Hi guys,And similarly to the poster of that issue, also my IPA master server is IPA 4.6.8 on Centos7.
I was trying to migrate IPA to a newer version by using Alma Linux 9.
I removed Centos 7 replica and tried to install Alma Linux 9 replica. IPA client was installed without issues.
No SELinux alerts.
Content of /var/lib/ipa folder:
[root@fricka ~]# ls /var/lib/ipa
backup certs gssproxy passwds pki-ca private ra-agent.pem sysrestore sysupgrade
Any suggestions how this could be resolved?
Thank you in advance,
Ivars
Log of replica install:
….
Starting replication, please wait until this has completed.
Update in progress, 9 seconds elapsed
Update succeeded
[3/30]: creating ACIs for admin
[4/30]: creating installation admin user
[5/30]: configuring certificate server instance
[6/30]: stopping certificate server instance to update CS.cfg
[7/30]: backing up CS.cfg
[8/30]: Add ipa-pki-wait-running
[9/30]: secure AJP connector
[10/30]: reindex attributes
[11/30]: exporting Dogtag certificate store pin
[12/30]: disabling nonces
[13/30]: set up CRL publishing
[14/30]: enable PKIX certificate path discovery and validation
[15/30]: authorizing RA to modify profiles
[16/30]: authorizing RA to manage lightweight CAs
[17/30]: Ensure lightweight CAs container exists
[18/30]: Ensuring backward compatibility
[19/30]: destroying installation admin user
[20/30]: starting certificate server instance
[21/30]: Finalize replication settings
[22/30]: configure certmonger for renewals
[23/30]: Importing RA key
Error storing key "keys/ra/ipaCert": CalledProcessError(Command ['/usr/libexec/ipa/custodia/ipa-custodia-ra-agent', '--import', '-'] returned non-zero exit status 1: 'Traceback (most recent call last):\n File "/usr/libexec/ipa/custodia/ipa-custodia-ra-agent", line 8, in <module>\n main(ra_agent_parser())\n File "/usr/lib/python3.9/site-packages/ipaserver/secrets/handlers/pemfile.py", line 114, in main\n common.main(parser, export_key, import_key)\n File "/usr/lib/python3.9/site-packages/ipaserver/secrets/handlers/common.py", line 73, in main\n func(args, tmpdir, **kwargs)\n File "/usr/lib/python3.9/site-packages/ipaserver/secrets/handlers/pemfile.py", line 69, in import_key\n ipautil.run(cmd, umask=0o027)\n File "/usr/lib/python3.9/site-packages/ipapython/ipautil.py", line 598, in run\n raise CalledProcessError(\nipapython.ipautil.CalledProcessError: CalledProcessError(Command [\'/usr/bin/openssl\', \'pkcs12\', \'-in\', \'/tmp/tmp5koo8ca2/import.p12\', \'-clcerts\', \'-nokeys\', \'-out\', \'/var/lib/ipa/ra-agent.pem\', \'-password\', \'file:/tmp/tmp5koo8ca2/passwd\'] returned non-zero exit status 1: \'Error outputting keys and certificates\\n802B104A807F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()\\n\')\n')
[error] FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/ipa/ra-agent.key'
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[Errno 2] No such file or directory: '/var/lib/ipa/ra-agent.key'
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information