[Freeipa-users] Failed installation
Bret Wortman
bret.wortman at damascusgrp.com
Wed Oct 17 22:26:30 UTC 2012
I think I have SELinux turned off but will double-check in the morning. And reply to the list....
--
Bret Wortman
http://bretwortman.com/
http://twitter.com/bretwortman
On Wednesday, October 17, 2012 at 3:17 PM, Rob Crittenden wrote:
> Bret Wortman wrote:
> > Now it appears that whatever is supposed to be running on port 9445
> > (looks like mindarray-ca) isn't running, and I'm not sure how it gets
> > started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA
> > test box I first set up, and it's running on the test box but not the
> > new one. Where should I look next?
> >
>
>
> See if there are any SELinux denials: ausearch -m AVC
>
> It looks like tomcat failed to start. The logs are in /var/log/pki-ca.
>
> rob
>
> >
> > On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
> > <bret.wortman at damascusgrp.com <mailto:bret.wortman at damascusgrp.com>> wrote:
> >
> > Spot on. It was a fresh install of F17 and I neglected to # yum
> > update first. I've done so, rebooted, and am trying again with
> > better results.
> >
> >
> > On Wed, Oct 17, 2012 at 1:45 PM, John Dennis <jdennis at redhat.com
> > <mailto:jdennis at redhat.com>> wrote:
> >
> > On 10/17/2012 12:40 PM, Bret Wortman wrote:
> >
> > I recently tried installing freeipa on a new server, but
> > ipa-server-install had problems around this point:
> >
> > Configuring certificate server: Estimated time 3 minutes 30
> > seconds
> > [1/18]: creating certificate server user
> > [2/18]: creating pki-ca instance
> > [3/18]: configuring certificate server instance
> > ipa : CRITICAL failed to configure ca instance Command
> > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> > fs1.wedgeofli.me <http://fs1.wedgeofli.me>
> > <http://fs1.wedgeofli.me> -cs_port 9445
> >
> > -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX
> > -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user
> > admin
> > -admin_email root at localhost -admin_XXXXXXXX XXXXXXXX -agent_name
> > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
> > -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
> > <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME>
> > -ldap_host fs1.wedgeofli.me <http://fs1.wedgeofli.me>
> > <http://fs1.wedgeofli.me> -ldap_port 7389
> >
> > -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX
> > -base_dn o=ipaca
> > -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
> > SHA256withRSA
> > -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad
> > -token_name
> > internal -ca_subsystem_cert_subject___name CN=CA
> > Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> > <http://WEDGEOFLI.ME> -ca_ocsp_cert_subject_name CN=OCSP
> > Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> > <http://WEDGEOFLI.ME>
> > -ca_server_cert_subject_name CN=fs1.wedgeofli.me
> > <http://fs1.wedgeofli.me>
> > <http://fs1.wedgeofli.me>,O=WE__DGEOFLI.ME
> > <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME>
> > -ca_audit_signing_cert___subject_name CN=CA
> > Audit,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> > <http://WEDGEOFLI.ME> -ca_sign_cert_subject_name CN=Certificate
> > Authority,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> > <http://WEDGEOFLI.ME> -external false -clone
> >
> > false' returned non-zero exit status 255
> > Unexpected error - see ipaserver-install.log for details:
> > Configuration of CA failed
> > [root at fs1 ~]#
> >
> > The logfile revealed the following stack trace:
> >
> > ##############################__###############
> > Attempting to connect to: fs1.wedgeofli.me:9445
> > <http://fs1.wedgeofli.me:9445>
> > <http://fs1.wedgeofli.me:9445>
> >
> > Exception in LoginPanel(): java.lang.NullPointerException
> > ERROR: ConfigureCA: LoginPanel() failure
> > ERROR: unable to create CA
> >
> > ##############################__##############################__###########
> >
> > 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
> > Request:java.net <http://java.net>.__ConnectException:
> > Connection refused
> > java.net.ConnectException: Connection refused
> > at java.net.PlainSocketImpl.__socketConnect(Native Method)
> > at
> > java.net
> > <http://java.net>.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339)
> > at
> > java.net
> > <http://java.net>.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200)
> > at
> > java.net
> > <http://java.net>.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182)
> > at
> > java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391)
> > at java.net.Socket.connect(__Socket.java:579)
> > at java.net.Socket.connect(__Socket.java:528)
> > at java.net.Socket.<init>(Socket.__java:425)
> > at java.net.Socket.<init>(Socket.__java:241)
> > at HTTPClient.sslConnect(__HTTPClient.java:326)
> > at ConfigureCA.LoginPanel(__ConfigureCA.java:244)
> > at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
> > at ConfigureCA.main(ConfigureCA.__java:1672)
> > java.lang.NullPointerException
> > at ConfigureCA.LoginPanel(__ConfigureCA.java:245)
> > at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
> > at ConfigureCA.main(ConfigureCA.__java:1672)
> >
> > Now I seem to be stuck. I tried uninstalling the
> > freeipa-server package
> > with # yum remove freeipa-server and then reinstalled it the
> > same way,
> > but ipa-server-install won't run no matter what I attempt.
> >
> > Any thoughts? I'm pretty new to IPA.
> >
> >
> > There is a good chance this is due to a version mismatch between
> > the IPA packages and the dogtag packages. You didn't mention
> > which OS you're using nor the versions of the relevant packages,
> > that would have been helpful. In any event I would make sure all
> > your packages are up to date.
> >
> >
> > --
> > John Dennis <jdennis at redhat.com <mailto:jdennis at redhat.com>>
> >
> >
> > Looking to carve out IT costs?
> > www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
> >
> >
> >
> >
> > --
> > Bret Wortman
> > The Damascus Group
> > Fairfax, VA
> > http://bretwortman.com/
> > http://twitter.com/BretWortman
> >
> >
> >
> >
> > --
> > Bret Wortman
> > The Damascus Group
> > Fairfax, VA
> > http://bretwortman.com/
> > http://twitter.com/BretWortman
> >
> >
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121017/5cd36b5e/attachment.htm>
More information about the Freeipa-users
mailing list