[Freeipa-users] CA installation failed on server
Rob Crittenden
rcritten at redhat.com
Mon Nov 30 18:54:57 UTC 2015
Christian Heimes wrote:
> On 2015-11-30 17:48, Martin Basti wrote:
>> If I did read logs right, there was ipa-server-installed, CA
>> uninstallation failed and now IPA server install is failing because new
>> CA cannot be installed due the old instance of CA.
>
> Martin, you are right. Daniel didn't mention reinstallation in his
> initial mail. You and me are aware of the details because we talked to
> him on IRC. I just asked Daniel on IRC and he confirmed it. Rob couldn't
> know the fact, hence the misunderstanding.
>
> Robert, your workaround fixes uninstallation. But it doesn't fix an
> already broken system. ipa-server --uninstall leaves the system in an
> inconsistent state. It removes most of the CA but leaves entries in LDAP
> ou=Security Domain,o=ipaca.
I don't know quite what to say.
Any already broken system? The IPA installer isn't (yet) idempotent so
any failure installing needs to be uninstalled, corrected, and tried
again. There is no powering onwards.
Left over data? In a standalone system this is moot because IPA needs to
start as a clean slate for a new installation attempt.
I really don't see how my workaround made any difference at all in the
uninstall since it should just be removing bits not doing anything over
LDAP. And in any case, uninstalling the server also wipes out the LDAP
server so it's a moot point.
rob
More information about the Freeipa-users
mailing list