Re: [Freeipa-devel] [PATCH] 762 Let the framework be able to override the hostname

Tue, 10 May 2011 07:09:08 -0700 

Martin Kosek wrote:

On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:

The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.

ticket 1052

rob


Looks good for both server and a client install with a custom hostname.
However, I was unable to install a CA-powered replica, when a master was
configured with custom hostname:

ipareplica-install.log:
...
#############################################
Attempting to connect to: vm-102.idm.lab.bos.redhat.com:9445
Connected.
Posting Query = 
https://vm-102.idm.lab.bos.redhat.com:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6792677911037453899&xml=true
RESPONSE STATUS:  HTTP/1.1 200 OK
RESPONSE HEADER:  Server: Apache-Coyote/1.1
RESPONSE HEADER:  Content-Type: text/html;charset=UTF-8
RESPONSE HEADER:  Date: Mon, 09 May 2011 14:17:46 GMT
RESPONSE HEADER:  Connection: close
Exception in SecurityDomainLoginPanel(): java.lang.Exception: Invalid clone_uri
ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure
ERROR: unable to create CA

#######################################################################

2011-05-09 10:17:47,039 DEBUG stderr=java.lang.Exception: Invalid clone_uri
         at ConfigureCA.SecurityDomainLoginPanel(ConfigureCA.java:384)
         at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1239)
         at ConfigureCA.main(ConfigureCA.java:1761)

2011-05-09 10:17:47,040 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA 
-cs_hostname vm-102.idm.lab.bos.redhat.com -cs_port 9445 -client_certdb_dir /tmp/tmp-Ou9Wd4 -client_certdb_pwd 'XXXXXXXX' 
-preop_pin qTFTDIjO9j9LdtvjLCz1 -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password 'XXXXXXXX' 
-agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
"CN=ipa-ca-agent,O=IDM.LAB.BOS.REDHAT.COM" -ldap_host vm-102.idm.lab.bos.redhat.com -ldap_port 7389 -bind_dn 
"cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa 
-key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal 
-ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_ocsp_cert_subject_name 
"CN=OCSP Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_server_cert_subject_name "CN=vm-102.idm.lab.bos.redhat.co

m,O=IDM.LAB.BOS.REDHAT.COM" -ca_audit_signing_cert_subject_name "CN=CA 
Audit,O=IDM.LAB.BOS.REDHAT.COM" -ca_sign_cert_subject_name "CN=Certificate 
Authority,O=IDM.LAB.BOS.REDHAT.COM" -external false -clone true -clone_p12_file ca.p12 
-clone_p12_password 'XXXXXXXX' -sd_hostname ipa.idm.lab.bos.redhat.com -sd_admin_port 9445 
-sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri 
https://ipa.idm.lab.bos.redhat.com:9444' returned non-zero exit status 255

2011-05-09 10:17:47,070 DEBUG Configuration of CA failed
   File "/usr/sbin/ipa-replica-install", line 543, in<module>
     main()

   File "/usr/sbin/ipa-replica-install", line 486, in main
     (CA, cs) = install_ca(config)

   File "/usr/sbin/ipa-replica-install", line 186, in install_ca
     subject_base=config.subject_base)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
line 539, in configure_instance
     self.start_creation("Configuring certificate server", 360)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
289, in start_creation
     method()
...

Did that worked for you?
It worked for me, I remember testing both. Ade, do you know what would cause dogtag to throw "Invalid clone_uri"? 

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to