Hi Sebastian,
Unfortunately, that doesn't seem to be it and reinstalling the replica with 
—setup-ca failed again with the same errors. I've included relevant sections of 
the logs.

/var/log/ipareplica-install.log:

016-06-02T10:43:16Z DEBUG Starting external process
2016-06-02T10:43:16Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' 
'/tmp/tmpl8RqSM'
2016-06-02T10:43:16Z DEBUG Process finished, return code=1
2016-06-02T10:43:16Z DEBUG stdout=Log file: 
/var/log/pki/pki-ca-spawn.20160602064316.log
Loading deployment configuration from /tmp/tmpl8RqSM.

2016-06-02T10:43:16Z DEBUG stderr=Traceback (most recent call last):
  File "/usr/sbin/pkispawn", line 717, in <module>
    main(sys.argv)
  File "/usr/sbin/pkispawn", line 523, in main
    parser.compose_pki_master_dictionary()
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.py", 
line 573, in compose_pki_master_dictionary
    instance.load()
  File "/usr/lib/python2.7/site-packages/pki/server/__init__.py", line 454, in 
load
    subsystem.load()
  File "/usr/lib/python2.7/site-packages/pki/server/__init__.py", line 118, in 
load
    lines = open(self.cs_conf).read().splitlines()
IOError: [Errno 2] No such file or directory: 
'/var/lib/pki/pki-tomcat/ca/conf/CS.cfg'

2016-06-02T10:43:16Z CRITICAL Failed to configure CA instance: Command 
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpl8RqSM'' returned non-zero exit 
status 1
2016-06-02T10:43:16Z CRITICAL See the installation logs and the following 
files/directories for more information:
2016-06-02T10:43:16Z CRITICAL   /var/log/pki-ca-install.log
2016-06-02T10:43:16Z CRITICAL   /var/log/pki/pki-tomcat
2016-06-02T10:43:16Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
418, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
408, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
620, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", 
line 201, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", 
line 465, in handle_setup_error

    raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.

2016-06-02T10:43:16Z DEBUG   [error] RuntimeError: CA configuration failed.
2016-06-02T10:43:16Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 311, 
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 281, 
in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 303, 
in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 343, 
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, 
in _handle_exception
    util.raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 333, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, 
in run_generator_with_yield_from

    raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, 
in run_generator_with_yield_from

    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 524, 
in _configure
    executor.next()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 343, 
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, 
in _handle_exception
    util.raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, 
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, 
in _handle_exception
    util.raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 333, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, 
in run_generator_with_yield_from

    raise_exc_info(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, 
in run_generator_with_yield_from

    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, 
in _install
    for nothing in self._installer(self.parent):
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 879, in main
    install(self)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 295, in decorated
    func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 584, in install
    ca.install(False, config, options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 106, in 
install
    install_step_0(standalone, replica_config, options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 130, in 
install_step_0
    ra_p12=getattr(options, 'ra_p12', None))
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
1543, in install_replica_ca
    subject_base=config.subject_base)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
486, in configure_instance
    self.start_creation(runtime=210)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
418, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
408, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
620, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", 
line 201, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", 
line 465, in handle_setup_error

    raise RuntimeError("%s configuration failed." % self.subsystem)

2016-06-02T10:43:16Z DEBUG The ipa-replica-install command failed, exception: 
RuntimeError: CA configuration failed.
2016-06-02T10:43:16Z ERROR CA configuration failed.

Of note, there is no /var/log/pki-ca-install.log file nor (as the error above 
shows) is there /var/lib/pki/pki-tomcat/ca/conf/CS.cfg.

Best regards,
Dan



[cid:image001.jpg@01D1BC9A.CBB33580]<http://www.high5games.com/>
Daniel Alex Finkelstein| Senior Dev Ops Engineer
dan.finkelst...@h5g.com<mailto:dan.finkelst...@h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007
www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the 
Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, 
Twitter<https://twitter.com/High5Games>, 
YouTube<http://www.youtube.com/High5Games>, 
Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged 
information and are only for the use of the intended recipient of this message. 
If you are not the intended recipient, please notify the sender by return 
email, and delete or destroy this and all copies of this message and all 
attachments. Any unauthorized disclosure, use, distribution, or reproduction of 
this message or any attachments is prohibited and may be unlawful.

From: Sebastian Schäfer <sebastian.schae...@dlr.de>
Date: Thursday, June 2, 2016 at 02:59
To: "freeipa-users@redhat.com" <freeipa-users@redhat.com>, Daniel Finkestein 
<dan.finkelst...@high5games.com>
Subject: Re: [Freeipa-users] FreeIPA 4.2.0 on CentOS 7.2 as replica of FreeIPA 
3.0.0 on CentOS 6.8; cannot install CA components as replica, cannot promote to 
master

Hi Dan,

I had a similar problem when updating my FreeIPA. In my case it turned
out that the certificates that get bundled with the replica preparation
file were expired. This is due to the /root/cacert.p12 file not being
updated during the preparation process until FreeIPA 3.2.2

The file can be recreated with the commands from step 2 of
http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

If that does not solve the problem, it would be good to see (part of)
the actual logfiles of your replica installation attempt.

Best regards
--
Sebastian Schäfer, M. A.
-------------------------------
Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)
Institute of Space Operations and Astronaut Training
Microgravity User Support Center (MUSC)
Linder Höhe | 51147 Köln

Telefon 02203 601-30 01 | Telefax: 02203 61471 | 
sebastian.schae...@dlr.de<mailto:sebastian.schae...@dlr.de>
www.DLR.de

On 06/01/2016 06:45 PM, 
dan.finkelst...@high5games.com<mailto:dan.finkelst...@high5games.com> wrote:
Hi folks,
As the subject suggests, we're converting from FreeIPA 3.0.0 on CentOS 6
to 4.2.0 on CentOS 7. The way we're doing it is to create FreeIPA
replicas in CentOS 7 and then hope to promote one of them to the CA
master. I'm running into two problems:

The first is that when we create a replica in FreeIPA 4.2.0 with the
—setup-ca option, that portion fails. Here's a snippet of the output:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
30 seconds
   [1/23]: creating certificate server user
   [2/23]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpqPeYOW'' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
   [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to