roy liang via FreeIPA-users wrote: >> After libnsspem.so is added to Ubuntu16.04, all expired certificates pass >> the change time >> and the test is renewed normally. However, there are new problems during the >> IPA-replica-install test. The details are as follows: >> >> ipa-client-install --domain=hiido.host.yydevops.com --realm=YYDEVOPS.COM >> --server=ipa-test-65-188.hiido.host.yydevops.com >> Everything is all right .... >> >> root@fs-hiido-dn-12-65-18:/home/liangrui# ipa-replica-install >> Run connection check to master >> Connection check OK >> Configuring NTP daemon (ntpd) >> [1/4]: stopping ntpd >> [2/4]: writing configuration >> [3/4]: configuring ntpd to start on boot >> [4/4]: starting ntpd >> Done configuring NTP daemon (ntpd). >> Configuring directory server (dirsrv). Estimated time: 1 minute >> [1/43]: creating directory server user >> [2/43]: creating directory server instance >> [3/43]: restarting directory server >> [4/43]: adding default schema >> [5/43]: enabling memberof plugin >> [6/43]: enabling winsync plugin >> [7/43]: configuring replication version plugin >> [8/43]: enabling IPA enrollment plugin >> [9/43]: enabling ldapi >> [10/43]: configuring uniqueness plugin >> [11/43]: configuring uuid plugin >> [12/43]: configuring modrdn plugin >> [13/43]: configuring DNS plugin >> [14/43]: enabling entryUSN plugin >> [15/43]: configuring lockout plugin >> [16/43]: configuring topology plugin >> [17/43]: creating indices >> [18/43]: enabling referential integrity plugin >> [19/43]: configuring certmap.conf >> [20/43]: configure autobind for root >> [21/43]: configure new location for managed entries >> [22/43]: configure dirsrv ccache >> [23/43]: enabling SASL mapping fallback >> [24/43]: restarting directory server >> [25/43]: creating DS keytab >> [26/43]: retrieving DS Certificate >> [27/43]: restarting directory server >> ipa : CRITICAL Failed to restart the directory server. See the >> installation log >> for details. >> [error] SystemExit: 1 >> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >> ipa-replica-install command >> failed. See /var/log/ipareplica-install.log for more information >> >> >> #cat /var/log/ipareplica-install.log >> .... >> 2022-08-08T09:14:29Z DEBUG stdout= >> 2022-08-08T09:14:29Z DEBUG stderr=Keytab successfully retrieved and stored >> in: >> /etc/dirsrv/ds.keytab >> >> 2022-08-08T09:14:29Z DEBUG duration: 1 seconds >> 2022-08-08T09:14:29Z DEBUG [26/43]: retrieving DS Certificate >> 2022-08-08T09:14:29Z DEBUG Loading Index file from >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2022-08-08T09:14:29Z DEBUG Starting external process >> 2022-08-08T09:14:29Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -L -n >> YYDEVOPS.COM IPA CA -a >> 2022-08-08T09:14:29Z DEBUG Process finished, return code=255 >> 2022-08-08T09:14:29Z DEBUG stdout= >> 2022-08-08T09:14:29Z DEBUG stderr=certutil: Could not find cert: >> YYDEVOPS.COM IPA CA >> : PR_FILE_NOT_FOUND_ERROR: File not found >> >> 2022-08-08T09:14:29Z DEBUG Starting external process >> 2022-08-08T09:14:29Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -N -f >> /etc/dirsrv/slapd-YYDEVOPS-COM//pwdfile.txt >> 2022-08-08T09:14:29Z DEBUG Process finished, return code=0 >> 2022-08-08T09:14:29Z DEBUG stdout= >> 2022-08-08T09:14:29Z DEBUG stderr= >> 2022-08-08T09:14:29Z DEBUG Starting external process >> 2022-08-08T09:14:29Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -A -n >> YYDEVOPS.COM IPA CA -t CT,C,C -a >> 2022-08-08T09:14:29Z DEBUG Process finished, return code=0 >> 2022-08-08T09:14:29Z DEBUG stdout= >> 2022-08-08T09:14:29Z DEBUG stderr= >> 2022-08-08T09:14:29Z DEBUG Starting external process >> 2022-08-08T09:14:29Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -A -n >> YYDEVOPS.COM IPA CA -t CT,C,C -a >> 2022-08-08T09:14:29Z DEBUG Process finished, return code=0 >> 2022-08-08T09:14:29Z DEBUG stdout= >> 2022-08-08T09:14:29Z DEBUG stderr= >> 2022-08-08T09:14:29Z DEBUG certmonger request is in state >> dbus.String(u'GENERATING_KEY_PAIR', variant_level=1) >> 2022-08-08T09:14:34Z DEBUG certmonger request is in state >> dbus.String(u'CA_UNREACHABLE', variant_level=1) >> 2022-08-08T09:14:34Z DEBUG flushing >> ldapi://%2fvar%2frun%2fslapd-YYDEVOPS-COM.socket from >> SchemaCache >> 2022-08-08T09:14:34Z DEBUG retrieving schema for SchemaCache >> url=ldapi://%2fvar%2frun%2fslapd-YYDEVOPS-COM.socket >> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f36a4433e60> >> 2022-08-08T09:14:34Z DEBUG duration: 5 seconds >> 2022-08-08T09:14:34Z DEBUG [27/43]: restarting directory server >> 2022-08-08T09:14:34Z DEBUG Starting external process >> 2022-08-08T09:14:34Z DEBUG args=/bin/systemctl --system daemon-reload >> 2022-08-08T09:14:35Z DEBUG Process finished, return code=0 >> 2022-08-08T09:14:35Z DEBUG stdout= >> 2022-08-08T09:14:35Z DEBUG stderr= >> 2022-08-08T09:14:35Z DEBUG Starting external process >> 2022-08-08T09:14:35Z DEBUG args=/bin/systemctl restart >> dirsrv(a)YYDEVOPS-COM.service >> 2022-08-08T09:14:36Z DEBUG Process finished, return code=0 >> 2022-08-08T09:14:36Z DEBUG stdout= >> 2022-08-08T09:14:36Z DEBUG stderr= >> 2022-08-08T09:14:36Z DEBUG Starting external process >> 2022-08-08T09:14:36Z DEBUG args=/bin/systemctl is-active >> dirsrv(a)YYDEVOPS-COM.service >> 2022-08-08T09:14:36Z DEBUG Process finished, return code=3 >> 2022-08-08T09:14:36Z DEBUG stdout=failed >> >> 2022-08-08T09:14:36Z DEBUG stderr= >> 2022-08-08T09:14:36Z DEBUG Starting external process >> 2022-08-08T09:14:36Z DEBUG args=/bin/systemctl is-active >> dirsrv(a)YYDEVOPS-COM.service >> 2022-08-08T09:14:36Z DEBUG Process finished, return code=3 >> 2022-08-08T09:14:36Z DEBUG stdout=failed >> >> 2022-08-08T09:14:36Z DEBUG stderr= >> 2022-08-08T09:14:36Z CRITICAL Failed to restart the directory server. See >> the installation >> log for details. >> 2022-08-08T09:14:36Z DEBUG Traceback (most recent call last): >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line >> 447, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line >> 437, in run_step >> method() >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", >> line >> 625, in __restart_instance >> self.restart(self.serverid) >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", >> line >> 619, in restart >> raise e >> SystemExit: 1 >> >> 2022-08-08T09:14:36Z DEBUG [error] SystemExit: 1 >> 2022-08-08T09:14:36Z DEBUG File >> "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in >> execute >> return_value = self.run() >> File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line >> 318, in >> run >> cfgr.run() >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 310, >> in run >> self.execute() >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 332, >> in execute >> for nothing in self._executor(): >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 372, >> in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 394, >> in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 362, >> in __runner >> step() >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 359, >> in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line >> 81, in >> run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line >> 59, in >> run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 586, >> in _configure >> next(executor) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 372, >> in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 449, >> in _handle_exception >> self.