On 06/01/18 19:54, lejeczek via FreeIPA-users wrote:

hi

I'm trying to install replica, process fails:
..
  [3/5]: creating anonymous principal
  [4/5]: starting the KDC
  [5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
  [1/2]: starting kadmin
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
  [1/3]: configuring TLS for DS instance
  [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Your system may be partly configured.
..
-- end


And if -replica failed as above then this also fails on the same candidate client:

# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and configuration! It is highly recommended to take a backup of existing data and configuration using ipa-backup utility before proceeding.

Are you sure you want to continue with the uninstall procedure? [no]: yes ipa.ipapython.install.cli.uninstall_tool(CompatServerMasterInstall): ERROR    Server removal aborted:

Replication topology in suffix 'domain' is disconnected:
Topology does not allow server swir.priv.xx.xx.priv.xx.xx.x to replicate with servers:
    lxc-ipa1-swir.priv.xx.xx.priv.xx.xx.x.
ipa.ipapython.install.cli.uninstall_tool(CompatServerMasterInstall): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information



and in intall log file:
..
2018-01-06T13:50:29Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -A -n PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
2018-01-06T13:50:29Z DEBUG Process finished, return code=0
2018-01-06T13:50:29Z DEBUG stdout=
2018-01-06T13:50:29Z DEBUG stderr=
2018-01-06T13:50:30Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1) 2018-01-06T13:50:35Z DEBUG certmonger request is in state dbus.String(u'CA_UNREACHABLE', variant_level=1)
2018-01-06T13:50:35Z DEBUG Traxx.ck (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 824, in __enable_ssl
    post_command=cmd)
  File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 317, in request_and_wait_for_cert     raise RuntimeError("Certificate issuance failed ({})".format(state))
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)

2018-01-06T13:50:35Z DEBUG   [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) 2018-01-06T13:50:35Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-
...
-- end

Would this be that new candidate's problem or some communication issues with existing server? Client installed (kind of)okey though.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to