Hello! Yesterday I tried migrating a physical machine (ipa1) that was a FreeIPA CA CRL master in my VM cluster. I followed the guide at [1] to migrate che CRL master to another replica (ipa2) and uninstalled the replica ipa1. Then I set up a VM with the same hostname and IP address as the physical machine, and installed Fedora 27.
When I tried setting up the replica with CA, the install stopped at: [4/25]: configuring certificate server instance And in my /var/log/pki/pki-tomcat/ca/debug I see a bunch of log entries like this, with increasing time stamps: Unable to read key retriever class from CS.cfg: Property features.authority.keyRetrieverClass missing value Retrying in 14778 seconds I checked the /etc/pki/pki-tomcat/ca/CS.cfg file and I don’t actually have that entry at all, I only have: features.authority.description=Lightweight CAs features.authority.enabled=true features.authority.version=1.0 However, if I manually add them by copying the value from the good replica, nothing changes and the installer is still blocked on that line (maybe the CS.cfg file isn’t re-read on each retry). Moreover, it looks like that file (CS.cfg) is generated by the installer script… How can I solve this? Thanks, Aljaž [1]: https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_4.0_or_later -- Aljaž Srebrnič a.k.a g5pw My public key: https://g5pw.me/key Key fingerprint = 2109 8131 60CA 01AF 75EC 01BF E140 E1EE A54E E677 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
