ipa-replica-install picks wrong replica for CA initial replication

Solution Unverified - Updated -

Issue

During ipa redeployment even if a server is specified to ipa-replica-install for initial replication with --server test0.example.com or via the locations feature it sometimes picks another replica like test1.example.com as the initial master for CA replication. If some replicas are firewalled from each other this may fail.

# ipa-replica-install --setup-dns --no-forwarders --setup-ca
ipaserver.install.server.replicainstall: ERROR    Could not resolve hostname <>.example.com using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.)
Continue? [no]: 
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa2ython.admintool: ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content