[Freeipa-users] FreeIPA 4.2.0 on CentOS 7.2 as replica of FreeIPA 3.0.0 on CentOS 6.8; cannot install CA components as replica, cannot promote to master

Rob Crittenden rcritten at redhat.com
Mon Jun 6 15:44:19 UTC 2016 

Dan.Finkelstein at high5games.com wrote:
> Swing and a miss: when setting up the replicas, we always use the
> —setup-ca and end the command with the replica  gpg file, but it's the
> —setup-ca that fails as per the earlier messages. If we proceed without
> —setup-ca, it's fine. I'll try it without skipping the connection check,
> but I don't think the replica file is the issue.

I meant to say: ipa-ca-install replicafile

When running ipa-ca-install without a replicafile then it assumes you 
are trying to set up a brand new CA which isn't allowed if one already 
exists. The messaging has been improved upstream.

Skipping the conncheck can mask odd problems and should be used sparingly.

rob

>
> Thanks,
>
> Dan
>
> <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Senior Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_| 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and Shake
> the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter
> <https://twitter.com/High5Games>, YouTube
> <http://www.youtube.com/High5Games>, Linkedin
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or privileged
> information and are only for the use of the intended recipient of this
> message. If you are not the intended recipient, please notify the sender
> by return email, and delete or destroy this and all copies of this
> message and all attachments. Any unauthorized disclosure, use,
> distribution, or reproduction of this message or any attachments is
> prohibited and may be unlawful./
>
> *From: *Rob Crittenden <rcritten at redhat.com>
> *Date: *Monday, June 6, 2016 at 09:51
> *To: *Daniel Finkestein <Dan.Finkelstein at high5games.com>,
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] FreeIPA 4.2.0 on CentOS 7.2 as replica of
> FreeIPA 3.0.0 on CentOS 6.8; cannot install CA components as replica,
> cannot promote to master
>
> I think I figured out what is wrong. It is trying to add a NEW CA, not
>
> creating a replica of the CA on this host. You need to pass in the
>
> replica install file as an argument:
>
> # ipa-replica-install foo.example.com
>
> Not sure skipping the conncheck is a great idea either.
>
> rob
>
>
>

More information about the Freeipa-users mailing list