Hi list. ipa2 node was promoted to ca with ipa-ca-instal and it shows all is good on its side:
[root@ipa2 ~]# ipa-replica-manage list ipa3: master ipa2: master [root@ipa2 ~]# ipa-csreplica-manage list ipa3: master ipa2: *master* [root@ipa2 ~]# ipa config-show |grep CA Certificate Subject base: O=removed IPA CA servers: *ipa2, ipa3* IPA CA renewal master: ipa3 [root@ipa2 ~]# ipa server-role-find | grep -A1 -B1 CA Server name: ipa2 Role name: CA server Role status: *enabled* -- Server name: ipa3 Role name: CA server Role status: *enabled* [root@ipa2 ~]# ipa-replica-manage list-ruv Replica Update Vectors: ipa2:389: 11 ipa3:389: 9 Certificate Server Replica Update Vectors: ipa2:389: 12 ipa3:389: 10 But ipa3 node doesn't see ipa2 as ca master: [root@ipa3 ~]# ipa-replica-manage list ipa3: master ipa2: master [root@ipa3 ~]# ipa-csreplica-manage list ipa3: master ipa2: *CA not configured* [root@ipa3 ~]# ipa config-show |grep CA Certificate Subject base: O=removed IPA CA servers: *ipa3* <----- no ipa2 here IPA CA renewal master: ipa3 [root@ipa3 ~]# ipa server-role-find | grep -B1 -A1 CA Server name: ipa2 Role name: CA server Role status: *absent* -- Server name: ipa3 Role name: CA server Role status: enabled [root@ipa3 ~]# ipa-replica-manage list-ruv Replica Update Vectors: ipa3:389: 9 ipa2:389: 11 Certificate Server Replica Update Vectors: ipa3:389: 10 ipa2:389: 12 Centos 7.9 FreeIPA, version: 4.6.8 What is the real situation here? Is there CA replication btw replicas or no? Is it possible to fix this and make ipa2 CA role visible on ipa3? Any extra information I can provide to fully understand the issue? Pavel
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
