[Freeipa-users] Trouble creating replica
Simo Sorce
simo at redhat.com
Wed Feb 20 13:40:38 UTC 2013
On Wed, 2013-02-20 at 08:08 -0500, Bret Wortman wrote:
> Digging further into my logs this morning, I've discovered that
> there's no new entries in /var/log/dirsrv/slapd-PKI-IPA since Feb 5
> either. How can I tell why this isn't
> running? /var/log/dirsrv/slapd-MY-COM is getting updated and logged
> to, it's just the PKI piece that seems to be dead.
>
>
> Nothing in /etc/pki-ca has changed since last year, and the last
> updates to /var/lib/dirsrv/slapd-PKI-IPA/db or changelogs occurred on
> Feb 5. I just can't tell what that change was....
What error do you get if you try to start it ?
>
> Would a key change or certificate change have affected this?
An expired CA cert might cause the server to stop, but then you would
see expired certs all over and also the main IPA instance would not
start.
>
> Worst case, if I do something like this:
>
>
> # ipa-server-install -U --uninstall
> # ipa-server-install
>
You will completely obliterate all your data.
> will I lose the hosts, policies & users I already have configured?
> Does this stand a chance of getting me back up to where I can clone
> this box and get healthy again?
>
Healthy will be, but with no data, don't do it. (and I suggest you make
a full backup just in case)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list