Hello the List,
I'm successfully replicating IPA and DNS across two sites, however when I
try and replicate CA it fails:
[root@ipa01 pki]# ipa-ca-install
Directory Manager (existing master) password:
Run connection check to master
Connection check OK
/usr/lib/python2.7/site-packages/urllib3/connection.py:251: SecurityWarning:
Certificate has no `subjectAltName`, falling back to check for a
`commonName` for now. This feature is being removed by major browsers and
deprecated by RFC 2818. (See
https://github.com/shazow/urllib3/issues/497
for details.)
SecurityWarning
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/25]: creating certificate server db
[2/25]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded
[3/25]: creating installation admin user
[4/25]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA
instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpaJdg1W' returned
non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
CA configuration failed.
When I check the logs in /var/log/ipareplica-ca-install.log
<snip all good>
2018-08-02T04:40:15Z DEBUG Starting external process
2018-08-02T04:40:15Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpaJdg1W
2018-08-02T04:45:31Z DEBUG Process finished, return code=1
2018-08-02T04:45:31Z DEBUG stdout=Log file:
/var/log/pki/pki-ca-spawn.20180802044015.log
Loading deployment configuration from /tmp/tmpaJdg1W.
WARNING: The 'pki_ssl_server_nickname' in [CA] has been deprecated. Use
'pki_sslserver_nickname' instead.
WARNING: The 'pki_ssl_server_subject_dn' in [CA] has been deprecated. Use
'pki_sslserver_subject_dn' instead.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Importing certificates from /tmp/ca.p12:
<snip a certificate>
Installation failed:
Please check the CA logs in q.
2018-08-02T04:45:31Z DEBUG stderr=
2018-08-02T04:45:31Z CRITICAL Failed to configure CA instance: Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpaJdg1W
' returned non-zero exit status 1
2018-08-02T04:45:31Z CRITICAL See the installation logs and the following
files/directories for more information:
2018-08-02T04:45:31Z CRITICAL /var/log/pki/pki-tomcat
2018-08-02T04:45:31Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 616, in __spawn_instance
self.tmp_agent_pwd)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line
148, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line
386, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
2018-08-02T04:45:31Z DEBUG [error] RuntimeError: CA configuration failed.
2018-08-02T04:45:31Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line
998,
in run_script
return_value = main_function()
File "/sbin/ipa-ca-install", line 309, in main
promote(safe_options, options, filename)
File "/sbin/ipa-ca-install", line 277, in promote
install_replica(safe_options, options, filename)
File "/sbin/ipa-ca-install", line 207, in install_replica
ca.install(True, config, options, custodia=custodia)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 202,
in install
install_step_0(standalone, replica_config, options, custodia=custodia)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 279,
in install_step_0
use_ldaps=standalone)
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 448, in configure_instance
self.start_creation(runtime=runtime)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 616, in __spawn_instance
self.tmp_agent_pwd)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line
148, in spawn_instance
self.handle_setup_error(e)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line
386, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
2018-08-02T04:45:31Z DEBUG The ipa-ca-install command failed, exception:
RuntimeError: CA configuration failed.