[Freeipa-users] FreeIPA_demonstration_tools CA creation error.

Ondrej Hamada ohamada at redhat.com
Thu Dec 15 20:02:01 UTC 2011 

On 12/14/2011 06:58 PM, Dmitri Pal wrote:
> On 12/14/2011 11:04 AM, Mercer, Rodney wrote:
>> I've been attempting to install the virtual machine setup from
>> http://freeipa.org/page/FreeIPA_demonstration_tools
>>
>> I install on fresh Fedora 15 x86_64 host, and I am able to complete the first two steps.
>>
>> When I run the last script,
>> ./ipa-demo.sh
>> I get from the ipa-demo-<date>.log
>> ----
>> CRITICAL:root:failed to configure ca instance
>> ----
>> and later in the log:
>> ----
>> Warning: skipping DNS resolution of host master.example.com
>> The IPA Master Server will be configured with
>> Hostname:    master.example.com
>> IP address:  192.168.122.32
>> Domain name: example.com
>> ----
>> and
>> ----
>> Configuring certificate server: Estimated time 3 minutes 30 seconds
>>    [1/17]: creating certificate server user
>>    [2/17]: creating pki-ca instance
>>    [3/17]: configuring certificate server instance
>> Unexpected error - see ipaserver-install.log for details:
>>   Configuration of CA failed
>> Server installation failed!
>> Domain f15-ipa-server destroyed
>>
>> Domain f15-ipa-server has been undefined
>> ----
>>
>> I see the dhcp address changing for master.example.com each time the script is run.
>> Is there a requirement for making the dhcp address consistent for master.example.com
>> and having the address in /etc/hosts so that it can reverse resolve via dnsmasq?
>>
>> Or does the DNS resolution of ip to host have any bearing on the certificate creation as I suspect?
>>
>>
> Consistent name resolution is a requirement for IPA.
> Ondrej, can you please take a closer look and see if this is something
> with the demo scripts or IPA itself?
I don't see a problem in scripts. When the virtual machines are created 
by ipa-demo, they acquire addresses from dhcp, then - before 
installation of freeipa - they're configured to use static addresses(the 
currently assigned ip address is chosen) and also the records are added 
into /etc/hosts.

I wasn't able to reproduce the problem on clean f15 x64, the 
installation was successful, but few errors like this one appeared:

ERROR:root:certmonger failed starting to track certificate: Command 
'/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert 
-p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1
root        : ERROR    certmonger failed starting to track certificate: 
Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n 
Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1
WARNING:root:remove: '60' not in nsslapd-pluginPrecedence


-- 
Regards,

Ondrej Hamada
FreeIPA team
jabber: ohama at jabbim.cz
IRC: ohamada

More information about the Freeipa-users mailing list