<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/28/2014 07:52 AM, Bret Wortman
wrote:<br>
</div>
<blockquote cite="mid:535E4104.1040509@damascusgrp.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
I'm trying to stand up a new ipa server on a clean box, and I keep
getting this error so _something_ is amiss but I'm not sure what:<br>
<br>
<tt>:</tt><tt><br>
</tt><tt>Configuring certificate server (pki-tomcatd): Estimated
time 3 minutes 30 seconds</tt><tt><br>
</tt><tt> [1/22]: creating certificate server user</tt><tt><br>
</tt><tt> [2/22]: configuring certificate server instance</tt><tt><br>
</tt><tt>ipa : CRITICAL failed to configure ca instance
Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned
non-zero exit status 1</tt><tt><br>
</tt><tt>Configuration of CA failed</tt><tt><br>
</tt><tt>#</tt><br>
<br>
In the /var/log/ipaserver-install.log, I see this:<br>
<br>
<tt>:</tt><tt><br>
</tt><tt>:</tt><tt><br>
</tt><tt>Installing CA into /var/lib/pki/pki-tomcat.</tt><tt><br>
</tt><tt><br>
</tt><tt>Installation failed.</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
</tt><tt>2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR
........ PKI subsystem 'CA' for instance 'pki-tomcat' already
exists!</tt><tt><br>
</tt><tt><br>
</tt><tt>2014-04-28T11:432:46Z CRITICAL failed to configure ca
instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20'
returned non-zero exit status 1</tt><tt><br>
</tt><tt>2014-04-28T11:43:46Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 622, in run_script</tt><tt><br>
</tt><tt> return_value = main_function()</tt><tt><br>
</tt><tt><br>
</tt><tt> File "/usr/sbin/ipa-server-install", line 1074, in main</tt><tt><br>
</tt><tt> dm_password, subject_base=options.subject)</tt><tt><br>
</tt><tt><br>
</tt><tt> File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 478, in configure_instance</tt><tt><br>
</tt><tt> self.start_creation(runtime=210)</tt><tt><br>
</tt><tt><br>
</tt><tt> File
"/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
line 364, in start_creation</tt><tt><br>
</tt><tt> method()</tt><tt><br>
</tt><tt><br>
</tt><tt> File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 604, in __spawn_instance</tt><tt><br>
</tt><tt> raise RUntimeError('Configuration of CA failed')</tt><tt><br>
</tt><tt>:</tt><tt><br>
</tt><tt>:</tt><tt><br>
</tt><br>
So it looks like somehow this has gotten configured already.
Possibly Puppet copied over something it shouldn't have. What do I
need to remove to make this step work without removing so much
that I render something inoperable?<br>
<br>
<br>
</blockquote>
Run uninstall several times. Each time uninstall might clean next
portion and untangle things so trying to do it several times pays
off.<br>
Then check if there is a DS instance for PKI. If there is remove it
and try again.<br>
<br>
<blockquote cite="mid:535E4104.1040509@damascusgrp.com" type="cite">
<div class="moz-signature">-- <br>
<div><b>Bret Wortman</b></div>
<div><img src="cid:part1.08070000.00010404@redhat.com"
height="53/" width="200"><br>
</div>
<div><a moz-do-not-send="true" href="http://damascusgrp.com/">http://damascusgrp.com/</a><br>
</div>
<div><a moz-do-not-send="true"
href="http://about.me/wortmanbret">http://about.me/wortmanbret</a><br>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>