[Freeipa-users] Trouble creating replica
Bret Wortman
bret.wortman at damascusgrp.com
Wed Feb 20 13:43:00 UTC 2013
On Wed, Feb 20, 2013 at 8:40 AM, Simo Sorce <simo at redhat.com> wrote:
> On Wed, 2013-02-20 at 08:08 -0500, Bret Wortman wrote:
> > Digging further into my logs this morning, I've discovered that
> > there's no new entries in /var/log/dirsrv/slapd-PKI-IPA since Feb 5
> > either. How can I tell why this isn't
> > running? /var/log/dirsrv/slapd-MY-COM is getting updated and logged
> > to, it's just the PKI piece that seems to be dead.
> >
> >
> > Nothing in /etc/pki-ca has changed since last year, and the last
> > updates to /var/lib/dirsrv/slapd-PKI-IPA/db or changelogs occurred on
> > Feb 5. I just can't tell what that change was....
>
> What error do you get if you try to start it ?
>
[root at oldmaster]# pkicontrol start ca PKI-IPA
PKI-IPA is an invalid 'pki-ca' instance
[root at oldmaster]#
Is there another, preferred way to start it?
> >
> > Would a key change or certificate change have affected this?
>
> An expired CA cert might cause the server to stop, but then you would
> see expired certs all over and also the main IPA instance would not
> start.
> >
> > Worst case, if I do something like this:
> >
> >
> > # ipa-server-install -U --uninstall
> > # ipa-server-install
> >
> You will completely obliterate all your data.
>
> > will I lose the hosts, policies & users I already have configured?
> > Does this stand a chance of getting me back up to where I can clone
> > this box and get healthy again?
> >
> Healthy will be, but with no data, don't do it. (and I suggest you make
> a full backup just in case)
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130220/bd02c311/attachment.htm>
More information about the Freeipa-users
mailing list