host_name, config.domain_name, config.dirman_password, pkcs12_info)

  File "/usr/lib/python2.5/site-packages/ipaserver/dsinstance.py", line
193, in create_instance
    self.start_creation("Configuring directory server:")

  File "/usr/lib/python2.5/site-packages/ipaserver/service.py", line
139, in start_creation
    method()

  File "/usr/lib/python2.5/site-packages/ipaserver/dsinstance.py", line
345, in __enable_ssl
    ca.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1])

  File "/usr/lib/python2.5/site-packages/ipaserver/certs.py", line 472,
in create_from_pkcs12
    raise RuntimeError("Could not find a CA cert in %s" % pkcs12_fname)


Your system may be partly configured.

Is this issue similar to what I experienced with the ssl cert import or
is it something entirely different?

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkrDrP8ACgkQ5B+8XEnAvqtBCgCgnO75V05RxkDtpxTzK0gdk1Cg
pRQAniFkA0G4JHjChzeyZ7bP/oTHTurz
=F7r+
-----END PGP SIGNATURE-----

More information about the Freeipa-users mailing list