> -----Original Message----- > From: Endi Sukma Dewata [mailto:edew...@redhat.com] > Sent: Saturday, 7 February 2015 1:53 AM > To: Martin Kosek; Les Stott; freeipa-users@redhat.com; Matthew Harmsen > Subject: Re: [Freeipa-users] bug in pki during install of CA replica and > workaround/solution > > On 2/6/2015 8:39 AM, Martin Kosek wrote: > >> Reinstalling the pki-selinux rpm (found references in some other forum > posts) via yum reinstall pki-selinux is not enough to help. > >> > >> The solution is as follows: > >> > >> yum downgrade pki-selinux pki-ca pki-common pki-setup pki-silent > >> pki-java-tools pki-symkey pki-util pki-native-tools which takes > >> components back to 9.0.3-32 then yum -y update pki-selinux pki-ca > >> pki-common pki-setup pki-silent pki-java-tools pki-symkey pki-util > >> pki-native-tools then (after cleaning up half installed pki > >> components) ipa-ca-install > >> /var/lib/ipa/replica-info-sb1sys02.mydomain.gpg > >> > >> Then, the CA replication completes successfully. > >> > >> Regards, > >> > >> Les > > > > I saw this one around, e.g. in: > > > > http://www.redhat.com/archives/freeipa-devel/2014- > May/msg00507.html > > > > Did you try reinstalling pki-selinux before ipa-server-install? > > > > Endi/Matthew, do we have a bug/fix for this? > > > > Thanks, > > Martin > > > > Yes, we have a ticket for this: > https://fedorahosted.org/pki/ticket/1243 > The default selinux-policy is version 3.7.19-231. It needs to be updated to at > least version 3.7.19-260. > > -- > Endi S. Dewata
I will test this out (update to 3.7.19-260) next week as I've got a few more CA replicas to setup. Thanks, Les -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project