Hi
Thanks for taking a look at this.
'IDM domain replication group'.
I mean it is the "Topology suffix" to connect two replicas. "Domain" suffix
works for host2, it can receive and send updates with host1.
"CA"suffix failed during install,
###
Imported certificates into /etc/pki/pki-tomcat/alias:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
caSigningCert cert-pki-ca CTu,Cu,Cu
auditSigningCert cert-pki-ca u,u,Pu
ocspSigningCert cert-pki-ca u,u,u
subsystemCert cert-pki-ca u,u,u
Installation failed: server failed to restart
2020-03-23T14:33:18Z DEBUG stderr=pkispawn :ERROR ... server failed to
restart
2020-03-23T14:33:18Z CRITICAL Failed to configure CAinstance: Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpV8jHPQ' returnednon-zero exit status 1
2020-03-23T14:33:18Z CRITICAL See the installation logs andthe following
files/directories for more information:
2020-03-23T14:33:18Z CRITICAL /var/log/pki/pki-tomcat
2020-03-23T14:33:18Z DEBUG Traceback (most recent calllast):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",line
567, in start_creation
run_step(full_msg, method)
File"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line557,
in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",line
675, in __spawn_instance
pki_pin)
File"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",line
167, in spawn_instance
self.handle_setup_error(e)
File"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",line
407, in handle_setup_error
raise RuntimeError("%s configurationfailed." % self.subsystem)
RuntimeError: CA configuration failed.
2020-03-23T14:33:18Z DEBUG [error] RuntimeError:CA configuration failed.
2020-03-23T14:33:18Z DEBUG
File"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",line
1015, in run_script
return_value = main_function()
File "/usr/sbin/ipa-ca-install", line 341,in main
promote(safe_options, options, filename)
File "/usr/sbin/ipa-ca-install", line 309,in promote
install_replica(safe_options, options,filename)
File "/usr/sbin/ipa-ca-install", line 233,in install_replica
ca.install(True, config, options,custodia=custodia)
File"/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 254,in
install
install_step_0(standalone, replica_config,options, custodia=custodia)
File"/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 334,in
install_step_0
use_ldaps=standalone)
File"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",line
490, in configure_instance
self.start_creation(runtime=runtime)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",line
567, in start_creation
run_step(full_msg, method)
File"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line557,
in run_step
method()
File"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",line
675, in __spawn_instance
pki_pin)
File"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",line
167, in spawn_instance
self.handle_setup_error(e)
File"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",line
407, in handle_setup_error
raise RuntimeError("%s configurationfailed." % self.subsystem)
2020-03-23T14:33:18Z DEBUG The ipa-ca-install commandfailed, exception:
RuntimeError: CA configuration failed.
###
On Tuesday, April 7, 2020, 02:38:35 AM EDT, Alexander Bokovoy
<aboko...@redhat.com> wrote:
On ma, 06 huhti 2020, askstack--- via FreeIPA-users wrote:
>Hi
>
>IDM domain: "fist.domain"
>Host name: host1.first.domain
> host2.second.domain
>I was able to run "ipa-client-install" on host2 and promoted it to a domain
>replica. After I verified domain replication was working, I tried to run
>ipa-ca-install. It failed on host2.
>Redhat support said host1 and host2 are on two different dns domains so
>replication is not supported. I am not sure that is the case since two hosts
>are in the same and onlyIDM domain replication group.
>Is redhat support correct?
I think there is not enough details in your request to answer that
question. I also don't know what do you mean by 'IDM domain replication
group'.
In particular, what are the errors you are seeing, exactly?
If you have a case open, please share the number and communicate within
the case, not with with an anonymous account on a public mailing list.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
