Hi, can you provide the logs of the replica installation (/var/log/ipareplica-install.log and /var/log/pki/pki-ca-spawn.$date.log) ? In the logs you can find which server was used to initialize the data (look for a line with ipa-replica-conncheck), the logs from this server may also be useful (/var/log/httpd/error_log).
flo On Mon, Jul 5, 2021 at 5:23 PM Rolf Linder via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hey there > > Using freeipa on centos (ipa-server-4.6.8-5.el7.centos.6.x86_64) we fail > to add an additional replica, but only when enabling CA services (option > "--setup-ca"). > We use the following command to stage a new replica (and have in the past): > > > ipa-replica-install --principal admin --admin-password ${adminpw} > --setup-dns --no-dnssec-validation --no-forwarder --setup-ca --domain > lxusp.local --server [master-idm-node] > > which we have used to stage the previous replicas too. > Log (/var/log/ipareplica-install.log) shows that its stuck in state > > > DEBUG certmonger request is in state dbus.String(u'SUBMITTING', > variant_level=1) > > Repeated until then aborted by a timeout message (and non-functional > replica). > > Since there are only outdated reports (>2 years old) about slightly > similar (but not matching!) behavior like > https://bugzilla.redhat.com/show_bug.cgi?id=1623113 we kindly ask if > anyone can help here. > > Best regards, > Rolf > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure