Hello All
I have follow the step from stepes from Freeipa web + Redhat to prepare the replicat by commands : DNS+Reverse : OK On IPA Master : ipa-replica-prepare --password=XXXXX replicat.example.com Scp the Gpg file from the Master to slave/replicat as root to /var/lib/ipa On IPA Replicat : ipa-replica-install --password=XXXXX /var/lib/ipa/replica-fil.gpg --setup-kra --setup-ca --setup-dns --no-forwarders
After several secondes, the installation stop on stage : [1/28] Configuring centificat server instaance
The first ERROR line: ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispanw -s CA -f /tmp/tmMg7KE' returned non-zero exist statut 1 The second ERROR line: ipaserver.install.dogtaginstance: CRITICAL See installation....
The third ERROR line : ipaserver.install.dogtaginstance:CRITICAL [error] RuntimeError: CA configuration failed.
My IPA Master was in Centos 7.3 IPA:v4.5.0 The replica server in Centos 7.6 IPA:v4.6.4
Can you help to resolve this pb ?
Regards
Mr Karim Bourenane
On Fri, Jun 28, 2019 at 8:14 PM Karim Bourenane via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello All
I have follow the step from stepes from Freeipa web + Redhat to prepare the replicat by commands : DNS+Reverse : OK On IPA Master : ipa-replica-prepare --password=XXXXX replicat.example.com Scp the Gpg file from the Master to slave/replicat as root to /var/lib/ipa
This is not needed if your domain is running domain level 1. This is explained in the official documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... for more information on domain level.
Please check whether your domain is DL0 and DL1 first.
On IPA Replicat : ipa-replica-install --password=XXXXX /var/lib/ipa/replica-fil.gpg --setup-kra --setup-ca --setup-dns --no-forwarders
After several secondes, the installation stop on stage : [1/28] Configuring centificat server instaance
The first ERROR line: ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispanw -s CA -f /tmp/tmMg7KE' returned non-zero exist statut 1 The second ERROR line: ipaserver.install.dogtaginstance: CRITICAL See installation....
To diagnose this further we would need /var/log/ipa*log as noted in the message - but see below.
The third ERROR line : ipaserver.install.dogtaginstance:CRITICAL [error] RuntimeError: CA configuration failed.
My IPA Master was in Centos 7.3 IPA:v4.5.0 The replica server in Centos 7.6 IPA:v4.6.4
You should upgrade the cluster so that all currently running hosts are running the same system and packages before adding new hosts.
See also the considerations for updating IPA: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
Can you help to resolve this pb ?
Regards
Mr Karim Bourenane _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Karim Bourenane via FreeIPA-users wrote:
Hello All
I have follow the step from stepes from Freeipa web + Redhat to prepare the replicat by commands : DNS+Reverse : OK On IPA Master : ipa-replica-prepare --password=XXXXX replicat.example.com http://replicat.example.com Scp the Gpg file from the Master to slave/replicat as root to /var/lib/ipa On IPA Replicat : ipa-replica-install --password=XXXXX /var/lib/ipa/replica-fil.gpg --setup-kra --setup-ca --setup-dns --no-forwarders
After several secondes, the installation stop on stage : [1/28] Configuring centificat server instaance
The first ERROR line: ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispanw -s CA -f /tmp/tmMg7KE' returned non-zero exist statut 1 The second ERROR line: ipaserver.install.dogtaginstance: CRITICAL See installation....
The third ERROR line : ipaserver.install.dogtaginstance:CRITICAL [error] RuntimeError: CA configuration failed.
My IPA Master was in Centos 7.3 IPA:v4.5.0 The replica server in Centos 7.6 IPA:v4.6.4
Can you help to resolve this pb ?
We need to see the CA debug log and perhaps the spawn log to be able to tell what happened.
rob
freeipa-users@lists.fedorahosted.org