This is crazy.. why freeIPA is so difficult to debug. I can't attach a replica without thousand errors + errors don't make sense also.
Question, Can I create replication from 4.6 to 4.9 ? What if I want to build a new freeIPA on a new OS and export/import all users to a new environment? is it going to work and how? On Thu, May 16, 2024 at 2:23 PM Rob Crittenden <[email protected]> wrote: > Satish Patel via FreeIPA-users wrote: > > Folks, > > > > Trying to deploy CA on a replica node and failed here without any > > information. Can I restart the process again? Even log directories are > > empty /var/log/pki/pki-tomcat > > > > My OS is RockyLunux 8.9 and Master CA running on CentOS7.x > > > > [root@ldap-vx-010103-3 ~]# ipa-ca-install > > Directory Manager (existing master) password: > > > > Run connection check to master > > Connection check OK > > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes > > [1/28]: creating certificate server db > > [2/28]: setting up initial replication > > Starting replication, please wait until this has completed. > > Update in progress, 161 seconds elapsed > > Update succeeded > > > > [3/28]: creating ACIs for admin > > [4/28]: creating installation admin user > > [5/28]: configuring certificate server instance > > > > ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA > instance > > ipaserver.install.dogtaginstance: CRITICAL See the installation logs and > > the following files/directories for more information: > > ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat > > [error] RuntimeError: CA configuration failed. > > > > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > CA configuration failed. > > > > /var/log/ipaserver-install.log may hold some clues > > There should be a pki-ca-spawn log in /var/log/pki related to the install. > > There is no uninstall for the CA (or KRA). You'd have to uninstall the > replica and re-install it. > > rob > >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
