[Freeipa-users] error while installin ipa-replica with ca

Martin Kosek mkosek at redhat.com
Mon Jan 11 11:55:52 UTC 2016 

On 01/11/2016 12:51 PM, Arthur Fayzullin wrote:
> Bingo!!!
> that it is!!!
> dm password contains % - symbol!
> 
> I am not sure but with previous versions that have not caused any problem.

Good :-)

Still, it would be nice to fix Dogtag installation procedures to not parse
passwords that way. Endi, please just make sure there is a Dogtag Bugzilla
filed and in some realistic milestone as this bug's root cause is not so obvious.

> 
> Thanks a lot!
> 
> 11.01.2016 16:48, Martin Kosek пишет:
>> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote:
>>> Good day, Colleagues!
>>>
>>> And Happy New Year!
>>>
>>> I have tried to install test stend with ipa v4.2 and 2 master-master
>>> servers.
>>>
>>> files /etc/hosts on both servers contain:
>>> 127.0.0.1   localhost localhost.localdomain localhost4
>>> localhost4.localdomain4
>>> ::1         localhost localhost.localdomain localhost6
>>> localhost6.localdomain6
>>>
>>> 10.254.1.114 radipa00.test.ckt radipa00
>>> 10.254.1.154 radipa01.test.ckt radipa01
>>>
>>> prepare key for replica server:
>>> [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154
>>> radipa01.test.ckt
>>>
>>> copy it to replica:
>>> [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>>> root at radipa01.test.ckt:/var/lib/ipa/
>>>
>>> then on replica start installation:
>>> [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra
>>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns
>>> --forwarder=77.88.8.7 --forwarder=77.88.8.3
>>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg
>>>
>>> and!!! I have got such error:
>>>   [2/23]: configuring certificate server instance
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
>>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
>>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
>>> installation logs and the following files/directories for more information:
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
>>> /var/log/pki-ca-install.log
>>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL  
>>> /var/log/pki/pki-tomcat
>>>   [error] RuntimeError: CA configuration failed.
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> log file contains this error:
>>> [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log
>>>     'application_version': '[APPLICATION_VERSION]'}
>>> 2016-01-11 15:06:34 pkispawn    : ERROR    ....... Deployment file could
>>> not be parsed correctly.  This might be because of unescaped '%%'
>>> characters.  You must escape '%%' characters in deployment files
>>> (example - 'setting=foo%%%%bar').
>>> 2016-01-11 15:06:34 pkispawn    : ERROR    ....... Interpolation error
>>> ('%' must be followed by '%' or '(', found: '%')
>>>
>>> I have reproduced that error several times with cenos7 and fedora23
>>> installations.
>>>
>>> I am really confused if I am doing something wrong or may it is
>>> something else...
>>> what it can be?
>>> ____________
>>> Best wishes!
>> CCing Endi. There used to be an error, when DM password (used also for Dogtag)
>> contained special characters, PKI installer choked on it. I could not find the
>> bug number right now.
>

More information about the Freeipa-users mailing list