Hi Alex,
(Cc some other engineers for Dogtag cloning troubleshooting
exposure).
Thanks for the additional logs. Can we please see [temporally
relevant snippets of] any other log files under
/var/log/pki/pki-tomcat and /var/log/pki/pki-tomcat/ca , as well as
the journal (`journalctl -u pki-tomcatd@pki-tomcat`)?
The original server is returning status 500 upon /updateNumberRange
request from the new replica, but the cause is unknown. There is
likely to be a stack trace hiding in the journal or one of the other
log files that was not included in the data you provided.
(Which is fair enough; we didn't ask for this extra stuff until
now.)
One more question: is this a replica created from a replica?
I fixed an issue quite recently that can occur under such a
scenario, the symptoms of which are similar to yours.
Thanks,
Fraser
On Wed, Nov 07, 2018 at 08:44:05PM +0100, Alex Corcoles via FreeIPA-users wrote:
OK, did the whole song and dance again (btw, it takes about 6m,
I'm not
sure if that's normal), and extracted logs again:
https://gist.github.com/alexpdp7/358626a92a07c787fbf246b2761dddb3
Thanks for your time, guys,
Álex
On Tue, Nov 6, 2018 at 5:17 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
> Alex Corcoles via FreeIPA-users wrote:
> > So I solved my LXC problems (thanks Rob, again), but now:
> >
> > ipa-replica-install -U --setup-ca -N
> >
> > fails when rebuilding my replica from scratch, see:
> >
> >
https://gist.github.com/alexpdp7/4431da5e11afe6029e2baa01bc1f2251
> >
> > , where I think I've copied the relevant logs. I think I saw someone
> > recommending revoking the replica certs, which makes sense as I'm using
> > the same hostname that I used on the previous replica, but that doesn't
> > seem to fix things.
> >
> > (I'm removing the previous replica via the admin interface, IPA Server
> > -> Topology -> IPA Servers, select my replica and "Delete
Server". This
> > removes it too from the host list).
>
> I don't know what it is but it isn't related to existing entries in IPA
> (nor un-revoked certs).
>
> The dogtag installer is asking for a serial # range and getting a
> NotFound. Maybe Fraser knows.
>
> rob
>
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)
http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...