URL: https://github.com/freeipa/freeipa/pull/574
Author: stlaz
Title: #574: ipa-replica-prepare fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/574/head:pr574
git checkout pr574

URL: https://github.com/freeipa/freeipa/pull/574
Author: stlaz
Title: #574: ipa-replica-prepare fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/574/head:pr574
git checkout pr574

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

MartinBasti commented:
"""
Can be this caused by your patch?
```
error exporting Server certificate: Command '/usr/bin/openssl pkcs12 -export -name KDC-Cert -in /tmp/tmpmS5rCkipa/realm_info/kdc.pem -out /tmp/tmpmS5rCkipa/realm_info/pkinitcert.p12 -passout file:/tmp/tmpmS5rCkipa/realm_info/pkinit_pin.txt' returned non-zero exit status 1
```

"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286172238

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

stlaz commented:
"""
Very unlikely but I'll investigate.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286204519

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

stlaz commented:
"""
My wild guess is that it might be caused by ba3c201a but not by this patchset as it does not touch it.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286212984

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

stlaz commented:
"""
Actually, this is most probably a privilege-separation issue since "kdc.pem" which we try to read here does not exist ever since.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286343464

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

stlaz commented:
"""
Actually, this is most probably a privilege-separation issue since "kdc.pem" which we try to read here does not exist ever since.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286343464

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

stlaz commented:
"""
@MartinBasti should be fixed in https://github.com/freeipa/freeipa/pull/580
"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286352636

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

Label: +ack

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

Label: +pushed

URL: https://github.com/freeipa/freeipa/pull/574
Title: #574: ipa-replica-prepare fix

MartinBasti commented:
"""
master:

* 992e6ecd1ff33f4f872e8f174bd426507c55f5c4 Fix ipa-replica-prepare server-cert creation
* 8980f4098ebf6b62556e24f090718802d1e495d3 Don't fail more if cert req/cert creation failed
"""

See the full comment at https://github.com/freeipa/freeipa/pull/574#issuecomment-286430379

URL: https://github.com/freeipa/freeipa/pull/574
Author: stlaz
Title: #574: ipa-replica-prepare fix
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/574/head:pr574
git checkout pr574