I cleaned up the contents of our ldap manually, re-created the replica file, and got a lot further than we have before but ipa-replica-install still failed as below:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/30]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmphvJyRY' returned non-zero exit status 1 ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipapython.admintool: ERROR CA configuration failed. ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root@ipa2c7 ~]# ipa-server-install --uninstall -U ipapython.admintool: ERROR Unable to read /etc/httpd/conf.d/ipa-pki-proxy.conf ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information [root@ipa2c7 ~]# touch /etc/httpd/conf.d/ipa-pki-proxy.conf [root@ipa2c7 ~]# ipa-server-install --uninstall -U Deleting this server will leave your installation without a CRL generation master. ipapython.admintool: ERROR Aborting uninstall operation. ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information It looks to have failed in such a way that it doesn't know how to back out again, which I haven't seen before. Thoughts? The error in ipa-uninstall.log looks like a generic admintool.py error: 2021-06-07T12:31:38Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-OUR-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f05289fdf80> 2021-06-07T12:31:38Z DEBUG raw: config_show(version=u'2.237') 2021-06-07T12:31:38Z DEBUG config_show(rights=False, all=False, raw=False, version=u'2.237') 2021-06-07T12:31:38Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 358, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 633, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 73, in _uninstall for unused in self._uninstaller(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 594, in main uninstall_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1030, in uninstall_check ca.uninstall_check(options) File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 127, in uninstall_check raise ScriptError("Aborting uninstall operation.") 2021-06-07T12:31:38Z DEBUG The ipa-server-install command failed, exception: ScriptError: Aborting uninstall operation. 2021-06-07T12:31:38Z ERROR Aborting uninstall operation. 2021-06-07T12:31:38Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information -- Bret Wortman bret.wort...@damascusgrp.com On Fri, Jun 4, 2021, at 1:32 PM, Bret Wortman wrote: > Boom. Looking through the ldifs now. Thanks again, Rob. > > -- > Bret Wortman > bret.wort...@damascusgrp.com > > On Fri, Jun 4, 2021, at 1:22 PM, Rob Crittenden wrote: > > Bret Wortman wrote: > > > What's dsctl? I don't see that anywhere on any of my servers (including > > > the more up-to-date ones). My 389 instance is v1.3.3, if that makes a > > > difference... > > > > > > > > > > Right, really old release. > > > > Try: db2ldif -n userRoot -Z EXAMPLE-TEST -a /path/to/ldif/file > > > > To get the CA ldif replace userRoot with ipaca. > > > > rob > > > > > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure