Hi guys.
I'm trying to add replica but process bellies up early with: -> $ ipa-replica-install --setup-dns --setup-kra --no-forwarders Lookup failed: Preferred host c8kubermaster1.private.lot does not provide DNS. Reverse DNS resolution of address 10.3.1.222 (c8kubermaster2.private.lot) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) Continue? [no]: yes Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
Dogtag CA is not installed. Please install the CA first The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information ..
First errors in log I spot: ... 2021-10-27T23:27:06Z DEBUG Starting external process 2021-10-27T23:27:06Z DEBUG args=['pki-server', 'subsystem-show', 'kra'] 2021-10-27T23:27:06Z DEBUG Process finished, return code=1 2021-10-27T23:27:06Z DEBUG stdout=
What is the culprit here? many thanks, L
lejeczek via FreeIPA-users wrote:
Hi guys.
I'm trying to add replica but process bellies up early with: -> $ ipa-replica-install --setup-dns --setup-kra --no-forwarders Lookup failed: Preferred host c8kubermaster1.private.lot does not provide DNS. Reverse DNS resolution of address 10.3.1.222 (c8kubermaster2.private.lot) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) Continue? [no]: yes Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
Dogtag CA is not installed. Please install the CA first The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information ..
First errors in log I spot: ... 2021-10-27T23:27:06Z DEBUG Starting external process 2021-10-27T23:27:06Z DEBUG args=['pki-server', 'subsystem-show', 'kra'] 2021-10-27T23:27:06Z DEBUG Process finished, return code=1 2021-10-27T23:27:06Z DEBUG stdout=
What is the culprit here?
You can't install the KRA as standalone. It needs the CA installed as well.
rob
freeipa-users@lists.fedorahosted.org
-
lejeczek -
Rob Crittenden