failing to add additional replica (already 3 in place)
by Rolf Linder
Hey there
Using freeipa on centos (ipa-server-4.6.8-5.el7.centos.6.x86_64) we fail to add an additional replica, but only when enabling CA services (option "--setup-ca").
We use the following command to stage a new replica (and have in the past):
> ipa-replica-install --principal admin --admin-password ${adminpw} --setup-dns --no-dnssec-validation --no-forwarder --setup-ca --domain lxusp.local --server [master-idm-node]
which we have used to stage the previous replicas too.
Log (/var/log/ipareplica-install.log) shows that its stuck in state
> DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
Repeated until then aborted by a timeout message (and non-functional replica).
Since there are only outdated reports (>2 years old) about slightly similar (but not matching!) behavior like https://bugzilla.redhat.com/show_bug.cgi?id=1623113 we kindly ask if anyone can help here.
Best regards,
Rolf
12 months
FreeIPA Upgrade F31 -> F32: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
by Anthony Joseph Messina
After upgrading FreeIPA from F31 to F32, on startup I now see a lot of these errors from certmonger, ns-slapd, java, etc.
May 08 17:57:28 certmonger[38]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
May 08 17:57:30 ns-slapd[67]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
May 08 17:57:33 dogtag-ipa-renew-agent-submit[143]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
May 08 17:57:42 java[640]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
The server seems to come up without issue, but can you point me in the right direction to resolve these errors?
freeipa-server-4.8.6-1.fc32.x86_64
opendnssec-2.1.6-5.fc32.x86_64
opencryptoki-3.13.0-1.fc32.x86_64
I've installed a fresh F32 freeipa-server (on a test domain) and I don't see these errors.
Thanks. -A
--
Anthony - https://messinet.com
F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6
1 year
centos8 freeipa not starting anymore
by Jelle de Jong
Hello everybody,
All my centos8 freeipa instances at different sites where down this morning.
https://pastebin.com/vVfwrNqL
I tried disabling firewalld, selinux, downgrade java version, can not
get it to work.
Did anyone encountered this issue and found a workaround?
Kind regards,
Jelle de Jong
1 year
