On 2/26/2015 8:02 AM, Les Stott wrote:
rm -rf /etc/pki-ca /var/lib/pki-ca /var/log/pki-ca /etc/certmonger
/etc/sysconfig/pki-ca /etc/sysconfig/pki /var/run/pki-ca.pid
/usr/share/pki /etc/ipa /var/log/ipa* reboot

Now you have a clean slate.

Do you know which step of the steps above actually helped you resolve the
reinstall issue?

The reboot I think was key to the whole process, but pki remnants seemed left 
behind too which caused grief. Previously I had never rebooted the system in 
between uninstall/reinstall.

/etc/ipa/ca.crt was also left behind. It caused an issue during one reinstall 
as it never got updated and the install bombed out because it found a 
mismatched cert. This led me to deleting all possible ipa/pki directories and 
then removing/reinstalling rpms to restore to default state.

I noticed that in some cases (I went through this same process on 6 servers to reinstall 
and setup CA replicas) I could still see a left over process running as the pkiuser 
(tomcat/java) which stopped the "userdel pkiuser" command from completing. I 
had to kill that process and then userdel pkiuser worked.

Some of the above files/folders should have been removed automatically when the Dogtag instance/package is removed. There's already a ticket to improve this on Dogtag 10:

I created a new ticket for Dogtag 9:


Endi S. Dewata

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to