I'm trying to setup a third replica server using the ansible_freeipa.ipareplica
role.
The role fails on the following step:
"[freeipa.ansible_freeipa.ipaclient : Install - Join IPA]":
"servers": [
"192.168.1.100", (replica1.example.com
"192.168.1.101" (replica2.example.com
]
"msg": "Cannot obtain CA certificate\nHTTP certificate download requires
--force"
Following playbook:
roles:
- role: freeipa.ansible_freeipa.ipareplica
vars:
ipareplica_servers: ["replica1.example.com", "replica1.example.com"]
....
replica1 (master with CA) and replica2 already exists. I introduced replica2 to
the ipareplica_servers variable, as seen above. If I remove replica2, I'm able
to install and setup replica3, but from my understanding I'll be stuck with
following topology:
replica2 <---> replica1 <---> replica3
When I in reality want:
replica2 <---> replica1 <---> replica3
^--------------------------------------^
I've also experienced a lot of errors with Install - Setup DS, after an
uninstall: /usr/sbin/ipa-getkeytab Failed to parse result: Insufficient access
rights\\n\\nFailed to get keytab!.
Doesn't seem like the role cleans up properly.
I struggle to understand this error, since the topology shows only Domain in
the UI.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
