Hi, So i have spent quite some time trying to get out of the swamp that is centos stream 8 and back to something with a actual upgrade path, fedora =)
Everything works except the ipa-ca-install on the replica - mostly fails at the same step At some point the conncheck failed, dropping me in to a prompt asking for the password of a admin-<machine> account Anyway, I do know about the issue with - vs _ and validated on master, changed on replica as detailed here: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/IHIPPVMMIWV2TL7BNLW55XII3OIQ62HK/ But it still fails.. Oh and btw, none of the machines are running any firewalls =) Anyone that has a clue of what to test next? Btw, it's 4.9 to 4.11 if there is other issues with interoperability ipa-ca-install --skip-conncheck Directory Manager (existing master) password: Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: creating certificate server db [2/28]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 7 seconds elapsed Update succeeded [3/28]: creating ACIs for admin [4/28]: creating installation admin user ipaserver.install.dogtaginstance: ERROR Unable to log in as uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca on ldap://freeipa-1.xerces.lan:389 [error] NotFound: uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca did not replicate to ldap://freeipa-1.xerces.lan:389 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Unexpected error - see /var/log/ipareplica-ca-install.log for details: NotFound: uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca did not replicate to ldap://freeipa-1.xerces.lan:389 And the log says: 2024-03-11T15:00:24Z DEBUG [4/28]: creating installation admin user 2024-03-11T15:00:24Z DEBUG Waiting 300 seconds for uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca to appear on ldap://freeipa-1.xerces.lan:389 2024-03-11T15:05:24Z ERROR Unable to log in as uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca on ldap://freeipa-1.xerces.lan:389 2024-03-11T15:05:24Z INFO [hint] tune with replication_wait_timeout 2024-03-11T15:05:24Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 686, in start_creation run_step(full_msg, method) File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 672, in run_step method() File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 789, in setup_admin raise errors.NotFound( ipalib.errors.NotFound: uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca did not replicate to ldap://freeipa-1.xerces.lan:389 2024-03-11T15:05:24Z DEBUG [error] NotFound: uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca did not replicate to ldap://freeipa-1.xerces.lan:389 2024-03-11T15:05:24Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2024-03-11T15:05:24Z DEBUG File "/usr/lib/python3.12/site-packages/ipaserver/install/installutils.py", line 781, in run_script return_value = main_function() ^^^^^^^^^^^^^^^ File "/usr/sbin/ipa-ca-install", line 320, in main install(safe_options, options) File "/usr/sbin/ipa-ca-install", line 286, in install install_replica(safe_options, options) File "/usr/sbin/ipa-ca-install", line 214, in install_replica ca.install(True, config, options, custodia=custodia) File "/usr/lib/python3.12/site-packages/ipaserver/install/ca.py", line 354, in install install_step_0(standalone, replica_config, options, custodia=custodia) File "/usr/lib/python3.12/site-packages/ipaserver/install/ca.py", line 422, in install_step_0 ca.configure_instance( File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 505, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 686, in start_creation run_step(full_msg, method) File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 672, in run_step method() File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 789, in setup_admin raise errors.NotFound( 2024-03-11T15:05:24Z DEBUG The ipa-ca-install command failed, exception: NotFound: uid=admin-freeipa-4.xerces.lan,ou=people,o=ipaca did not replicate to ldap://freeipa-1.xerces.lan:389 -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
