man ipa-kra-install states:
man ipa-kra-install
A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
If this is not followed, and an old replica file is used, the system goes into an unusable state:
$ sudo ipa-kra-install /home/pviktori/replica-infos/replica-info-vm-073.idm.lab.eng.brq.redhat.com.gpg Directory Manager password: =================================================================== This program will setup Dogtag KRA for the FreeIPA Server. Configuring KRA server (pki-tomcatd): Estimated time 2 minutes 6 seconds [1/4]: configuring KRA instance failed to configure KRA instance Command ''/usr/sbin/pkispawn' '-s' 'KRA' '-f' '/tmp/tmpEVEeeJ'' returned non-zero exit status 1 Your system may be partly configured. Run ipa-kra-install --uninstall to clean up. Configuration of KRA failed $ sudo ipa-kra-install --uninstall Usage: ipa-kra-install [options] [replica_file] ipa-kra-install: error: Cannot uninstall. There is no KRA installed on this system. $ sudo ipa-kra-install /home/pviktori/replica-infos/replica-info-vm-073.idm.lab.eng.brq.redhat.com.gpg Directory Manager password: =================================================================== This program will setup Dogtag KRA for the FreeIPA Server. Your system may be partly configured. Run ipa-kra-install --uninstall to clean up. A KRA is already configured on this system.
master:
Metadata Update from @pviktori: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.