Hello,
I'm trying to add a CA replica to an already established "regular" replica
and am unable to do so. Can anyone point me to instructions for how to do
this? It seems like maybe some files need to be manually copied over from
the existing replica but none of the instructions that I've found mention
this. The existing CA is running 4.5.4 and the new replica is 4.7.0 (I'm
trying to migrate to 4.7.0 entirely.)
Regarding the output below, /var/log/pki/pki-tomcat does not exist and
there are only 2 uninteresting files in /var/log/pki.
Thanks.
# ipa-ca-install
Directory Manager (existing master) password:
ipaclient.install.ipa_certupdate: ERROR Failed to add lightweight CA
tracking requests
Traceback (most recent call last):
File
"/usr/lib/python3.6/site-packages/ipaclient/install/ipa_certupdate.py",
line 117, in run_with_args
cainstance.add_lightweight_ca_tracking_requests(lwcas)
File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py",
line 1914, in add_lightweight_ca_tracking_requests
pin=certmonger.get_pin('internal'),
File "/usr/lib/python3.6/site-packages/ipalib/install/certmonger.py",
line 672, in get_pin
with open(paths.PKI_TOMCAT_PASSWORD_CONF, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory:
'/etc/pki/pki-tomcat/password.conf'
Run connection check to master
Connection check OK
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/26]: creating certificate server db
[2/26]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded
[3/26]: creating ACIs for admin
[4/26]: creating installation admin user
[5/26]: configuring certificate server instance
ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance:
CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA',
'-f',
'/tmp/tmp0n1ii3z2'] returned non-zero exit status 1: '')
ipaserver.install.dogtaginstance: CRITICAL See the installation logs and
the following files/directories for more information:
ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
CA configuration failed.