ipa-replica-prepare fails

Bug #1449304 reported by Eric Heydrick on 2015-04-27
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeipa (Debian)
Fix Released
freeipa (Ubuntu)

Bug Description

Running ipa-replica-prepare results in an error due to gnupg-agent missing:

# ipa-replica-prepare somehost
Directory Manager (existing master) password:

Preparing replica for somehost from someotherhost
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Saving dogtag Directory Server port
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-somehost.gpg
[Errno 2] No such file or directory

Installing the gnupg-agent package results in success. Seems like freeipa-server should depend on gnugp-agent.

Package info:

  Installed: 4.0.5-3
  Candidate: 4.0.5-3
  Version table:
 *** 4.0.5-3 0
        500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ vivid/universe amd64 Packages
        100 /var/lib/dpkg/status

Platform info:

Distributor ID: Ubuntu
Description: Ubuntu 15.04
Release: 15.04
Codename: vivid

Timo Aaltonen (tjaalton) wrote :

You won't be able to create a replica anyway berore 4.2, because our libldap is built against gnutls and not nss

Eric Heydrick (eheydrick) wrote :

Good to know, is that why I'm getting this error on replica setup? There's no way to get replication on Ubuntu?

  [24/34]: setting up initial replication
Starting replication, please wait until this has completed.

[ipa1.somdomain] reports: Update failed! Status: [-11 - LDAP error: Connect error]

Timo Aaltonen (tjaalton) wrote :

yep, no way until maybe 4.2 if it replaces the ldaps connection on replica setup with GSSAPI..

Changed in freeipa (Debian):
status: Unknown → New
Malte Dik (login-k) wrote :


I can also confirm and will happily wait for 4.2.

Thank you for packaging, it worked great except this little thing!



Timo Aaltonen (tjaalton) wrote :

changed the title, gpg-agent addition is handled in bug 1492184

FYI, it'll be 4.3 that should support replica installation with GSSAPI

summary: - ipa-replica-prepare fails due to gnupg-agent missing
+ ipa-replica-prepare fails
Changed in freeipa (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Eric Heydrick (eheydrick) wrote :

4.3 is out. What would take to get it packaged?

Timo Aaltonen (tjaalton) wrote :

still needs bind 9.10.x in order to get past 4.1

Launchpad Janitor (janitor) wrote :
Download full text (4.5 KiB)

This bug was fixed in the package freeipa - 4.3.1-0ubuntu1

freeipa (4.3.1-0ubuntu1) xenial; urgency=medium

  * Sync from Debian.

freeipa (4.3.1-1) unstable; urgency=medium

  * New upstream release. (Closes: #781607, #786411) (LP: #1449304)
    - drop no-test-lang.diff, obsolete
  * fix-match-hostname.diff, control: Drop the patch and python-openssl
    deps, not needed anymore
  * rules, platform, server.dirs, server.install:
    Add support for DNSSEC.
  * control, rules: Add support for kdcproxy.
  * control, server: Migrate to mod-auth-gssapi.
  * control, rules, fix-ipa-conf.diff: Add support for custodia.
  * control:
    - Add python-cryptography to build-deps and python-freeipa deps.
    - Add libp11-kit-dev to build-deps, p11-kit to server deps.
    - Depend on python-gssapi instead of python-kerberos/-krbV.
    - Add libini-config-dev and python-dbus to build-deps, replace wget
      with curl.
    - Bump libkrb5-dev build-dep.
    - Add pki-base to build-deps and pki-kra to server deps, bump pki-ca
    - Drop python-m2crypto from deps, obsolete.
    - Bump sssd deps to 1.13.1.
    - Add python-six to build-deps and python-freeipa deps.
    - Split python stuff from server, client, tests to python-
      ipa{server,client,tests}, rename python-freeipa to match and move
      translations to freeipa-common. Mark them Arch:all where possible,
      and add Breaks/Replaces.
    - Add oddjob to server and oddjob-mkhomedir to client deps.
    - Add python-setuptools to python-ipalib deps.
    - Bump 389-ds-base* deps.
    - Bump server and python-ipaserver dependency on python-ldap to 2.4.22
      to fix a bug on ipa-server-upgrade.
    - Add pki-tools to python-ipaserver deps.
    - Add zip to python-ipaserver depends.
    - Add python-systemd to server depends.
    - Add opendnssec to freeipa-server-dns depends.
    - Add python-cffi to python-ipalib depends.
    - Bump dep on bind9-dyndb-ldap.
    - Bump certmonger dependency to version that has helpers in the correct
  * patches:
    - prefix.patch: Fix ipalib install too.
    - Drop bits of platform.diff and other patches that are now upstream.
    - fix-kdcproxy-paths.diff: Fix paths in kdcproxy configs.
    - fix-oddjobs.diff: Fix paths and uids in oddjob configs.
    - fix-replicainstall.diff: Use ldap instead of ldaps for conncheck.
    - fix-dnssec-services.diff: Debianize ipa-dnskeysyncd & ipa-ods-
      exporter units.
    - create-sysconfig-ods.diff: Create an empty file for opendnssec
      daemons, until opendnssec itself is fixed.
    - purge-firefox-extension.diff: Clean obsolete kerberosauth.xpi.
    - enable-mod-nss-during-setup.diff: Split from platform.diff, call
      a2enmod/a2dismod from httpinstance.py.
    - fix-memcached.diff: Split from platform.diff, debianize memcached
      conf & unit.
    - hack-libarch.diff: Don't use fedora libpaths.
  * add-debian-platform.diff:
    - Update paths.py to include all variables, comment out ones we don't
    - Use systemwide certificate store; put ipa-ca.crt in
      /usr/local/share/ca-certificates, and run update-ca-certificates
    - Map smb service to smbd (...


Changed in freeipa (Ubuntu):
status: Triaged → Fix Released
Changed in freeipa (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.