[Freeipa-users] CA replica installation failure
Dan Scott
danieljamesscott at gmail.com
Tue Feb 28 02:06:55 UTC 2012
Hi,
I'm having another problem with replica installation - just the CA this time
It looks like there's a problem with SELinux and the pki-ca service:
After configuration, the server can be operated by the command:
/bin/systemctl restart pki-cad at pki-ca.service
2012-02-27 20:33:45,729 DEBUG stderr=[error] Failed setting selinux
context pki_ca_port_t for 9180. Port already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9701. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9443. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9444. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9446. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9445. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9447. Port
already defined otherwise.
[error] FAILED run_command("/bin/systemctl restart
pki-cad at pki-ca.service"), exit status=1 output="Job failed. See system
logs and 'systemctl status' for details."
2012-02-27 20:33:45,729 DEBUG duration: 6 seconds
2012-02-27 20:33:45,730 DEBUG [3/11]: configuring certificate server instance
[clip]
2012-02-27 20:33:46,159 DEBUG stdout=libpath=/usr/lib64
#######################################################################
CRYPTO INIT WITH CERTDB:/tmp/tmp-cDdVph
tokenpwd:XXXXXXXX
#############################################
Attempting to connect to: fileserver3.example.com:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA
#######################################################################
2012-02-27 20:33:46,159 DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384)
at java.net.Socket.connect(Socket.java:546)
at java.net.Socket.connect(Socket.java:495)
at java.net.Socket.<init>(Socket.java:392)
at java.net.Socket.<init>(Socket.java:235)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
/var/log/messages contains the following:
Feb 27 20:40:45 localhost kpasswd[2198]: Error receiving request (104)
Connection reset by peer
Feb 27 20:57:26 localhost pkicontrol[2778]: /usr/bin/runcon: invalid
context: system_u:system_r:pki_ca_script_t:s0: Invalid argument
Feb 27 20:57:26 localhost systemd[1]: pki-cad at pki-ca.service: control
process exited, code=exited status=1
Feb 27 20:57:26 localhost systemd[1]: Unit pki-cad at pki-ca.service
entered failed state.
This is a fresh install of Fedora 16. There are no updates to apply.
Any ideas?
One more thing. Is there a way to remove and reinstall just the CA? Or
do I have to completely remove and re-install the entire IPA replica?
i.e. Is there something like ipa-ca-install --uninstall I couldn't see
the option anywhere.
Thanks,
Dan
More information about the Freeipa-users
mailing list