Its a bug. Basically, the d10 instance is trying to get an installation token from the security domain, using a new restful interface. This, on a dogtag 9 instance, results in a 404.
We need to change the d10 code to fall back to the old interface in case the new one does not work. https://fedorahosted.org/pki/ticket/334 has been created on dogtag trac, Ade On Wed, 2012-09-19 at 13:58 +0200, Martin Kosek wrote: > Hello Ade, > > I am continuing a testing of integration of dogtag10 + ipa 3.0 on Fedora 18. > After defining the missing apache-commons-codec.jar link + permissive SELinux, > clean IPA installation + cert operations works fine. I just hit an issue when > installing an F18+dogtag10 replica for a F17+dogtag9 master. > > Is this scenario still unsupported or is it a bug? > > (I am moving the whole dogtag10 development discussion outside of the previous > long thread since your and pviktori's patches have been accepted and pushed). > > ipa-replica-install output: > > # ipa-replica-install -p Secret123 -w Secret123 --setup-ca > ~/replica-info-vm-021.idm.lab.bos.redhat.com.gpg > Run connection check to master > Check connection from replica to remote master > 'vm-086.idm.lab.bos.redhat.com': > ... > > Connection from master to replica is OK. > > Connection check OK > Configuring ntpd > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > done configuring ntpd. > Configuring directory server for the CA: Estimated time 30 seconds > [1/3]: creating directory server user > [2/3]: creating directory server instance > [3/3]: restarting directory server > done configuring pkids. > Configuring certificate server: Estimated time 3 minutes 30 seconds > [1/15]: creating certificate server user > [2/15]: configuring certificate server instance > > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > Unexpected error - see /var/log/ipareplica-install.log for details: > IOError: [Errno 2] No such file or directory: > '/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12' > > > ipa+pki logs attached. > > Thanks, > Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel