From dbb98765d73519289ee22f3de1a5ccde140f6f5d Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Tue, 29 Nov 2016 21:15:29 +0100 Subject: Check the result of cert request in replica installer When running ipa-replica-install in domain-level 1, the installer requests the LDAP and HTTP certificates using certmonger but does not check the return code. The installer goes on and fails when restarting dirsrv. Fix: when certmonger was not able to request the certificate, raise an exception and exit from the installer: [28/45]: retrieving DS Certificate [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Certificate issuance failed (CA_UNREACHABLE) ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information https://fedorahosted.org/freeipa/ticket/6514 Reviewed-By: Tomas Krizek --- ipalib/install/certmonger.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ipalib') diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py index 6f0948af6..3ea900b18 100644 --- a/ipalib/install/certmonger.py +++ b/ipalib/install/certmonger.py @@ -312,9 +312,10 @@ def request_and_wait_for_cert( state = wait_for_request(reqId, timeout=60) ca_error = get_request_value(reqId, 'ca-error') if state != 'MONITORING' or ca_error: - raise RuntimeError("Certificate issuance failed") + raise RuntimeError("Certificate issuance failed ({})".format(state)) return reqId + def request_cert( nssdb, nickname, subject, principal, passwd_fname=None, dns=None, ca='IPA', profile=None, pre_command=None, post_command=None): -- cgit