[Freeipa-users] Re: failing to add additional replica (already 3 in place)

Mon, 05 Jul 2021 23:49:40 -0700 

Hi,

can you provide the logs of the replica installation
(/var/log/ipareplica-install.log and /var/log/pki/pki-ca-spawn.$date.log) ?
In the logs you can find which server was used to initialize the data (look
for a line with ipa-replica-conncheck), the logs from this server may also
be useful (/var/log/httpd/error_log).

flo


On Mon, Jul 5, 2021 at 5:23 PM Rolf Linder via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hey there
>
> Using freeipa on centos (ipa-server-4.6.8-5.el7.centos.6.x86_64) we fail
> to add an additional replica, but only when enabling CA services (option
> "--setup-ca").
> We use the following command to stage a new replica (and have in the past):
>
> > ipa-replica-install --principal admin --admin-password ${adminpw}
> --setup-dns --no-dnssec-validation --no-forwarder --setup-ca --domain
> lxusp.local --server [master-idm-node]
>
> which we have used to stage the previous replicas too.
> Log (/var/log/ipareplica-install.log) shows that its stuck in state
>
> > DEBUG certmonger request is in state dbus.String(u'SUBMITTING',
> variant_level=1)
>
> Repeated until then aborted by a timeout message (and non-functional
> replica).
>
> Since there are only outdated reports (>2 years old) about slightly
> similar (but not matching!) behavior like
> https://bugzilla.redhat.com/show_bug.cgi?id=1623113 we kindly ask if
> anyone can help here.
>
> Best regards,
> Rolf
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to