[Freeipa-devel] ipa-kra-install at domain level 0
Oleg Fayans
ofayans at redhat.com
Wed Nov 11 08:26:36 UTC 2015
Hi all,
when running ipa-kra-install on a replica with domain level 0 and with
replica file proivided, I get the following error:
$ ipa-kra-install -U -p <dirman_pass>
/home/ofayans/ipatests/replica-info.gpg
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
Too many parameters provided. No replica file is required.
The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information
---------------------------------------------------------------------
However, when I issue the same command without the replica file, the
installation starts, but fails in the middle, without any reasonable
error message that I do need a replica file:
$ ipa-kra-install -p <dirman_pass> -U
===================================================================
This program will setup Dogtag KRA for the FreeIPA Server.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds
[1/8]: configuring KRA instance
Failed to configure KRA instance: Command ''/usr/sbin/pkispawn' '-s'
'KRA' '-f' '/tmp/tmpPQGCs0'' returned non-zero exit status 1
See the installation logs and the following files/directories for more
information:
/var/log/pki-ca-install.log
/var/log/pki/pki-tomcat
[error] RuntimeError: KRA configuration failed.
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
KRA configuration failed.
The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information
--------------------------------------------------------------------
Both logs are attached
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
-------------- next part --------------
2015-11-11T08:20:24Z DEBUG Logging to /var/log/ipaserver-kra-install.log
2015-11-11T08:20:24Z DEBUG ipa-kra-install was invoked with arguments [] and options: {'verbose': False, 'no_host_dns': False, 'quiet': False, 'log_file': None, 'unattended': True, 'uninstall': False}
2015-11-11T08:20:24Z DEBUG IPA version 4.2.90.201511101521GITc339abb-0.fc22
2015-11-11T08:20:25Z DEBUG Created connection context.ldap2_139715914147472
2015-11-11T08:20:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2015-11-11T08:20:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2015-11-11T08:20:25Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2015-11-11T08:20:25Z DEBUG Trying to find certificate subject base in sysupgrade
2015-11-11T08:20:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2015-11-11T08:20:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2015-11-11T08:20:25Z DEBUG Found certificate subject base in sysupgrade: O=IDM.LAB.ENG.BRQ.REDHAT.COM
2015-11-11T08:20:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2015-11-11T08:20:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2015-11-11T08:20:25Z DEBUG Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds
2015-11-11T08:20:25Z DEBUG [1/8]: configuring KRA instance
2015-11-11T08:20:25Z DEBUG Contents of pkispawn configuration file (/tmp/tmpPQGCs0):
[KRA]
pki_security_domain_https_port = 443
pki_security_domain_password = XXXXXXXX
pki_security_domain_user = admin
pki_issuing_ca_uri = https://vm-070.idm.lab.eng.brq.redhat.com:443
pki_enable_proxy = True
pki_restart_configured_instance = False
pki_backup_keys = True
pki_backup_password = XXXXXXXX
pki_client_database_dir = /tmp/tmp-eb6gBl
pki_client_database_password = XXXXXXXX
pki_client_database_purge = False
pki_client_pkcs12_password = XXXXXXXX
pki_admin_name = admin
pki_admin_uid = admin
pki_admin_email = root at localhost
pki_admin_password = XXXXXXXX
pki_admin_nickname = ipa-ca-agent
pki_admin_subject_dn = cn=ipa-ca-agent,O=IDM.LAB.ENG.BRQ.REDHAT.COM
pki_import_admin_cert = True
pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert
pki_client_admin_cert_p12 = /root/ca-agent.p12
pki_ds_ldap_port = 389
pki_ds_password = XXXXXXXX
pki_ds_base_dn = o=kra,o=ipaca
pki_ds_database = ipaca
pki_ds_create_new_db = False
pki_subsystem_subject_dn = cn=CA Subsystem,O=IDM.LAB.ENG.BRQ.REDHAT.COM
pki_ssl_server_subject_dn = cn=vm-070.idm.lab.eng.brq.redhat.com,O=IDM.LAB.ENG.BRQ.REDHAT.COM
pki_audit_signing_subject_dn = cn=KRA Audit,O=IDM.LAB.ENG.BRQ.REDHAT.COM
pki_transport_subject_dn = cn=KRA Transport Certificate,O=IDM.LAB.ENG.BRQ.REDHAT.COM
