[Freeipa-users] FreeIPA 4.2.0 on CentOS 7.2 as replica of FreeIPA 3.0.0 on CentOS 6.8; cannot install CA components as replica, cannot promote to master

Rob Crittenden rcritten at redhat.com
Mon Jun 6 13:51:57 UTC 2016 

Dan.Finkelstein at high5games.com wrote:
> I didn't get the chance to clean anything up because there's truly
> nothing there:
>
> root at ipa pki]# pwd
>
> /var/lib/pki
>
> [root at ipa pki]# ls
>
> [root at ipa pki]#

I think I figured out what is wrong. It is trying to add a NEW CA, not 
creating a replica of the CA on this host. You need to pass in the 
replica install file as an argument:

# ipa-replica-install foo.example.com

Not sure skipping the conncheck is a great idea either.

rob

>
> <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Senior Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_| 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and Shake
> the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter
> <https://twitter.com/High5Games>, YouTube
> <http://www.youtube.com/High5Games>, Linkedin
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or privileged
> information and are only for the use of the intended recipient of this
> message. If you are not the intended recipient, please notify the sender
> by return email, and delete or destroy this and all copies of this
> message and all attachments. Any unauthorized disclosure, use,
> distribution, or reproduction of this message or any attachments is
> prohibited and may be unlawful./
>
> *From: *Rob Crittenden <rcritten at redhat.com>
> *Date: *Friday, June 3, 2016 at 17:47
> *To: *Daniel Finkestein <Dan.Finkelstein at high5games.com>,
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] FreeIPA 4.2.0 on CentOS 7.2 as replica of
> FreeIPA 3.0.0 on CentOS 6.8; cannot install CA components as replica,
> cannot promote to master
>
>     root at ipa ~]# pkidestroy -i pki-tomcat -s CA
>
>     ERROR:  PKI instance '/var/lib/pki/pki-tomcat' does NOT exist!
>
> The IPA installer is looking for the existence of
>
> /var/lib/pki/pki-tomcat/ca/conf/CS.cfg. At least some things in
>
> /var/lib/pki/pki-tomcat are links to /etc, notably alias and conf. You
>
> can try manually cleaning those up.
>
> rob
>
>
>

More information about the Freeipa-users mailing list