On Sat, Jan 13, 2018 at 11:09:59AM +0100, Aljaž Srebrnič via FreeIPA-users wrote:
Yesterday I tried migrating a physical machine (ipa1) that was a FreeIPA CA CRL master in
my VM cluster. I followed the guide at  to migrate che CRL master to another replica
(ipa2) and uninstalled the replica ipa1. Then I set up a VM with the same hostname and IP
address as the physical machine, and installed Fedora 27.
When I tried setting up the replica with CA, the install stopped at:
[4/25]: configuring certificate server instance
What does "stopped" mean? Did it hang, or exit with error?
And in my /var/log/pki/pki-tomcat/ca/debug I see a bunch of log
entries like this, with increasing time stamps:
Unable to read key retriever class from CS.cfg: Property
features.authority.keyRetrieverClass missing value
Retrying in 14778 seconds
I checked the /etc/pki/pki-tomcat/ca/CS.cfg file and I don’t actually have that entry at
all, I only have:
However, if I manually add them by copying the value from the good replica, nothing
changes and the installer is still blocked on that line (maybe the CS.cfg file isn’t
re-read on each retry).
Moreover, it looks like that file (CS.cfg) is generated by the installer script…
How can I solve this?
Please file a ticket and attach logs; in particular: