Hi,
I have the same issue right now... I had two working replicas, and I tried to add the third one. But due to some issues with ansible playbook, the installation of that third replica failed in the middle (I believe ansible lost SSH connection somewhere in the middle). That obviously left the new replica in kinda undefined state, which is not my issue. My issue is that it affected WebUI of both other two replicas.
Exactly as the others report, I can no longer login to the WebUI. It says "invalid 'PKINIT enabled server': all masters must have IPA master role enabled" and then throws an exception:
TypeError: Cannot read property 'ipapwdexpadvnotify' of undefined at Object.y.update_password_expiration (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1...) at Object.start_runtime (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1...) at Object.<anonymous> (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1...) at https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1... at Object.forEach (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=40604:1...) at Object._run_phase (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1...) at Object.next_phase (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1...) at Object.<anonymous> (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?40604:1...) at c (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=40604:1...) at e.extend.then.then.t.then (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=40604:1...)
All the commands offered in this thread give me the same error so far: "invalid 'PKINIT enabled server': all masters must have IPA master role enabled"
Fortunately, it seems that the domain services keep working fine, users can login etc. But WebUI is dead, and the failed replica is stuck in the list of ipa-replica-manage...
Sounds like a bug...?
-- Regards, Dmitry Perets.
"The more one knows, the less opinions he shares" -- Wilhelm Schwebel
Sorry, this was actually my response to another thread, but due to some issue, it was posted like a separate thread... I think it was caused by GMAIL that popped up when I tried to reply. @moderators, if possible, please delete this...
On ma, 18 maalis 2019, Dmitry Perets via FreeIPA-users wrote:
Sorry, this was actually my response to another thread, but due to some issue, it was posted like a separate thread... I think it was caused by GMAIL that popped up when I tried to reply. @moderators, if possible, please delete this...
Could you please use an email client and quote a context around the response you do? Because when you are posting through HyperKitty web interface, no context is left whatsoever in the emails it sends to the list on your behalf and we are left confused what part of an email you are replying to.
I know it is possible to quote in HyperKitty web interface too but it seems to be totally cut out so no real context is available.
freeipa-users@lists.fedorahosted.org
-
Alexander Bokovoy -
Dmitry Perets