[Freeipa-users] Trouble installing F21 4.1.2 replica from F20 3.3.5 master
Endi Sukma Dewata
edewata at redhat.com
Mon Jan 5 15:40:08 UTC 2015
On 1/5/2015 8:53 PM, Martin Kosek wrote:
> On 01/05/2015 02:05 PM, Anthony Messina wrote:
>>>> I was hoping to "migrate" from F20 to F21 using:
>>>> http://www.freeipa.org/page/Howto/Migration
>>>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
>>>
>>> The migration procedure is only needed if you run FreeIPA server with PKI based
>>> on Dogtag (pki-ca package) 9. Do you? Is your Fedora 20 FreeIPA&PKI instance
>>> functional? FreeIPA+Dogtag 9 is not supported since Fedora 18, so I was
>>> surprised such setup worked in Fedora 20.
>>
>> I don't use Dogtag 9. I installed FreeIPA freshly on a F19 VM, then yum
>> upgraded to F20. With the significant changes for Fedora.next, systemd-216,
>> and FreeIPA 4, I wanted to create a new "master" (amd retire the old) by
>> replicating the current F20 3.3.5 master to what would become an F21 4.1.2 master.
>
> Ah, makes more sense then. The PKI error below gets more serious then - Fraser
> and Endi, please help Anthony.
I'm discussing this with Ade (CC'd). Based on the stack trace it looks
like the replica thinks the master returns an incomplete information
about the security domain, probably due to the different Dogtag versions
used in master and replica.
We need some additional info:
1. What is the pki-ca version on the master (F20)?
2. What is the pki-ca version on the replica (F21)?
3. What is the output of this URL on the master?
https://<master>:8443/ca/rest/securityDomain/domainInfo
Thanks.
--
Endi S. Dewata
More information about the Freeipa-users
mailing list