Martin Kosek wrote:
On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.
ticket 1052
rob
Looks good for both server and a client install with a custom hostname.
However, I was unable to install a CA-powered replica, when a master was
configured with custom hostname:
ipareplica-install.log:
...
#############################################
Attempting to connect to: vm-102.idm.lab.bos.redhat.com:9445
Connected.
Posting Query =
https://vm-102.idm.lab.bos.redhat.com:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6792677911037453899&xml=true
RESPONSE STATUS: HTTP/1.1 200 OK
RESPONSE HEADER: Server: Apache-Coyote/1.1
RESPONSE HEADER: Content-Type: text/html;charset=UTF-8
RESPONSE HEADER: Date: Mon, 09 May 2011 14:17:46 GMT
RESPONSE HEADER: Connection: close
Exception in SecurityDomainLoginPanel(): java.lang.Exception: Invalid clone_uri
ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure
ERROR: unable to create CA
#######################################################################
2011-05-09 10:17:47,039 DEBUG stderr=java.lang.Exception: Invalid clone_uri
at ConfigureCA.SecurityDomainLoginPanel(ConfigureCA.java:384)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1239)
at ConfigureCA.main(ConfigureCA.java:1761)
2011-05-09 10:17:47,040 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA
-cs_hostname vm-102.idm.lab.bos.redhat.com -cs_port 9445 -client_certdb_dir /tmp/tmp-Ou9Wd4 -client_certdb_pwd 'XXXXXXXX'
-preop_pin qTFTDIjO9j9LdtvjLCz1 -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password 'XXXXXXXX'
-agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
"CN=ipa-ca-agent,O=IDM.LAB.BOS.REDHAT.COM" -ldap_host vm-102.idm.lab.bos.redhat.com -ldap_port 7389 -bind_dn
"cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa
-key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_ocsp_cert_subject_name
"CN=OCSP Subsystem,O=IDM.LAB.BOS.REDHAT.COM" -ca_server_cert_subject_name "CN=vm-102.idm.lab.bos.redhat.co
m,O=IDM.LAB.BOS.REDHAT.COM" -ca_audit_signing_cert_subject_name "CN=CA
Audit,O=IDM.LAB.BOS.REDHAT.COM" -ca_sign_cert_subject_name "CN=Certificate
Authority,O=IDM.LAB.BOS.REDHAT.COM" -external false -clone true -clone_p12_file ca.p12
-clone_p12_password 'XXXXXXXX' -sd_hostname ipa.idm.lab.bos.redhat.com -sd_admin_port 9445
-sd_admin_name admin -sd_admin_password 'XXXXXXXX' -clone_start_tls true -clone_uri
https://ipa.idm.lab.bos.redhat.com:9444' returned non-zero exit status 255
2011-05-09 10:17:47,070 DEBUG Configuration of CA failed
File "/usr/sbin/ipa-replica-install", line 543, in<module>
main()
File "/usr/sbin/ipa-replica-install", line 486, in main
(CA, cs) = install_ca(config)
File "/usr/sbin/ipa-replica-install", line 186, in install_ca
subject_base=config.subject_base)
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 539, in configure_instance
self.start_creation("Configuring certificate server", 360)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
289, in start_creation
method()
...
Did that worked for you?
It worked for me, I remember testing both. Ade, do you know what would
cause dogtag to throw "Invalid clone_uri"?
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel