Hello guys,
I have problems with creation freeipa master replica.

ipa --version
VERSION: 4.3.1, API_VERSION: 2.164
Master server Idp+self sign CA

I want create full replica of master server
Host for replica in domain (ipa-client-install -U --domain= --server=
ipa1.itcapital.io --password= --principal=--hostname= --no-ntp --mkhomedir)

I try to create replica:
ipa-replica-install --hostname=<domain name> --domain=<domain name>
--server=<ipa server name> --password=XXXXXX --principal=admin --setup-ca

Replica installation success but CA replica creation failed:

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
  [1/23]: creating certificate server user
  [2/23]: creating certificate server db
  [3/23]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded

  [4/23]: creating installation admin user
  [5/23]: setting up certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure
CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjnucvO' returned
non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    CA configuration
failed.
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information

Maybe somebody has information about this issue?


-- 
Best regards,
*Oleg Danilovich*
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to