← Back to team overview

freeipa team mailing list archive

  1. freeipa team
  2. Mailing list archive
  3. Message #00100

[Bug 1024765] [NEW] ipa-client-install failes at certutil stage because /etc/pki doesn't exists

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Dear Colleagues,

ipa-client-install fails at the import stage of the freeipa server cert.

Created /etc/ipa/default.conf
New SSSD config will be created.
Configured /etc/sssd/sssd.conf
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1292, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1279, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1124, in install
    run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
  File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run
    raise CalledProcessError(p.returncode, args)
subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255


It looks like the patch create_client_dirs.patch needs to be refreshed to:

1. check if /etc/pki exists
2. if not, create it

this is important especially for debian and ubuntu, because /etc/pki
is/was fedora/rhel specific

Regards,

\sh

** Affects: freeipa (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1024765

Title:
  ipa-client-install failes at certutil stage because /etc/pki doesn't
  exists

Status in “freeipa” package in Ubuntu:
  New

Bug description:
  Dear Colleagues,

  ipa-client-install fails at the import stage of the freeipa server
  cert.

  Created /etc/ipa/default.conf
  New SSSD config will be created.
  Configured /etc/sssd/sssd.conf
  Traceback (most recent call last):
    File "/usr/sbin/ipa-client-install", line 1292, in <module>
      sys.exit(main())
    File "/usr/sbin/ipa-client-install", line 1279, in main
      rval = install(options, env, fstore, statestore)
    File "/usr/sbin/ipa-client-install", line 1124, in install
      run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
    File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run
      raise CalledProcessError(p.returncode, args)
  subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255

  
  It looks like the patch create_client_dirs.patch needs to be refreshed to:

  1. check if /etc/pki exists
  2. if not, create it

  this is important especially for debian and ubuntu, because /etc/pki
  is/was fedora/rhel specific

  Regards,

  \sh

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next