[Freeipa-users] Re: How to blend IPA server 4.1.4 on F21 with server 4.6.8 on C7?

Rob Crittenden via FreeIPA-users Mon, 07 Jun 2021 08:07:51 -0700

Bret Wortman wrote:
> I cleaned up the contents of our ldap manually, re-created the replica file, 
> and got a lot further than we have before but ipa-replica-install still 
> failed as below:
> 
> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
>   [1/30]: configuring certificate server instance
> ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: 
> Command '/usr/sbin/pkispawn -s CA -f /tmp/tmphvJyRY' returned non-zero exit 
> status 1
> ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the 
> following files/directories for more information:
> ipaserver.install.dogtaginstance: CRITICAL   /var/log/pki/pki-tomcat
>   [error] RuntimeError: CA configuration failed.
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.


If the pkispawn fails you need to dig into the CA logging for any
details. It just gives us a pass/fail to IPA.

> ipapython.admintool: ERROR    CA configuration failed.
> ipapython.admintool: ERROR    The ipa-replica-install command failed. See 
> /var/log/ipareplica-install.log for more information
> [root@ipa2c7 ~]# ipa-server-install --uninstall -U
> ipapython.admintool: ERROR    Unable to read 
> /etc/httpd/conf.d/ipa-pki-proxy.conf
> ipapython.admintool: ERROR    The ipa-server-install command failed. See 
> /var/log/ipaserver-uninstall.log for more information
> [root@ipa2c7 ~]# touch /etc/httpd/conf.d/ipa-pki-proxy.conf
> [root@ipa2c7 ~]# ipa-server-install --uninstall -U
> Deleting this server will leave your installation without a CRL generation 
> master.
> ipapython.admintool: ERROR    Aborting uninstall operation.
> ipapython.admintool: ERROR    The ipa-server-install command failed. See 
> /var/log/ipaserver-uninstall.log for more information

This is most likely a red herring. Your current version is old enough
that it may not store who the CRL management server is.  On the existing
server us ipa config-show to find out.

You can add --igore-last-of-role to skip this I believe.

rob

> 
> It looks to have failed in such a way that it doesn't know how to back out 
> again, which I haven't seen before. Thoughts? The error in ipa-uninstall.log 
> looks like a generic admintool.py error:
> 
> 2021-06-07T12:31:38Z DEBUG retrieving schema for SchemaCache 
> url=ldapi://%2fvar%2frun%2fslapd-OUR-NET.socket 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f05289fdf80>
> 2021-06-07T12:31:38Z DEBUG raw: config_show(version=u'2.237')
> 2021-06-07T12:31:38Z DEBUG config_show(rights=False, all=False, raw=False, 
> version=u'2.237')
> 2021-06-07T12:31:38Z DEBUG   File 
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in 
> execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, 
> in run
>     return cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 358, in run
>     self.validate()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 368, in validate
>     for _nothing in self._validator():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 431, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 455, in _handle_validate_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 450, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 421, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 418, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
> in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
> in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 633, in _configure
>     next(validator)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 431, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 455, in _handle_validate_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 518, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 450, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 515, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 450, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 421, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
> 418, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
> in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
> in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 
> 73, in _uninstall
>     for unused in self._uninstaller(self.parent):
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 
> 594, in main
>     uninstall_check(self)
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 
> 250, in decorated
>     func(installer)
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 
> 1030, in uninstall_check
>     ca.uninstall_check(options)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 127, 
> in uninstall_check
>     raise ScriptError("Aborting uninstall operation.")
> 
> 2021-06-07T12:31:38Z DEBUG The ipa-server-install command failed, exception: 
> ScriptError: Aborting uninstall operation.
> 2021-06-07T12:31:38Z ERROR Aborting uninstall operation.
> 2021-06-07T12:31:38Z ERROR The ipa-server-install command failed. See 
> /var/log/ipaserver-uninstall.log for more information
> 
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: How to blend IPA server 4.1.4 on F21 with server 4.6.8 on C7?

Reply via email to