Hi, I had tried many times to install free-ipa-replica, but I always have the same error at this step:
DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmpxotjk756/password.txt -n Server-Cert cert-pki-ca -a DEBUG: stdout: -1 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: Server-Cert cert-pki-ca : PR_FILE_NOT_FOUND_ERROR: File not found DEBUG: Cert not found: Server-Cert cert-pki-ca INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf INFO: Updating serverCertNickFile in server.xml INFO: Joining security domain at https://master.example.com:443 ERROR: KeyError: 'CA' File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 594, in main deployer.spawn() File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 5986, in spawn scriptlet.spawn(self) File "/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py", line 76, in spawn deployer.setup_security_domain(subsystem) File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 2854, in setup_security_domain self.join_security_domain() File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 2795, in join_security_domain sd_subsystem = self.domain_info.subsystems['CA'] Failed to configure CA instance See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 688, in start_creation run_step(full_msg, method) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 674, in run_step method() File "/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py", line 685, in __spawn_instance DogtagInstance.spawn_instance( File "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line 227, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line 643, in handle_setup_error raise RuntimeError( RuntimeError: CA configuration failed. [error] RuntimeError: CA configuration failed. [error] RuntimeError: CA configuration failed. Removing /root/.dogtag/pki-tomcat/ca Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. File "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 219, in execute return_value = self.run() File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line 343, in run return cfgr.run() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 435, in __runner exc_handler(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 458, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 425, in __runner step() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 419, in step_next return next(self.__gen) File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 663, in _configure next(executor) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 435, in __runner exc_handler(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 526, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 458, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 523, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 458, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 425, in __runner step() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 419, in step_next return next(self.__gen) File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.9/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py", line 687, in main replica_install(self) File "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", line 387, in decorated func(installer) File "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", line 1446, in install ca.install(False, config, options, custodia=custodia) File "/usr/lib/python3.9/site-packages/ipaserver/install/ca.py", line 546, in install install_step_0(standalone, replica_config, options, custodia=custodia) File "/usr/lib/python3.9/site-packages/ipaserver/install/ca.py", line 621, in install_step_0 ca.configure_instance( File "/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py", line 522, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 688, in start_creation run_step(full_msg, method) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 674, in run_step method() File "/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py", line 685, in __spawn_instance DogtagInstance.spawn_instance( File "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line 227, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line 643, in handle_setup_error raise RuntimeError( The ipa-replica-install command failed, exception: RuntimeError: CA configuration failed. CA configuration failed. The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information I am stuck in a loop, I tried with new server but It didn't work. I am using AlmaLinux 9.6 fully updated and the command I used was: ipa-replica-install --setup-dns --forwarder 1.1.1.1 --setup-ca --verbose The command ipa-client-install worked perfect. certutil -L -d sql:/var/lib/pki/pki-tomcat/conf/alias Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu ocspSigningCert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,u subsystemCert cert-pki-ca u,u,u I don't know what else to do :/ Regards -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
