Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1005446
Created attachment 795045 ipa ca install log file Description of problem: install is one master, and one replica After the master is installed, attempting to run ipa-ca-install on replica fails. Version-Release number of selected component (if applicable): ipa-server-3.3.1-2.el7.x86_64 How reproducible: always Steps to Reproduce: # On master: 1. /usr/sbin/ipa-server-install --setup-dns --forwarder=10.11.5.19 --hostname=qe-blade-04.testrelm.com -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123 -U 2. ipa-replica-prepare --ip-address=10.16.76.36 qe-blade-05.testrelm.com 3. copy gpg file to Replica # On Replica 4. ipa-replica-install --setup-dns /tmp/replica-info-qe-blade-05.testrelm.com.gpg 5. ipa-ca-install -p Secret123 -w Secret123 --skip-conncheck --unattended /tmp/replica-info-qe-blade-05.testrelm.com.gpg Actual results: [root@qe-blade-05 ~]# ipa-ca-install -p Secret123 -w Secret123 --skip-conncheck --unattended /tmp/replica-info-qe-blade-05.testrelm.com.gpg Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/18]: creating certificate server user [2/18]: configuring certificate server instance [3/18]: stopping certificate server instance to update CS.cfg [4/18]: disabling nonces [5/18]: set up CRL publishing [6/18]: starting certificate server instance Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. CA did not start in 120s Expected results: Additional info:
Got a clue what is the root cause when investigating it, assigning to myself.
attachment freeipa-mkosek-428-pki-installation-on-replica-failing-due-to-missing-p.patch
Patch freeipa-mkosek-428-pki-installation-on-replica-failing-due-to-missing-p.patch sent for review
master: dbfa715[[BR]] ipa-3-3: 75fe2f6
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)
Login to comment on this ticket.