On Fri, Jun 28, 2019 at 8:14 PM Karim Bourenane via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hello All
I have follow the step from stepes from Freeipa web + Redhat to prepare the replicat by
commands :
DNS+Reverse : OK
On IPA Master : ipa-replica-prepare --password=XXXXX
replicat.example.com
Scp the Gpg file from the Master to slave/replicat as root to /var/lib/ipa
This is not needed if your domain is running domain level 1.
This is explained in the official documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
See:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
and
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
for more information on domain level.
Please check whether your domain is DL0 and DL1 first.
On IPA Replicat : ipa-replica-install --password=XXXXX
/var/lib/ipa/replica-fil.gpg --setup-kra --setup-ca --setup-dns --no-forwarders
After several secondes, the installation stop on stage :
[1/28] Configuring centificat server instaance
The first ERROR line: ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA
instance: Command '/usr/sbin/pkispanw -s CA -f /tmp/tmMg7KE' returned non-zero
exist statut 1
The second ERROR line: ipaserver.install.dogtaginstance: CRITICAL See installation....
To diagnose this further we would need /var/log/ipa*log as noted in
the message - but see below.
The third ERROR line : ipaserver.install.dogtaginstance:CRITICAL
[error] RuntimeError: CA configuration failed.
My IPA Master was in Centos 7.3 IPA:v4.5.0
The replica server in Centos 7.6 IPA:v4.6.4
You should upgrade the cluster so that all currently running hosts are
running the same system and packages before adding new hosts.
See also the considerations for updating IPA:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
> Can you help to resolve this pb ?
>
> Regards
>
> Mr Karim Bourenane
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...