On Sat, Jan 13, 2018 at 11:09:59AM +0100, Aljaž Srebrnič via FreeIPA-users 
wrote:
> Hello!
> Yesterday I tried migrating a physical machine (ipa1) that was a FreeIPA CA 
> CRL master in my VM cluster. I followed the guide at [1] to migrate che CRL 
> master to another replica (ipa2) and uninstalled the replica ipa1. Then I set 
> up a VM with the same hostname and IP address as the physical machine, and 
> installed Fedora 27.
> 
> When I tried setting up the replica with CA, the install stopped at:
> [4/25]: configuring certificate server instance
> 
Hi Aljaž,

What does "stopped" mean?  Did it hang, or exit with error?

> And in my /var/log/pki/pki-tomcat/ca/debug I see a bunch of log entries like 
> this, with increasing time stamps:
> 
> Unable to read key retriever class from CS.cfg: Property 
> features.authority.keyRetrieverClass missing value
> Retrying in 14778 seconds
> 
> I checked the /etc/pki/pki-tomcat/ca/CS.cfg file and I don’t actually have 
> that entry at all, I only have:
> 
> features.authority.description=Lightweight CAs
> features.authority.enabled=true
> features.authority.version=1.0
> 
> However, if I manually add them by copying the value from the good replica, 
> nothing changes and the installer is still blocked on that line (maybe the 
> CS.cfg file isn’t re-read on each retry).
> 
> Moreover, it looks like that file (CS.cfg) is generated by the installer 
> script…
> 
> How can I solve this?
> 
Please file a ticket and attach logs; in particular:

- /var/log/pki/pki-tomcat/ca/debug
- /var/log/pki/pki-ca-spawn.<timestamp>.log
- /var/log/ipareplica-install.log

Thanks,
Fraser
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to