lejeczek via FreeIPA-users wrote:
Hi guys.
I'm trying to add replica but process bellies up early with:
-> $ ipa-replica-install --setup-dns --setup-kra --no-forwarders
Lookup failed: Preferred host c8kubermaster1.private.lot does not
provide DNS.
Reverse DNS resolution of address 10.3.1.222
(c8kubermaster2.private.lot) failed. Clients may not function properly.
Please check your DNS setup. (Note that this check queries IPA DNS
directly and ignores /etc/hosts.)
Continue? [no]: yes
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Dogtag CA is not installed. Please install the CA first
The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
..
First errors in log I spot:
...
2021-10-27T23:27:06Z DEBUG Starting external process
2021-10-27T23:27:06Z DEBUG args=['pki-server', 'subsystem-show',
'kra']
2021-10-27T23:27:06Z DEBUG Process finished, return code=1
2021-10-27T23:27:06Z DEBUG stdout=
What is the culprit here?
You can't install the KRA as standalone. It needs the CA installed as well.
rob