[Freeipa-users] Failed to start pki-tomcatd Service

Martin Babinsky mbabinsk at redhat.com
Fri Sep 4 14:37:00 UTC 2015 

On 08/28/2015 05:46 PM, Alexandre Ellert wrote:
>
>> Le 28 août 2015 à 17:41, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>
>> On Fri, 28 Aug 2015, Alexandre Ellert wrote:
>>>
>>>> Le 28 août 2015 à 17:09, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>>>
>>>> On Wed, 26 Aug 2015, Alexandre Ellert wrote:
>>>>>
>>>>>> Le 28 juil. 2015 à 05:59, Alexander Bokovoy <abokovoy at redhat.com> a écrit :
>>>>>>> If the problem is too hard to solve, maybe I should try to deploy another
>>>>>>> replica ?
>>>>>> You may try that. Sorry for not responding, I have some other tasks that
>>>>>> occupy my time right now.
>>>>>>
>>>>>
>>>>>
>>>>> Can you please tell me the procedure to decommission and re-create a new replica ?
>>>>> Are "ipa-server-install —uninstall" then "ipa-server-install" the only things to do ?
>>>> No, you need also to remove the server from the replication topology.
>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/removing-replica.html
>>>>
>>>> --
>>>> / Alexander Bokovoy
>>>
>>> I can’t remove the node on which I have problem with pki-tomcatd :
>>>
>>> # ipa-replica-manage del xxxx.example.com
>>> Deleting a master is irreversible.
>>> To reconnect to the remote master you will need to prepare a new replica file
>>> and re-install.
>>> Continue to delete? [no]: yes
>>> Deleting this server is not allowed as it would leave your installation without a CA
>>>
>>> I seem that it’s the only node where CA is installed. What should I do now ?
>> Add a replica with CA using ipa-ca-install on existing replica.
>>
>> Read the guide, it has detailed coverage of these situations.
>> --
>> / Alexander Bokovoy
>
> On the first node (which is working and without pki-tomcatd service)
> # ipa-ca-install
> Directory Manager (existing master) password:
>
> CA is already installed.
>
> How is it possible ?
>
>
You must provide a replica file as an argument to ipa-ca-install if you 
want to setup CA on another replica.

-- 
Martin^3 Babinsky

More information about the Freeipa-users mailing list