__parent._handle_exception(exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 394, >> in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 446, >> in _handle_exception >> super(ComponentBase, self)._handle_exception(exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 394, >> in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 362, >> in __runner >> step() >> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line >> 359, >> in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line >> 81, in >> run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line >> 59, in >> run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line >> 63, >> in _install >> for nothing in self._installer(self.parent): >> File >> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", >> line 1652, in main >> promote(self) >> File >> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", >> line 375, in decorated >> func(installer) >> File >> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", >> line 1359, in promote >> promote=True, pkcs12_info=dirsrv_pkcs12_info) >> File >> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", >> line 125, in install_replica_ds >> promote=promote, >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", >> line >> 399, in create_replica >> self.start_creation(runtime=60) >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line >> 447, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line >> 437, in run_step >> method() >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", >> line >> 625, in __restart_instance >> self.restart(self.serverid) >> File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", >> line >> 619, in restart >> raise e >> >> 2022-08-08T09:14:36Z DEBUG The ipa-replica-install command failed, >> exception: SystemExit: >> 1 >> 2022-08-08T09:14:36Z ERROR The ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> #less /var/log/dirsrv/slapd-YYDEVOPS-COM/errors >> [08/Aug/2022:17:14:36 +0800] - SSL alert: Security Initialization: Can't find >> certificate (Server-Cert) for family cn=RSA,cn=encryption,cn=config >> (Netscape Portable >> Runtime error -8174 - security library: bad database.) >> [08/Aug/2022:17:14:36 +0800] - SSL alert: Security Initialization: Unable to >> retrieve >> private key for cert Server-Cert of family cn=RSA,cn=encryption,cn=config >> (Netscape >> Portable Runtime error -8174 - security library: bad database.) >> [08/Aug/2022:17:14:36 +0800] - SSL failure: None of the cipher are valid >> [08/Aug/2022:17:14:36 +0800] - ERROR: SSL2 Initialization Failed. Disabling >> SSL2. >> [08/Aug/2022:17:14:36 +0800] - 389-Directory/1.3.4.9 B2016.109.158 starting >> up >> [08/Aug/2022:17:14:36 +0800] - Can't find certificate Server-Cert in >> attrcrypt_fetch_private_key: -8174 - security library: bad database. >> [08/Aug/2022:17:14:36 +0800] - Can't get private key from cert Server-Cert in >> attrcrypt_fetch_private_key: -8174 - security library: bad database. >> [08/Aug/2022:17:14:36 +0800] - Error: unable to initialize attrcrypt system >> for userRoot >> [08/Aug/2022:17:14:36 +0800] - start: Failed to start databases, err=-1 >> BDB0092 Unknown >> error: -1 >> [08/Aug/2022:17:14:36 +0800] - Failed to start database plugin ldbm database >> [08/Aug/2022:17:14:36 +0800] - WARNING: ldbm instance userRoot already exists >> [08/Aug/2022:17:14:36 +0800] - ldbm_config_read_instance_entries: failed to >> add instance >> entry cn=userRoot,cn=ldbm database,cn=plugins,cn=config >> [08/Aug/2022:17:14:36 +0800] - ldbm_config_load_dse_info: failed to read >> instance entries >> [08/Aug/2022:17:14:36 +0800] - start: Loading database configuration failed >> [08/Aug/2022:17:14:36 +0800] - Failed to start database plugin ldbm database >> [08/Aug/2022:17:14:36 +0800] - Error: Failed to resolve plugin dependencies >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpreoperation plugin 7-bit check >> is not started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin Account Usability >> Plugin is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: accesscontrol plugin ACL Plugin is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin ACL preoperation >> is not started >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpreoperation plugin Auto >> Membership Plugin is >> not started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin Class of Service is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin deref is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin HTTP Client is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin IPA DNS is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin IPA Lockout is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpostoperation plugin IPA MODRDN >> is not started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin IPA Topology >> Configuration is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin IPA UUID is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin ipa-winsync is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: extendedop plugin ipa_enrollment_extop >> is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin ipaUniqueID >> uniqueness is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin krbCanonicalName >> uniqueness is >> not started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin krbPrincipalName >> uniqueness is >> not started >> [08/Aug/2022:17:14:36 +0800] - Error: database plugin ldbm database is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin Legacy Replication >> Plugin is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpreoperation plugin Linked >> Attributes is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpreoperation plugin Managed >> Entries is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpostoperation plugin MemberOf >> Plugin is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin Multimaster Replication >> Plugin is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin netgroup >> uniqueness is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: betxnpostoperation plugin referential >> integrity >> postoperation is not started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin Roles Plugin is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: preoperation plugin sudorule name >> uniqueness is not >> started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin USN is not started >> [08/Aug/2022:17:14:36 +0800] - Error: object plugin Views is not started >> [08/Aug/2022:17:14:36 +0800] - Error: extendedop plugin whoami is not started >> >> root@fs-hiido-dn-12-65-18:/var/log/dirsrv/slapd-YYDEVOPS-COM# certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -L >> >> Certificate Nickname Trust Attributes >> >> SSL,S/MIME,JAR/XPI >> >> YYDEVOPS.COM IPA CA CT,C,C >> YYDEVOPS.COM IPA CA CT,C,C >> >> >> root@fs-hiido-dn-12-65-18:/var/log/dirsrv/slapd-YYDEVOPS-COM# certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -L -n YYDEVOPS.COM IPA CA -a >> certutil: Could not find cert: YYDEVOPS.COM >> : PR_FILE_NOT_FOUND_ERROR: File not found >> root@fs-hiido-dn-12-65-18:/var/log/dirsrv/slapd-YYDEVOPS-COM# certutil -d >> /etc/dirsrv/slapd-YYDEVOPS-COM/ -L -n 'YYDEVOPS.COM IPA CA' -a >> -----BEGIN CERTIFICATE----- >> MIIDpTCCAo2gAwIBAgIBEzANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQKDAxZWURF >> Vk9QUy5DT00xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMDA3 >> MzExNzExMzlaFw00MDA3MzExNzExMzlaMDcxFTATBgNVBAoMDFlZREVWT1BTLkNP >> TTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B >> AQEFAAOCAQ8AMIIBCgKCAQEAvKlmpaCuohS3WQgnG2Ppzr56MCpjTyJgPifDZpvC >> NkRCS+MtqaRKC2NX2E8oZjQAqbkUaeVfduuTL7BmTQgblm29mfKEGWtQiezNbp2k >> X20xzRqRV85P7Vz1H+mGLUFb3WbKcFPFlWNqKwxPcpQi49ajACwjHaXBu+dtjT5D >> wTuV1tQskwl17x1r858DoW1L9OwwXT08f7zIWwdUaENwZKBhVBntA4se1Zow0euC >> KQOy1z9x1PQPhmVuHf8xqZnqHC7de95/k1JWBe8pa0k8EKKJ0SckI8siX7cSViKx >> rSC/yR5pn7Q4GuN6cT7epayO/voWStaKK0NnjMO/Ue6ShQIDAQABo4G7MIG4MB8G >> A1UdIwQYMBaAFLk6xAYxQbKeq6CoTqaaCAV6VJc/MB0GA1UdDgQWBBS5OsQGMUGy >> nqugqE6mmggFelSXPzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjBV >> BggrBgEFBQcBAQRJMEcwRQYIKwYBBQUHMAGGOWh0dHA6Ly9pcGEtdGVzdC02NS0x >> ODguaGlpZG8uaG9zdC55eWRldm9wcy5jb206ODAvY2Evb2NzcDANBgkqhkiG9w0B >> AQsFAAOCAQEAWQ27Ct/fKQ6AUg4szZ5zvoQ3H94GCxExQZRPhkx48XJnHF2mrAkd >> zlvUBOZ1HSAaB7ym4svjnrjVIC/BhjXH2k7BvfSCDJlkm5IP7J2DIJ+czvduRftz >> c+4TXOIJ14u5PY+Bcn4BHQ1iR1erR1LGaHa6G9IzbYVtNmY5gWHokFOcRbQmduLl >> ddZPlkdujWU8WxdXzuULBgfnHSFoNB8SATFo686RTmflAPG0So72LhzF4ElFm1An >> dUIftRc4PvS7DtQD7VVSc86VhCJVIGTCOx/BfbI05JP8HXQDYjBSUIezCH8rjOhu >> HA89ijC2ULSXBOdmtOddGxuc72wSjeqMVQ== >> -----END CERTIFICATE----- >> -----BEGIN CERTIFICATE----- >> MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQKDAxZWURF >> Vk9QUy5DT00xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMDA3 >> MzExNjU2NDZaFw00MDA3MzExNjU2NDZaMDcxFTATBgNVBAoMDFlZREVWT1BTLkNP >> TTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B >> AQEFAAOCAQ8AMIIBCgKCAQEAvKlmpaCuohS3WQgnG2Ppzr56MCpjTyJgPifDZpvC >> NkRCS+MtqaRKC2NX2E8oZjQAqbkUaeVfduuTL7BmTQgblm29mfKEGWtQiezNbp2k >> X20xzRqRV85P7Vz1H+mGLUFb3WbKcFPFlWNqKwxPcpQi49ajACwjHaXBu+dtjT5D >> wTuV1tQskwl17x1r858DoW1L9OwwXT08f7zIWwdUaENwZKBhVBntA4se1Zow0euC >> KQOy1z9x1PQPhmVuHf8xqZnqHC7de95/k1JWBe8pa0k8EKKJ0SckI8siX7cSViKx >> rSC/yR5pn7Q4GuN6cT7epayO/voWStaKK0NnjMO/Ue6ShQIDAQABo4G7MIG4MB8G >> A1UdIwQYMBaAFLk6xAYxQbKeq6CoTqaaCAV6VJc/MA8GA1UdEwEB/wQFMAMBAf8w >> DgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBS5OsQGMUGynqugqE6mmggFelSXPzBV >> BggrBgEFBQcBAQRJMEcwRQYIKwYBBQUHMAGGOWh0dHA6Ly9pcGEtdGVzdC02NS0x >> ODguaGlpZG8uaG9zdC55eWRldm9wcy5jb206ODAvY2Evb2NzcDANBgkqhkiG9w0B >> AQsFAAOCAQEAQcgq+Tm9Mqxy0Kk1eX/E7/7B0sa8WoeNFTpIweyeZEQdJyxQwe3T >> gQeDBZsP6meqscWTgsmxNdm9bCpPlBnPThbGNgHsdmLzCQvpLDU1cn7BQs+jFoNJ >> YC9g+eIzhFAw3E63WG//0VJyPkOOXrXc3o2QCqKHBZFrnn2YpYqXJN/bqN2rLwHS >> s5NOuK7Q70kq6etz+T9o+s5uM2A3RYTiPen4SY9kKkcMJ1CKyh6YatRUV0o7kTvA >> 0it2cFc74mIdsqb91VgYL+kzKTIIWH88OZYaMIWxj60gGBntKyF61RlCnhW94GQw >> SkdKwEAIXTJTMJwk849tbGwi7Tk4MOT5pA== >> -----END CERTIFICATE----- >> root@fs-hiido-dn-12-65-18:/var/log/dirsrv/slapd-YYDEVOPS-COM# >> >> >> >> According to the log output, are the quotes missing, so the name cannot be >> found, or are >> there two (YYDEVOPS.COM IPA CA) names, so the service cannot be replicated? >> >> /var/log/ipareplica-install.log >> 2022-08-08T09:14:29Z DEBUG stderr=certutil: Could not find cert: >> YYDEVOPS.COM IPA CA >> : PR_FILE_NOT_FOUND_ERROR: File not found > > Strangely, after a few days, I tried IPA-certupDate again > Then execute on the new node > Ipa - up - install, debug > Ipa - up - install, setup - ca - the debug > It all worked. The data was replicated.The main reason seems to be > libnsspem.so
libnsspem is a PKCS#11 driver that allows PEM files to be used by NSS database applications. The IPA RA cert used to communicate with the CA is stored as PEM files. So in order to do the renewal this file had to be loaded and since libnsspem was missing it was not possible. So glad you got things working. Be sure that you have at least two CAs so if one suffers catastrophic failure (hardware fault, for example) you'll have the ability to recover. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
