Hello guys, I have problems with creation freeipa master replica.
ipa --version VERSION: 4.3.1, API_VERSION: 2.164 Master server Idp+self sign CA
I want create full replica of master server Host for replica in domain (ipa-client-install -U --domain= --server= ipa1.itcapital.io --password= --principal=--hostname= --no-ntp --mkhomedir)
I try to create replica: ipa-replica-install --hostname=<domain name> --domain=<domain name> --server=<ipa server name> --password=XXXXXX --principal=admin --setup-ca
Replica installation success but CA replica creation failed:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/23]: creating certificate server user [2/23]: creating certificate server db [3/23]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 5 seconds elapsed Update succeeded
[4/23]: creating installation admin user [5/23]: setting up certificate server ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjnucvO' returned non-zero exit status 1 ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR CA configuration failed. ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Maybe somebody has information about this issue?
Oleg,
IIRC, this is a known issue:
https://pagure.io/freeipa/issue/6766 https://pagure.io/dogtagpki/issue/2644 https://pagure.io/dogtagpki/issue/2646
cheers L.
------ "Mission Statement: To provide hope and inspiration for collective action, to build collective power, to achieve collective transformation, rooted in grief and rage but pointed towards vision and dreams."
- Patrisse Cullors, *Black Lives Matter founder*
On 22 June 2017 at 00:28, Oleg Danilovich via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello guys, I have problems with creation freeipa master replica.
ipa --version VERSION: 4.3.1, API_VERSION: 2.164 Master server Idp+self sign CA
I want create full replica of master server Host for replica in domain (ipa-client-install -U --domain= --server= ipa1.itcapital.io --password= --principal=--hostname= --no-ntp --mkhomedir)
I try to create replica: ipa-replica-install --hostname=<domain name> --domain=<domain name> --server=<ipa server name> --password=XXXXXX --principal=admin --setup-ca
Replica installation success but CA replica creation failed:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/23]: creating certificate server user [2/23]: creating certificate server db [3/23]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 5 seconds elapsed Update succeeded
[4/23]: creating installation admin user [5/23]: setting up certificate server ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjnucvO' returned non-zero exit status 1 ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR CA configuration failed. ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Maybe somebody has information about this issue?
-- Best regards, *Oleg Danilovich*
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Does it mean that i should update my ipa servers ?
On 21 June 2017 at 17:28, Oleg Danilovich oleg.danilovich@expcapital.com wrote:
Hello guys, I have problems with creation freeipa master replica.
ipa --version VERSION: 4.3.1, API_VERSION: 2.164 Master server Idp+self sign CA
I want create full replica of master server Host for replica in domain (ipa-client-install -U --domain= --server= ipa1.itcapital.io --password= --principal=--hostname= --no-ntp --mkhomedir)
I try to create replica: ipa-replica-install --hostname=<domain name> --domain=<domain name> --server=<ipa server name> --password=XXXXXX --principal=admin --setup-ca
Replica installation success but CA replica creation failed:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/23]: creating certificate server user [2/23]: creating certificate server db [3/23]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 5 seconds elapsed Update succeeded
[4/23]: creating installation admin user [5/23]: setting up certificate server ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjnucvO' returned non-zero exit status 1 ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR CA configuration failed. ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Maybe somebody has information about this issue?
-- Best regards, *Oleg Danilovich*
Oleg Danilovich via FreeIPA-users wrote:
Does it mean that i should update my ipa servers ?
I'd recommend examining /var/log/ipaserver-install.log and the CA log files in /var/log/pki/pki-tomcat/ca/
rob
On 21 June 2017 at 17:28, Oleg Danilovich <oleg.danilovich@expcapital.com mailto:oleg.danilovich@expcapital.com> wrote:
Hello guys, I have problems with creation freeipa master replica. ipa --version VERSION: 4.3.1, API_VERSION: 2.164 Master server Idp+self sign CA I want create full replica of master server Host for replica in domain (ipa-client-install -U --domain= --server=ipa1.itcapital.io <http://ipa1.itcapital.io> --password= --principal=--hostname= --no-ntp --mkhomedir) I try to create replica: ipa-replica-install --hostname=<domain name> --domain=<domain name> --server=<ipa server name> --password=XXXXXX --principal=admin --setup-ca Replica installation success but CA replica creation failed: Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/23]: creating certificate server user [2/23]: creating certificate server db [3/23]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 5 seconds elapsed Update succeeded [4/23]: creating installation admin user [5/23]: setting up certificate server ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjnucvO' returned non-zero exit status 1 ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR CA configuration failed. ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Maybe somebody has information about this issue? -- Best regards, *Oleg Danilovich*-- Best regards, *Oleg Danilovich*
DevOps Engineer *exp**(capital) **limited*
*T. *_+ tel:+357%2096%20672275375447487939_
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Lachlan Musicman -
Oleg Danilovich -
Rob Crittenden