On Wed, Feb 26, 2020 at 12:42 PM LHEUREUX Bernard <[email protected]> wrote: > > I tried multiple times to solve the upgrade fail, but didn't I finally > decided to completely reinstall that machine from scratch but the > ipa-replica-install always refuse to perform to the end... > I'm really stuck...
The update tooling updates FreeIPA data and this is replicated to other masters. The update failure might indicate a deeper problem with your cluster which might already be in a state where no new replica can be installed until the problem is fixed. Without more data from the attempted update as you erased the machine, nor PKI logs as asked below, I'm not sure how to proceed further. > -----Message d'origine----- > De : François Cami [mailto:[email protected]] > Envoyé : mercredi 26 février 2020 12:23 > À : FreeIPA users list <[email protected]> > Cc : LHEUREUX Bernard <[email protected]> > Objet : Re: [Freeipa-users] recuring error during ipa-replica-install > > Hi, > > On Wed, Feb 26, 2020 at 12:17 PM LHEUREUX Bernard via FreeIPA-users > <[email protected]> wrote: > > > > Hi all, > > > > > > > > I would linke to reinstall a replica for my FreeIPA infra that has > > failed its ipa-server-upgrade after the updat’e of CentOS > > ipa-server-4.6.5-11.el7.centos.4.x86_64, a few days ago… > > How did the upgrade fail? Do you still have the upgrade logs? > Did you fix the problem in the meantime? > > > But everytime I try I get the following error on that machine : > > > > > > > > Configuring ipa-custodia > > > > [1/4]: Generating ipa-custodia config file > > > > [2/4]: Generating ipa-custodia keys > > > > [3/4]: starting ipa-custodia > > > > [4/4]: configuring ipa-custodia to start on boot > > > > Done configuring ipa-custodia. > > > > Configuring certificate server (pki-tomcatd). Estimated time: 3 > > minutes > > > > [1/29]: creating certificate server db > > > > [2/29]: setting up initial replication > > > > Starting replication, please wait until this has completed. > > > > Update in progress, 4 seconds elapsed > > > > Update succeeded > > > > > > > > [3/29]: creating ACIs for admin > > > > [4/29]: creating installation admin user > > > > [5/29]: configuring certificate server instance > > > > ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA > > instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjRZhjK' > > returned non-zero exit status 1 > > > > ipaserver.install.dogtaginstance: CRITICAL See the installation logs and > > the following files/directories for more information: > > > > ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat > > > > [error] RuntimeError: CA configuration failed. > > The PKI logs at /var/log/pki/pki-tomcat should help, but if the > above-mentioned upgrade failed maybe something is broken in your infra, > resulting in an inability to install new replica until you fix that. > > Does CA-less replica installation work? > > François > > > > Your system may be partly configured. > > > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > > > > > ipapython.admintool: ERROR CA configuration failed. > > > > ipapython.admintool: ERROR The ipa-replica-install command failed. See > > /var/log/ipareplica-install.log for more information > > > > > > > > I cannot find any relevant info in the logs to tell me what could be > > done… > > > > > > > > Do you have an idea ? > > > > > > > > --- > > > > Bernard Lheureux > > > > Linux System Engineer > > > > IT Infra > > > > > > > > > > > > Rue Fivé 150, B-4100 Seraing > > > > GSM: +32-475-530311 > > > > http://www.nethys.be > > > > > > > > > > > > > > > > Ce message transmis par voie électronique ainsi que toutes ses annexes > > contiennent des informations qui peuvent être confidentielles ou protégées. > > Ces informations sont uniquement destinées à l’usage des personnes ou des > > entités précisées dans les champs ‘A’, ‘Cc’ et ‘Cci’. Si vous n’êtes pas > > l’un de ces destinataires, soyez conscient que toute forme, partielle ou > > complète, de divulgation, copie, distribution ou utilisation de ces > > informations est strictement interdite. Si vous avez reçu ce message par > > erreur, veuillez nous en informer par téléphone ou par message électronique > > et détruire les informations immédiatement. Ce message n’engage que son > > signataire et aucunement son employeur. > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > > To unsubscribe send an email to > > [email protected] > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > ahosted.org > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
