Jani West wrote: > On old master apache logs looks like this: > > --------------- > [Tue Feb 24 23:37:40 2015] [error] [client 192.168.177.8] File does not > exist: /var/www/html/ca > [Tue Feb 24 23:37:41 2015] [error] [client 192.168.177.8] File does not > exist: /var/www/html/ca > [Tue Feb 24 23:38:22 2015] [error] [client 192.168.177.8] File does not > exist: /var/www/html/ca > 192.168.177.8 - - [24/Feb/2015:10:35:47 +0200] "POST > /ca/agent/ca/updateDomainXML HTTP/1.0" 403 323 > 192.168.177.8 - - [24/Feb/2015:23:37:40 +0200] "GET > /ca/rest/securityDomain/domainInfo HTTP/1.1" 404 325 > 192.168.177.8 - - [24/Feb/2015:23:37:41 +0200] "GET > /ca/admin/ca/getDomainXML HTTP/1.1" 200 1158 > 192.168.177.8 - - [24/Feb/2015:23:37:41 +0200] "GET > /ca/rest/account/login HTTP/1.1" 404 313 > 192.168.177.8 - - [24/Feb/2015:23:38:19 +0200] "POST > /ca/admin/ca/getCertChain HTTP/1.0" 200 1410 > 192.168.177.8 - - [24/Feb/2015:23:38:22 +0200] "GET > /ca/rest/account/login HTTP/1.1" 404 313 > 192.168.177.8 - - [24/Feb/2015:23:38:22 +0200] "POST > /ca/admin/ca/getCookie HTTP/1.1" 200 4088 > 192.168.177.8 - - [24/Feb/2015:23:38:22 +0200] "POST > /ca/admin/ca/getDomainXML HTTP/1.0" 200 1158 > 192.168.177.8 - - [24/Feb/2015:23:38:23 +0200] "POST > /ca/admin/ca/getCertChain HTTP/1.0" 200 1410 > 192.168.177.8 - - [24/Feb/2015:23:38:23 +0200] "POST > /ca/admin/ca/updateNumberRange HTTP/1.0" 404 - > 192.168.177.8 - - [24/Feb/2015:23:38:24 +0200] "POST > /ca/admin/ca/updateNumberRange HTTP/1.0" 404 - > 192.168.177.8 - - [24/Feb/2015:23:38:23 +0200] "POST > /ca/ee/ca/updateNumberRange HTTP/1.0" 200 163 > 192.168.177.8 - - [24/Feb/2015:23:38:24 +0200] "POST > /ca/ee/ca/updateNumberRange HTTP/1.0" 200 163 > 192.168.177.8 - - [24/Feb/2015:23:38:27 +0200] "POST > /ca/admin/ca/updateNumberRange HTTP/1.0" 404 - > 192.168.177.8 - - [24/Feb/2015:23:38:27 +0200] "POST > /ca/ee/ca/updateNumberRange HTTP/1.0" 200 153 > 192.168.177.8 - - [24/Feb/2015:23:38:30 +0200] "POST > /ca/admin/ca/getConfigEntries HTTP/1.0" 200 13714 > 192.168.177.8 - - [24/Feb/2015:23:41:06 +0200] "POST > /ca/admin/ca/getDomainXML HTTP/1.0" 200 1158 > 192.168.177.8 - - [24/Feb/2015:23:41:06 +0200] "POST > /ca/admin/ca/updateDomainXML HTTP/1.0" 404 - > 192.168.177.8 - - [24/Feb/2015:23:41:06 +0200] "POST > /ca/agent/ca/updateDomainXML HTTP/1.0" 200 115 > --------------------- > > and /var/log/ipareplica-install.log on new replica looks like this: > -------------------- > pkispawn : ERROR ....... Exception from Java Configuration > Servlet: Error while updating security domain: java.io.IOException: 2 > > 2015-02-24T21:40:54Z CRITICAL failed to configure ca instance Command > '/usr/sbin/pkispawn -s CA -f /tmp/tmpR56_Ck' returned non-zero exit > status 1 > 2015-02-24T21:40:54Z DEBUG File > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > line 638, in run_script > return_value = main_function() > > File "/usr/sbin/ipa-replica-install", line 667, in main > CA = cainstance.install_replica_ca(config) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line > 1689, in install_replica_ca > subject_base=config.subject_base) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line > 478, in configure_instance > self.start_creation(runtime=210) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 364, in start_creation > method() > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line > 615, in __spawn_instance > raise RuntimeError('Configuration of CA failed') > > 2015-02-24T21:40:54Z DEBUG The ipa-replica-install command failed, > exception: RuntimeError: Configuration of CA failed > -------------------- > > Just give me a shout if you want me to run replication again and if you > need any extra logs.
The full ipaserver-install.log and /var/log/pki/pki-tomcat/ca/debug would be handy. Feel free to send them to me directly as they are probably rather large. rob > > > On 02/25/2015 12:00 AM, Rob Crittenden wrote: >> Jani West wrote: >>> Re-created replication file and run ipa-replica-install o fresh CentOS 7 >>> server. >>> >>> It is still giving the same error: >>> >>> --------------------- >>> 2015-02-24T21:40:54Z DEBUG Process finished, return code=1 >>> 2015-02-24T21:40:54Z DEBUG stdout=Loading deployment configuration from >>> /tmp/tmpR56_Ck. >>> Installing CA into /var/lib/pki/pki-tomcat. >>> Storing deployment configuration into >>> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. >>> Installation failed. >>> >>> >>> 2015-02-24T21:40:54Z DEBUG stderr=pkispawn : WARNING ....... unable >>> to validate security domain user/password through REST interface. >>> Interface not available >> >> That is expected. >> >>> pkispawn : ERROR ....... Exception from Java Configuration >>> Servlet: Error while updating security domain: java.io.IOException: 2 >> >> I think a fresh set of logs is in needed. >> >> rob >> >>> --------------------. >>> >>> On 02/24/2015 06:06 PM, Rob Crittenden wrote: >>>> West, Jani wrote: >>>>> Thank you for the tip, >>>>> >>>>> Just created new /root/cacerts.p12. Should I import it to the CA >>>>> somehow >>>>> or just restart the ipa server? >>>>> >>>>> Will reset the new replicate vm to clean CentOS 7 installation without >>>>> any leftovers from ipa-replica-install. >>>>> >>>> >>>> Re-run ipa-replica-prepare and it will pick up the new file. Use that >>>> newly prepared file on your replica and hopefully that will do the >>>> trick. >>>> >>>> rob >>>> >>> >>> > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project