On pe, 12 tammi 2018, lejeczek via FreeIPA-users wrote:
On 11/01/18 18:55, Florence Blanc-Renaud wrote:
>then the problem you are seeing is probably BZ 14852017 [RFE] If the
>umask is too restrictive the installation won't work [1]
>
>Did you install the master with a umask different from 022? In this
>case, some configuration files are probably not accessible by
>non-root user, and the httpd server - running as apache - cannot
>read files needed to establish the secure connection to dogtag.
>
>You can try to change the permissions for /etc/ipa/ca.crt and
>/var/lib/ipa/ra-agent.{key|pem} on the master:
>$ chmod 444 /etc/ipa/ca.crt
>$ chmod 440 /var/lib/ipa/ra-agent.*
>
>and re-try the replica installation.
>
>HTH,
>Flo
I'm double posting.. beware
Jesus freaking Christ.. (this comes after I produced a whole litany of
of bad words in my own language), sorry.
It almost drove me insane! no, really!
all these problems, all these errors, all because of my root's umask
027
Now having replica installed, I'll see how two servers behave in my
simple domain.
Guys, make it a very first check in installer code and make that
installer fail, and.. push out a new release with that little fix
like... yesterday(do not wait till it's properly fixed) You can still
save lives!
There is
https://pagure.io/freeipa/issue/7193 for that. Unfortunately,
it is not going to get into next RHEL update due to timing issues.
A patch is welcomed.
--
/ Alexander Bokovoy