pki_storage_subject_dn = cn=KRA Storage Certificate,O=IDM.LAB.ENG.BRQ.REDHAT.COM
pki_subsystem_nickname = subsystemCert cert-pki-ca
pki_ssl_server_nickname = Server-Cert cert-pki-ca
pki_audit_signing_nickname = auditSigningCert cert-pki-kra
pki_transport_nickname = transportCert cert-pki-kra
pki_storage_nickname = storageCert cert-pki-kra
pki_share_db = True
pki_share_dbuser_dn = uid=pkidbuser,ou=people,o=ipaca
2015-11-11T08:20:25Z DEBUG Starting external process
2015-11-11T08:20:25Z DEBUG args='/usr/sbin/pkispawn' '-s' 'KRA' '-f' '/tmp/tmpPQGCs0'
2015-11-11T08:20:53Z DEBUG Process finished, return code=1
2015-11-11T08:20:53Z DEBUG stdout=Log file: /var/log/pki/pki-kra-spawn.20151111092025.log
Loading deployment configuration from /tmp/tmpPQGCs0.
Installing KRA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg.
Installation failed.
2015-11-11T08:20:53Z DEBUG stderr=/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
2015-11-11T08:20:53Z CRITICAL Failed to configure KRA instance: Command ''/usr/sbin/pkispawn' '-s' 'KRA' '-f' '/tmp/tmpPQGCs0'' returned non-zero exit status 1
2015-11-11T08:20:53Z CRITICAL See the installation logs and the following files/directories for more information:
2015-11-11T08:20:53Z CRITICAL /var/log/pki-ca-install.log
2015-11-11T08:20:53Z CRITICAL /var/log/pki/pki-tomcat
2015-11-11T08:20:53Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 445, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 435, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/krainstance.py", line 262, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 207, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 470, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: KRA configuration failed.
2015-11-11T08:20:53Z DEBUG [error] RuntimeError: KRA configuration failed.
2015-11-11T08:20:53Z ERROR
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
2015-11-11T08:20:53Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py", line 226, in run
self._run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py", line 222, in _run
kra.install(api, config, self.options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/kra.py", line 70, in install
options.dm_password, subject_base=subject)
File "/usr/lib/python2.7/site-packages/ipaserver/install/krainstance.py", line 132, in configure_instance
self.start_creation(runtime=126)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 445, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 435, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/krainstance.py", line 262, in __spawn_instance
DogtagInstance.spawn_instance(self, cfg_file)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 207, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 470, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
2015-11-11T08:20:53Z DEBUG The ipa-kra-install command failed, exception: RuntimeError: KRA configuration failed.
2015-11-11T08:20:53Z ERROR KRA configuration failed.
2015-11-11T08:20:53Z ERROR The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information
-------------- next part --------------
2015-11-11T08:12:07Z DEBUG Logging to /var/log/ipaserver-kra-install.log
2015-11-11T08:12:07Z DEBUG ipa-kra-install was invoked with arguments ['/home/ofayans/ipatests/replica-info.gpg'] and options: {'verbose': False, 'no_host_dns': False, 'quiet': False, 'log_file': None, 'unattended': True, 'uninstall': False}
2015-11-11T08:12:07Z DEBUG IPA version 4.2.90.201511101521GITc339abb-0.fc22
2015-11-11T08:12:08Z ERROR
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
2015-11-11T08:12:08Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py", line 226, in run
self._run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py", line 176, in _run
raise RuntimeError("Too many parameters provided. "
2015-11-11T08:12:08Z DEBUG The ipa-kra-install command failed, exception: RuntimeError: Too many parameters provided. No replica file is required.
2015-11-11T08:12:08Z ERROR Too many parameters provided. No replica file is required.
2015-11-11T08:12:08Z ERROR The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information
More information about the Freeipa-devel
mailing list