Discussion:
[Freeipa-users] Help needed - CA Server role not adding
Chris Moody
2017-04-27 00:13:10 UTC
Permalink
Hello.

First wanted to thank everyone working hard to bring this awesome bundle
of applications to market. This is a great project and I really
appreciate the efforts.

I need a hand with a new 4.4.3 install that I'm still trying to flesh
out fully to support all the services I need.

I recently attempted to add the 'CA Server' Role to a node in a replica
pair.

I ran the 'ipa-ca-install' command on the node in question but in the
middle of the operation, it unfortunately bombed out due to memory
exhaustion. I have since doubled the RAM in the host, but I can no
longer get this system to proceed with the multitude of steps it
performs to enable this role.

When I type 'ipa server-role-find' it lists the 'CA Server' Role as
absent, but whenever I issue the command 'ipa-ca-install' to try and
re-instantiate the process of adding the role, it spits back out 'CA is
already installed on this host.'.

I'm not seeing a 'remove role' or 'force' option via any of the
tab-completed command options now available in 4.x nor is the man page
of much help. Online documentation as well seems to be in a state of
flux between the older 3.x docs and the new 4.x functionality.

Any help is appreciated.

Thanks,

-Chris
Rob Crittenden
2017-05-01 17:42:40 UTC
Permalink
Post by Chris Moody
Hello.
First wanted to thank everyone working hard to bring this awesome bundle
of applications to market. This is a great project and I really
appreciate the efforts.
I need a hand with a new 4.4.3 install that I'm still trying to flesh
out fully to support all the services I need.
I recently attempted to add the 'CA Server' Role to a node in a replica
pair.
I ran the 'ipa-ca-install' command on the node in question but in the
middle of the operation, it unfortunately bombed out due to memory
exhaustion. I have since doubled the RAM in the host, but I can no
longer get this system to proceed with the multitude of steps it
performs to enable this role.
When I type 'ipa server-role-find' it lists the 'CA Server' Role as
absent, but whenever I issue the command 'ipa-ca-install' to try and
re-instantiate the process of adding the role, it spits back out 'CA is
already installed on this host.'.
I'm not seeing a 'remove role' or 'force' option via any of the
tab-completed command options now available in 4.x nor is the man page
of much help. Online documentation as well seems to be in a state of
flux between the older 3.x docs and the new 4.x functionality.
At the moment the only way around this is to uninstall IPA master on
this server and re-run the installation.

rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Loading...