On 04/10/2018 04:30 PM, Hillar Aarelaid wrote:
On 10. apr 2018, at 15:05, Florence Blanc-Renaud flo@redhat.com wrote:
I would start by checking if all the certificates are up-to-date, especially subsystemCert cert-pki-ca.
sorry, i did not touch any certificates.
Hi,
(re-adding the mailing in copy) the certificates may have expired between the time you did the backup and reinstalled.
What is the output of ipactl status? If only pki-tomcatd fails to start, then the logs from /var/log/pki/pki-tomcat/ca may provide more information.
Flo
it was simple ipa-backup->ipa-restore as described in https://www.freeipa.org/page/Backup_and_Restore#Server_Loss_Cases i had _single_ server and (by scenario 'Catastrophic hardware failure') i lost it so i start with new server from scratch... i followed https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... as it says: "Important It is recommended that you uninstall a server before performing a full-server restore on it." i tried a) ipa-server-install and then uninstall and then ipa-restore b) no ipa-server-install, straight to ipa-restore
and always ended up with tomcat not starting it seems that most was restored, as i can do kinit with previously existed users and i can find them with ldapsearch but command line "ipa whatever-command" fail, so ;( ;( ;(
Hillar
#ref https://github.com/hillar/detektiven/blob/master/vagans/createFedoraIPA.bash...
freeipa-users@lists.fedorahosted.org