I'm trying to setup a third replica server using the ansible_freeipa.ipareplica role. The role fails on the following step:
"[freeipa.ansible_freeipa.ipaclient : Install - Join IPA]": "servers": [ "192.168.1.100", (replica1.example.com "192.168.1.101" (replica2.example.com ] "msg": "Cannot obtain CA certificate\nHTTP certificate download requires --force" Following playbook: roles: - role: freeipa.ansible_freeipa.ipareplica vars: ipareplica_servers: ["replica1.example.com", "replica1.example.com"] .... replica1 (master with CA) and replica2 already exists. I introduced replica2 to the ipareplica_servers variable, as seen above. If I remove replica2, I'm able to install and setup replica3, but from my understanding I'll be stuck with following topology: replica2 <---> replica1 <---> replica3 When I in reality want: replica2 <---> replica1 <---> replica3 ^--------------------------------------^ I've also experienced a lot of errors with Install - Setup DS, after an uninstall: /usr/sbin/ipa-getkeytab Failed to parse result: Insufficient access rights\\n\\nFailed to get keytab!. Doesn't seem like the role cleans up properly. I struggle to understand this error, since the topology shows only Domain in the UI. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue