I need to upgrade from IPA3.0 to IPA4.2 (from centos 6.7 to 7.2) and the replica process is failing to install on the new system:
2016-01-13T17:27:46Z DEBUG Starting external process 2016-01-13T17:27:46Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpjklK4o' 2016-01-13T17:28:19Z DEBUG Process finished, return code=1 2016-01-13T17:28:19Z DEBUG stdout=Log file: /var/log/pki/pki-ca- spawn.20160113122746.log Loading deployment configuration from /tmp/tmpjklK4o. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki- tomcat/ca/deployment.cfg. Installation failed. 2016-01-13T17:28:19Z DEBUG stderr=/usr/lib/python2.7/site- packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certifi cate verification is strongly advised. See: https://urllib3.readthedocs .org/en/latest/security.html InsecureRequestWarning) pkispawn : WARNING ....... unable to validate security domain user/password through REST interface. Interface not available pkispawn : ERROR ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.P KIException ","Code":500,"Message":"Clone does not have all the required certificates"} 2016-01-13T17:28:19Z CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpjklK4o'' returned non- zero exit status 1 2016-01-13T17:28:19Z CRITICAL See the installation logs and the following files/directories for more information: 2016-01-13T17:28:19Z CRITICAL /var/log/pki-ca-install.log 2016-01-13T17:28:19Z CRITICAL /var/log/pki/pki-tomcat 2016-01-13T17:28:19Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step method() File "/usr/lib/python2.7/site- packages/ipaserver/install/cainstance.py", line 620, in __spawn_instance DogtagInstance.spawn_instance(self, cfg_file) File "/usr/lib/python2.7/site- packages/ipaserver/install/dogtaginstance.py", line 201, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python2.7/site- packages/ipaserver/install/dogtaginstance.py", line 465, in handle_setup_error raise RuntimeError("%s configuration failed." % self.subsystem) RuntimeError: CA configuration failed. 2016-01-13T17:28:19Z DEBUG [error] RuntimeError: CA configuration failed. 2016-01-13T17:28:19Z DEBUG File "/usr/lib/python2.7/site- packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 311, in run It looks to me that the original, first install version 3.0 system is generating a bad gpg file. Will a reinstall of the orginal cert file solve this? If so, where and what is the best procedure? Is there a way to add CA capability to an existing master replicant by reusing it's original replica.gpg file? Background: the old v3.0 system runs on a virtual machine (ovirt). The physical host had a series of "bad days" that involved multiple crashes and lock-ups that were ultimately attributed to insufficient cooling of the RAID card. It is suspected that the data was scrambled on the drive. The original cert is backed up but the remaining machine backups are of dubious quality (long story - bad week at the datacenter). This is the last system on old hardware that was hit when the datacenter cooling totally failed and erased all the backups. Some days your're the pigeon, some days you're the statue. -- Jim Kinney Senior System Administrator 36 Eagle Row Suite 588 Department of Biomedical Informatics Emory University School of Medicine [email protected] 404-712-0300
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
