I tried multiple times to solve the upgrade fail, but didn't I finally decided to completely reinstall that machine from scratch but the ipa-replica-install always refuse to perform to the end... I'm really stuck...
-----Message d'origine----- De : François Cami [mailto:fc...@redhat.com] Envoyé : mercredi 26 février 2020 12:23 À : FreeIPA users list <freeipa-users@lists.fedorahosted.org> Cc : LHEUREUX Bernard <bernard.lheur...@nethys.be> Objet : Re: [Freeipa-users] recuring error during ipa-replica-install Hi, On Wed, Feb 26, 2020 at 12:17 PM LHEUREUX Bernard via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > Hi all, > > > > I would linke to reinstall a replica for my FreeIPA infra that has > failed its ipa-server-upgrade after the updat’e of CentOS > ipa-server-4.6.5-11.el7.centos.4.x86_64, a few days ago… How did the upgrade fail? Do you still have the upgrade logs? Did you fix the problem in the meantime? > But everytime I try I get the following error on that machine : > > > > Configuring ipa-custodia > > [1/4]: Generating ipa-custodia config file > > [2/4]: Generating ipa-custodia keys > > [3/4]: starting ipa-custodia > > [4/4]: configuring ipa-custodia to start on boot > > Done configuring ipa-custodia. > > Configuring certificate server (pki-tomcatd). Estimated time: 3 > minutes > > [1/29]: creating certificate server db > > [2/29]: setting up initial replication > > Starting replication, please wait until this has completed. > > Update in progress, 4 seconds elapsed > > Update succeeded > > > > [3/29]: creating ACIs for admin > > [4/29]: creating installation admin user > > [5/29]: configuring certificate server instance > > ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA > instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjRZhjK' > returned non-zero exit status 1 > > ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the > following files/directories for more information: > > ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat > > [error] RuntimeError: CA configuration failed. The PKI logs at /var/log/pki/pki-tomcat should help, but if the above-mentioned upgrade failed maybe something is broken in your infra, resulting in an inability to install new replica until you fix that. Does CA-less replica installation work? François > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > ipapython.admintool: ERROR CA configuration failed. > > ipapython.admintool: ERROR The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > > > > I cannot find any relevant info in the logs to tell me what could be > done… > > > > Do you have an idea ? > > > > --- > > Bernard Lheureux > > Linux System Engineer > > IT Infra > > > > > > Rue Fivé 150, B-4100 Seraing > > GSM: +32-475-530311 > > http://www.nethys.be > > > > > > > > Ce message transmis par voie électronique ainsi que toutes ses annexes > contiennent des informations qui peuvent être confidentielles ou protégées. > Ces informations sont uniquement destinées à l’usage des personnes ou des > entités précisées dans les champs ‘A’, ‘Cc’ et ‘Cci’. Si vous n’êtes pas l’un > de ces destinataires, soyez conscient que toute forme, partielle ou complète, > de divulgation, copie, distribution ou utilisation de ces informations est > strictement interdite. Si vous avez reçu ce message par erreur, veuillez nous > en informer par téléphone ou par message électronique et détruire les > informations immédiatement. Ce message n’engage que son signataire et > aucunement son employeur. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedor > ahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
