Hello, I am trying to migrate and upgrade my main freeipa installation,
so I decided to replicate it and phase it out of our intranet.
I manage to get over some obstacles as I had to recreate my cacert.p12
file, but now I am facing an issue that prevents me from setting up CA
on the replicated server.
Both of my servers are fully updated. I have tried some solutions and
found similar other threads but nothing worked.
Without CA the replication finalizes without issues but I do not want
that. Is there any other way to perform the migration?
*
Similar issues:*
https://fedorahosted.org/freeipa/ticket/5581
https://www.redhat.com/archives/freeipa-users/2016-February/msg00183.html
*Master Server has:*
CentOS release 6.8 (Final)
ipa-server.x86_64 3.0.0-50
pki-util.noarch 9.0.3-50
*Replication Server has:*
CentOS Linux release 7.2.1511 (Core)
ipa 4.2.0
*ERROR LOG*
ipa : DEBUG Starting external process
ipa : DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpuuJbGt'
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=Log file:
/var/log/pki/pki-ca-spawn.20160908092308.log
Loading deployment configuration from /tmp/tmpuuJbGt.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed.
*ipa : DEBUG
stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html**
** InsecureRequestWarning)**
**pkispawn : WARNING ....... unable to validate security domain
user/password through REST interface. Interface not available**
**pkispawn : ERROR ....... Exception from Java Configuration
Servlet: 500 Server Error: Internal Server Error**
**pkispawn : ERROR ....... ParseError: not well-formed (invalid
token): line 1, column 0:
{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Failed
to obtain installation token from security domain"} *
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpuuJbGt'' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
ipa : DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 418, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 408, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
622, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 201, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 465, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
ipa : DEBUG [error] RuntimeError: CA configuration failed.
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
line 311, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 281, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 303, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 343, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 333, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 539, in _configure
executor.next()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 343, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 421, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 418, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 333, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 901, in main
install(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 295, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 616, in install
ca.install(False, config, options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
114, in install
install_step_0(standalone, replica_config, options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
138, in install_step_0
ra_p12=getattr(options, 'ra_p12', None))
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1545, in install_replica_ca
subject_base=config.subject_base)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
488, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 418, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 408, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
622, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 201, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 465, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
ipa.ipapython.install.cli.install_tool(Replica): DEBUG The
ipa-replica-install command failed, exception: RuntimeError: CA
configuration failed.
ipa.ipapython.install.cli.install_tool(Replica): ERROR CA
configuration failed.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project