Ok, I just went through process of migrating our IPA setup from 4.1.2 running on Fedora 20 (?? may have been 21) to 4.1.4 on CentOS 7 (MKosek Copr version) and run into a nasty bug. The replica-install crashes during CA configuration with something like:
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpXXXXXX'' returned non-zero exit status 1 Skipping CA works, but I needed the CA. Upon digging into this, I found the issue appears to be in pki python, in file: /usr/lib/python2.7/site-packages/pki/system.py It looks like it makes a call to "/ca/rest/securityDomain/domainInfo" and gets an XML doc which it converts to JSON. Somehow it gets mangled before it looks at it. XML has outermost tag of "DomainInfo" - but JSON starts with "Subsystem" (one layer lower) - I am guessing JSON converted strips the "root" tag. I bypassed this by hardcoding id as "IPA" - but obviously that is sub-optimal Looking at Fedora box, it looks like the difference is in the version of PKI package that provides the lib - on Centos you get pki-base 10.1.2 (pki-base-10.1.2-7.1.el7.centos.noarch) - while on Fedore it was a 10.2 branch (and significantly different content in that file) Anyway, I saw some reports of this bug in searches and no answers - so I figured I would offer this pointer in (hopefully) the right direction. -M
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
