So I had a running replica on CentOS 7 LXC which started giving me
trouble, so I decided to rebuild it.
Now, when running ipa-replica install I get:
2018-11-04T20:12:20Z DEBUG stderr=pkispawn : ERROR .......
subprocess.CalledProcessError: Command '['sysctl',
'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!
2018-11-04T20:12:20Z CRITICAL Failed to configure CA instance: Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpyZ34z1' returned non-zero exit status 1
, which seems to cause this to fail. Googling around, I find this thread:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
, where apparently two bugs were filed to fix this- and they were fixed.
Are they supposed to land on CentOS 7?
The bug was in dogtag and not in IPA. It looks like this is only fixed
in 10.6.3+ upstream. I don't know if they have or plan to backport this
to 10.5.x.
The fix is
so I guess worst-case you could manually make the changes before installing.
rob