On 3/10/15 10:06 AM, Alexander Bokovoy wrote: > We have http://www.freeipa.org/page/Documentation#User_Guides and going > through user guide would be our recommended action. There is a whole > chapter 6 in RHEL7 docs for upgrades and migration.
Ah, I see it now. I had no idea from the name that " Linux Domain Identity, Authentication and Policy Guide for RHEL 7" referred to the general user/admin guide. As a newb to FreeIPA and domain management in general, it looked like word soup. Sorry for the noise. :P > Looks like you don't have CA installed on auth.internal so you don't > need to update CA schema there. Great. So I started the install on the CentOS7 machine, and it almost completed, but failed out with this error: > Configuring certificate server (pki-tomcatd): Estimated time 3 minutes > 30 seconds > [1/19]: creating certificate server user > [2/19]: configuring certificate server instance > ipa : CRITICAL failed to configure ca instance Command > '/usr/sbin/pkispawn -s CA -f /tmp/tmp2_03I3' returned non-zero exit > status 1 In the ipareplica-install.log file, I find this: > Storing deployment configuration into > /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. > Installation failed. > > > 2015-03-10T14:12:04Z DEBUG stderr=pkispawn : WARNING ....... > unable to validate security domain user/password through REST > interface. Interface not available > pkispawn : ERROR ....... Exception from Java Configuration > Servlet: Error while updating security domain: java.io.IOException: > java.io.IOException: SocketException cannot read on socket > > 2015-03-10T14:12:04Z CRITICAL failed to configure ca instance Command > '/usr/sbin/pkispawn -s CA -f /tmp/tmp2_03I3' returned non-zero exit > status 1 > 2015-03-10T14:12:04Z DEBUG File > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > line 638, in run_script I ran `ipa-server-install --uninstall` to undo everything, as it suggested. Then I generated a new replica file on the RHEL6 machine with `ipa-replica-prepare` and tried the install again. This time, it successfully finishes, but the last thing it says is: > Done configuring directory server (dirsrv). > A CA is already configured on this system. ...which makes me think it just didn't undo everything when I did `ipa-server-install --uninstall` and the CA isn't actually set up properly. Is there a good way to confirm everything is actually working as expected? Thanks, Ben -- Benjamin Reed The OpenNMS Group http://www.opennms.org/
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project