Hello,

I'm trying to add a CA replica to an already established "regular" replica and am unable to do so. Can anyone point me to instructions for how to do this? It seems like maybe some files need to be manually copied over from the existing replica but none of the instructions that I've found mention this. The existing CA is running 4.5.4 and the new replica is 4.7.0 (I'm trying to migrate to 4.7.0 entirely.)

Regarding the output below, /var/log/pki/pki-tomcat does not exist and there are only 2 uninteresting files in /var/log/pki.

Thanks.

# ipa-ca-install
Directory Manager (existing master) password:

ipaclient.install.ipa_certupdate: ERROR    Failed to add lightweight CA tracking requests
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipaclient/install/ipa_certupdate.py", line 117, in run_with_args
    cainstance.add_lightweight_ca_tracking_requests(lwcas)
  File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 1914, in add_lightweight_ca_tracking_requests
    pin=certmonger.get_pin('internal'),
  File "/usr/lib/python3.6/site-packages/ipalib/install/certmonger.py", line 672, in get_pin
    with open(paths.PKI_TOMCAT_PASSWORD_CONF, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/pki/pki-tomcat/password.conf'
Run connection check to master
Connection check OK
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/26]: creating certificate server db
  [2/26]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded

  [3/26]: creating ACIs for admin
  [4/26]: creating installation admin user
  [5/26]: configuring certificate server instance
ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp0n1ii3z2'] returned non-zero exit status 1: '')
ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information:
ipaserver.install.dogtaginstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

CA configuration failed.