Bret Wortman wrote:
Still odder ... I went ahead and tried to delete the agreement:
[ipamaster]# ipa-replica-manage del ipamaster3.foo.net
'ipamaster.foo.net <http://ipamaster.foo.net>' has no replication
agreement for 'ipamaster3.foo.net <http://ipamaster3.foo.net>'
Dug back into the script and realized upon further reading (and widening
my read to more of the code) that found was being set True elsewhere --
where it was complaining about how ipamaster knew about ipamaster3
already. Fair enough. So I hopped on over there and removed it. Which
worked. And now the script proceeds much better.
Guess the third cup of coffee helped.
CA configuration still failed, though, at the same place as before
(though executed as part of ipa-replica-install --setup-ca this time):
[2/17]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpnq_J4d' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Configuration of CA failed.
/This/ time, I'm not going to run the --uninstall command until someone
on the team tells me to do so....
Ok. What we'll need to see is the full /var/log/ipareplica-install.log
and the CA debug log from /var/log/pki/pki-tomcat/ca/debug. The CA team
sometimes wants the debug log from the master you're cloning from too.
You can send these to me out of band if you'd like, the debug logs in
particular tend to be humongous.
Freeipa-users mailing list