Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-75970

Uninstall with externally-signed CA leaves/root/.dogtag/pki-tomcat/ca

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-10.0
    • rhel-10.0
    • dogtag-pki
    • None
    • dogtag-pki-11.6.0-1.el10
    • Yes
    • Moderate
    • rhel-idm-cs
    • ssg_idm
    • 0
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • None

      Test scenario:

      enable the copr repos @pki/master and @freeipa/freeipa-master-nightly, install freeipa-server-dns
      do the first step of IPA installation with an externally-signed CA: ipa-server-install -n ipa.test -r IPA.TEST -a Secret123 -p Secret123 --setup-dns --forwarder 10.11.5.160 --external-ca --external-ca-type=ms-cs --external-ca-profile=1.2.3.4:100 -U
      call uninstall because you realize the wrong profile was used: ipa-server-install --uninstall -U
      The directory /root/.dogtag/pki-tomcat/ca is still present and contains left-overs:

      1. ls /root/.dogtag/pki-tomcat/ca
        alias password.conf pkcs12_password.conf

      re-do the first step of IPA installation with a different profile: ipa-server-install -n ipa.test -r IPA.TEST -a Secret123 -p Secret123 --setup-dns --forwarder 10.11.5.160 --external-ca --external-ca-type=ms-cs --external-ca-profile=1.2.3.4:200 -U
      The installation fails because the directory /root/.dogtag/pki-tomcat/ca already exists:

      Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
      [1/16]: configuring certificate server instance
      Failed to configure CA instance
      See the installation logs and the following files/directories for more information:
      /var/log/pki/pki-tomcat
      [error] RuntimeError: CA configuration failed.
      CA configuration failed.
      The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

      Content of /var/log/ipaserver-install.log:

      INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg
      DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca
      DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca
      ERROR: FileExistsError: [Errno 17] File exists: '/root/.dogtag/pki-tomcat/ca'
      File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 594, in main
      deployer.spawn()
      File "/usr/lib/python3.9/site-packages/pki/server/deployment/_init_.py", line 5867, in spawn
      scriptlet.spawn(self)
      File "/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/security_databases.py", line 46, in spawn
      deployer.init_client_nssdb()
      File "/usr/lib/python3.9/site-packages/pki/server/deployment/_init_.py", line 972, in init_client_nssdb
      pki.util.makedirs(
      File "/usr/lib/python3.9/site-packages/pki/util.py", line 118, in makedirs
      os.makedirs(path, mode=mode, exist_ok=exist_ok)
      File "/usr/lib64/python3.9/os.py", line 225, in makedirs
      mkdir(name, mode)

              edewata Endi Dewata
              rhn-support-amore Anuja More
              RHCS Maintenance RHCS Maintenance
              IdM CS QE IdM CS QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: