On Fri, Jun 28, 2019 at 8:14 PM Karim Bourenane via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > Hello All > > I have follow the step from stepes from Freeipa web + Redhat to prepare the > replicat by commands : > DNS+Reverse : OK > On IPA Master : ipa-replica-prepare --password=XXXXX replicat.example.com > Scp the Gpg file from the Master to slave/replicat as root to /var/lib/ipa
This is not needed if your domain is running domain level 1. This is explained in the official documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/domain-level and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/domain-level-set for more information on domain level. Please check whether your domain is DL0 and DL1 first. > On IPA Replicat : ipa-replica-install --password=XXXXX > /var/lib/ipa/replica-fil.gpg --setup-kra --setup-ca --setup-dns > --no-forwarders > > After several secondes, the installation stop on stage : > [1/28] Configuring centificat server instaance > > The first ERROR line: ipaserver.install.dogtaginstance: CRITICAL Failed to > configure CA instance: Command '/usr/sbin/pkispanw -s CA -f /tmp/tmMg7KE' > returned non-zero exist statut 1 > The second ERROR line: ipaserver.install.dogtaginstance: CRITICAL See > installation.... To diagnose this further we would need /var/log/ipa*log as noted in the message - but see below. > The third ERROR line : ipaserver.install.dogtaginstance:CRITICAL > [error] RuntimeError: CA configuration failed. > > My IPA Master was in Centos 7.3 IPA:v4.5.0 > The replica server in Centos 7.6 IPA:v4.6.4 You should upgrade the cluster so that all currently running hosts are running the same system and packages before adding new hosts. See also the considerations for updating IPA: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/updating-migrating#update-ipa-prereqs > Can you help to resolve this pb ? > > Regards > > Mr Karim Bourenane > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
