<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 04/28/2014 07:52 AM, Bret Wortman wrote:<br> </div> <blockquote cite="mid:535E4104.1040509@damascusgrp.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> I'm trying to stand up a new ipa server on a clean box, and I keep getting this error so _something_ is amiss but I'm not sure what:<br> <br> <tt>:</tt><tt><br> </tt><tt>Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds</tt><tt><br> </tt><tt> [1/22]: creating certificate server user</tt><tt><br> </tt><tt> [2/22]: configuring certificate server instance</tt><tt><br> </tt><tt>ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1</tt><tt><br> </tt><tt>Configuration of CA failed</tt><tt><br> </tt><tt>#</tt><br> <br> In the /var/log/ipaserver-install.log, I see this:<br> <br> <tt>:</tt><tt><br> </tt><tt>:</tt><tt><br> </tt><tt>Installing CA into /var/lib/pki/pki-tomcat.</tt><tt><br> </tt><tt><br> </tt><tt>Installation failed.</tt><tt><br> </tt><tt><br> </tt><tt><br> </tt><tt>2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR ........ PKI subsystem 'CA' for instance 'pki-tomcat' already exists!</tt><tt><br> </tt><tt><br> </tt><tt>2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1</tt><tt><br> </tt><tt>2014-04-28T11:43:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script</tt><tt><br> </tt><tt> return_value = main_function()</tt><tt><br> </tt><tt><br> </tt><tt> File "/usr/sbin/ipa-server-install", line 1074, in main</tt><tt><br> </tt><tt> dm_password, subject_base=options.subject)</tt><tt><br> </tt><tt><br> </tt><tt> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 478, in configure_instance</tt><tt><br> </tt><tt> self.start_creation(runtime=210)</tt><tt><br> </tt><tt><br> </tt><tt> File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line 364, in start_creation</tt><tt><br> </tt><tt> method()</tt><tt><br> </tt><tt><br> </tt><tt> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 604, in __spawn_instance</tt><tt><br> </tt><tt> raise RUntimeError('Configuration of CA failed')</tt><tt><br> </tt><tt>:</tt><tt><br> </tt><tt>:</tt><tt><br> </tt><br> So it looks like somehow this has gotten configured already. Possibly Puppet copied over something it shouldn't have. What do I need to remove to make this step work without removing so much that I render something inoperable?<br> <br> <br> </blockquote> Run uninstall several times. Each time uninstall might clean next portion and untangle things so trying to do it several times pays off.<br> Then check if there is a DS instance for PKI. If there is remove it and try again.<br> <br> <blockquote cite="mid:535E4104.1040509@damascusgrp.com" type="cite"> <div class="moz-signature">-- <br> <div><b>Bret Wortman</b></div> <div><img src="cid:part1.08070000.00010404@redhat.com" height="53/" width="200"><br> </div> <div><a moz-do-not-send="true" href="http://damascusgrp.com/">http://damascusgrp.com/</a><br> </div> <div><a moz-do-not-send="true" href="http://about.me/wortmanbret">http://about.me/wortmanbret</a><br> <br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </body> </html>