[Freeipa-users] Fwd: Fwd: Fwd: Scorched earth
Rob Crittenden
rcritten at redhat.com
Fri Aug 30 12:47:56 UTC 2013
Bret Wortman wrote:
> Still odder ... I went ahead and tried to delete the agreement:
>
> [ipamaster]# ipa-replica-manage del ipamaster3.foo.net
> <http://ipamaster3.foo.net> --force
> 'ipamaster.foo.net <http://ipamaster.foo.net>' has no replication
> agreement for 'ipamaster3.foo.net <http://ipamaster3.foo.net>'
> [ipamaster]#
>
> Dug back into the script and realized upon further reading (and widening
> my read to more of the code) that found was being set True elsewhere --
> where it was complaining about how ipamaster knew about ipamaster3
> already. Fair enough. So I hopped on over there and removed it. Which
> worked. And now the script proceeds much better.
>
> Guess the third cup of coffee helped.
>
> CA configuration still failed, though, at the same place as before
> (though executed as part of ipa-replica-install --setup-ca this time):
>
> [2/17]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpnq_J4d' returned non-zero exit status 1
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Configuration of CA failed.
>
> /This/ time, I'm not going to run the --uninstall command until someone
> on the team tells me to do so....
Ok. What we'll need to see is the full /var/log/ipareplica-install.log
and the CA debug log from /var/log/pki/pki-tomcat/ca/debug. The CA team
sometimes wants the debug log from the master you're cloning from too.
You can send these to me out of band if you'd like, the debug logs in
particular tend to be humongous.
rob
More information about the Freeipa-users
mailing list