Hi all,

I would linke to reinstall a replica for my FreeIPA infra that has failed its ipa-server-upgrade after the updat’e of CentOS ipa-server-4.6.5-11.el7.centos.4.x86_64, a few days ago…

But everytime I try I get the following error on that machine :

Configuring ipa-custodia

[1/4]: Generating ipa-custodia config file

[2/4]: Generating ipa-custodia keys

[3/4]: starting ipa-custodia

[4/4]: configuring ipa-custodia to start on boot

Done configuring ipa-custodia.

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes

[1/29]: creating certificate server db

[2/29]: setting up initial replication

Starting replication, please wait until this has completed.

Update in progress, 4 seconds elapsed

Update succeeded

[3/29]: creating ACIs for admin

[4/29]: creating installation admin user

[5/29]: configuring certificate server instance

ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpjRZhjK' returned non-zero exit status 1

ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information:

ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat

[error] RuntimeError: CA configuration failed.

Your system may be partly configured.

Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipapython.admintool: ERROR CA configuration failed.

ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

I cannot find any relevant info in the logs to tell me what could be done…

Do you have an idea ?

---

Bernard Lheureux

Linux System Engineer

IT Infra

Nethys

Rue Fivé 150, B-4100 Seraing

GSM: +32-475-530311

http://www.nethys.be