[Freeipa-users] ipa-replica-install failes on setup-ca
Bjarne Blichfeldt
BJB at jndata.dk
Wed Apr 26 07:27:34 UTC 2017
Tank you very much for your response.
Adding debugging to /etc/ipa/server.conf did not add any additional information, but I discovered that -d flag to
ipa-replica-install gives a lot of information.
After a lot of weird stuff, problems and son on, I decided to scratch the entire server completely and start all over.
Now the replica is working again. Server must have had a brain damage at some point.
Venlig hilsen
Bjarne Blichfeldt
Infrastructure Services
Direkte +4563636119
Mobile +4521593270
BJB at jndata.dk
JN Data A/S * Havsteensvej 4 * 4000 Roskilde
Telefon 63 63 63 63/ Fax 63 63 63 64
www.jndata.dk
-----Original Message-----
From: Florence Blanc-Renaud [mailto:flo at redhat.com]
Sent: 25. april 2017 10:30
To: Bjarne Blichfeldt <BJB at jndata.dk>; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] ipa-replica-install failes on setup-ca
On 04/24/2017 09:37 AM, Bjarne Blichfeldt wrote:
> We had problems with one idm replica complaining about different ldap
:snip
Hi,
1/ you may find more information about the CA installation failure in /var/log/pki/pki-ca-spawn.$date.log
To enable debug logs, you can create the file /etc/ipa/server.conf:
$ cat /etc/ipa/server.conf
[global]
debug = True
2/ the error in httpd/error_log may indicate that your certificate expired, could you check if all the certificates are still valid?
$ sudo certutil -L -d /etc/httpd/alias/ -n Server-Cert | grep Not
Not Before: Thu Apr 20 15:03:40 2017
Not After : Sun Apr 21 15:03:40 2019
3/ I recall CA install issues when an old /root/cacert.p12 was left on a replica between uninstall and install. Can you try to delete this file and re-try the ipa-replica-install?
Flo
More information about the Freeipa-users
mailing list