On Fri, 2022-01-28 at 16:02 +0100, Florence Blanc-Renaud wrote: > Hi, > you can do > (on another server) > $ ipa server-del --force server.example.com
# ipa server-del --force server.example.com
Removing server.example.com from replication topology, please wait...
ipa: WARNING: Forcing removal of server.example.com
ipa: WARNING: Failed to cleanup server.example.com DNS entries: no matching
entry found
ipa: WARNING: You may need to manually remove them from the tree
ipa: WARNING: Server has already been deleted
-------------------------------------------
Deleted IPA server "server.example.com"
-------------------------------------------
> This should clean up all references to server.example.com
Hopefully it did. :-)
> (on server.example.com)
> $ ipa-client-install --uninstall -U
> $ kdestroy -A
> $ ipa-client-install ...
> $ kinit admin
> $ ipa-replica-install ...
This has now gotten as far as:
# ipa-replica-install --setup-ca --ip-address 10.75.22.247 --setup-dns
--no-forwarders
...
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/29]: creating certificate server db
[2/29]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 12 seconds elapsed
Update succeeded
[3/29]: creating ACIs for admin
[4/29]: creating installation admin user
[5/29]: configuring certificate server instance
Failed to configure CA instance
See the installation logs and the following files/directories for more
information:
/var/log/pki/pki-tomcat
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
CA configuration failed.
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
At the end of /var/log/ipareplica-install.log is the error:
com.netscape.certsrv.base.ConflictingOperationException: Entry already exists.
at
com.netscape.certsrv.ldap.LDAPExceptionConverter.toPKIException(LDAPExceptionConverter.java:45)
at com.netscape.cmscore.usrgrp.UGSubsystem.addUser(UGSubsystem.java:720)
at
org.dogtagpki.server.cli.SubsystemUserAddCLI.execute(SubsystemUserAddCLI.java:180)
at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
at org.dogtagpki.cli.CLI.execute(CLI.java:357)
at org.dogtagpki.cli.CLI.execute(CLI.java:357)
at org.dogtagpki.cli.CLI.execute(CLI.java:357)
at org.dogtagpki.server.cli.PKIServerCLI.execute(PKIServerCLI.java:93)
at org.dogtagpki.server.cli.PKIServerCLI.main(PKIServerCLI.java:123)
Caused by: netscape.ldap.LDAPException: error result (68); Already exists
at netscape.ldap.LDAPConnection.checkMsg(Unknown Source)
at netscape.ldap.LDAPConnection.add(Unknown Source)
at netscape.ldap.LDAPConnection.add(Unknown Source)
at netscape.ldap.LDAPConnection.add(Unknown Source)
at com.netscape.cmscore.usrgrp.UGSubsystem.addUser(UGSubsystem.java:717)
... 7 more
CalledProcessError: Command '['/usr/sbin/runuser', '-u', 'pkiuser', '--',
'/usr/lib/jvm/jre-1.8.0-openjdk/bin/java', '-classpath',
'/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*',
'-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory',
'-Dcatalina.base=/var/lib/pki/pki-tomcat',
'-Dcatalina.home=/usr/share/tomcat', '-Djava.endorsed.dirs=',
'-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp',
'-Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties',
'-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager',
'-Dcom.redhat.fips=false', 'org.dogtagpki.server.cli.PKIServerCLI',
'ca-user-add', '--full-name', 'CA-server.example.com-8443', '--type',
'agentType', '--state', '1', '--debug', 'CA-server.example.com-8443']' returned
non-zero exit status 255.
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py",
line 740, in spawn
deployer.setup_subsystem_user(instance, subsystem,
system_certs['subsystem'])
File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py",
line 1040, in setup_subsystem_user
state='1')
File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1521,
in add_user
capture_output=True)
File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1653,
in run
check=True)
File "/usr/lib64/python3.6/subprocess.py", line 438, in run
output=stdout, stderr=stderr)
2022-01-28T17:44:16Z CRITICAL Failed to configure CA instance
So while a lot further than before, it still fails, but much later in
the install.
Any ideas on this new development?
Cheers,
b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
