I cleaned up the contents of our ldap manually, re-created the replica file,
and got a lot further than we have before but ipa-replica-install still failed
as below:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/30]: configuring certificate server instance
ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance:
Command '/usr/sbin/pkispawn -s CA -f /tmp/tmphvJyRY' returned non-zero exit
status 1
ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the
following files/directories for more information:
ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR CA configuration failed.
ipapython.admintool: ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
[root@ipa2c7 ~]# ipa-server-install --uninstall -U
ipapython.admintool: ERROR Unable to read
/etc/httpd/conf.d/ipa-pki-proxy.conf
ipapython.admintool: ERROR The ipa-server-install command failed. See
/var/log/ipaserver-uninstall.log for more information
[root@ipa2c7 ~]# touch /etc/httpd/conf.d/ipa-pki-proxy.conf
[root@ipa2c7 ~]# ipa-server-install --uninstall -U
Deleting this server will leave your installation without a CRL generation
master.
ipapython.admintool: ERROR Aborting uninstall operation.
ipapython.admintool: ERROR The ipa-server-install command failed. See
/var/log/ipaserver-uninstall.log for more information
It looks to have failed in such a way that it doesn't know how to back out
again, which I haven't seen before. Thoughts? The error in ipa-uninstall.log
looks like a generic admintool.py error:
2021-06-07T12:31:38Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-OUR-NET.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f05289fdf80>
2021-06-07T12:31:38Z DEBUG raw: config_show(version=u'2.237')
2021-06-07T12:31:38Z DEBUG config_show(rights=False, all=False, raw=False,
version=u'2.237')
2021-06-07T12:31:38Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319,
in run
return cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 358,
in run
self.validate()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368,
in validate
for _nothing in self._validator():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455,
in _handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 633,
in _configure
next(validator)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455,
in _handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 73,
in _uninstall
for unused in self._uninstaller(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py",
line 594, in main
uninstall_check(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 250, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1030, in uninstall_check
ca.uninstall_check(options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 127, in
uninstall_check
raise ScriptError("Aborting uninstall operation.")
2021-06-07T12:31:38Z DEBUG The ipa-server-install command failed, exception:
ScriptError: Aborting uninstall operation.
2021-06-07T12:31:38Z ERROR Aborting uninstall operation.
2021-06-07T12:31:38Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-uninstall.log for more information
--
Bret Wortman
bret.wort...@damascusgrp.com
On Fri, Jun 4, 2021, at 1:32 PM, Bret Wortman wrote:
> Boom. Looking through the ldifs now. Thanks again, Rob.
>
> --
> Bret Wortman
> bret.wort...@damascusgrp.com
>
> On Fri, Jun 4, 2021, at 1:22 PM, Rob Crittenden wrote:
> > Bret Wortman wrote:
> > > What's dsctl? I don't see that anywhere on any of my servers (including
> > > the more up-to-date ones). My 389 instance is v1.3.3, if that makes a
> > > difference...
> > >
> > >
> >
> > Right, really old release.
> >
> > Try: db2ldif -n userRoot -Z EXAMPLE-TEST -a /path/to/ldif/file
> >
> > To get the CA ldif replace userRoot with ipaca.
> >
> > rob
> >
> >
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
