[Freeipa-users] FreeIPA 3 rc1 sslget error
Pieter Baele
pieter.baele at gmail.com
Thu Sep 27 07:56:02 UTC 2012
Hi,
Two problems with FreeIPA 3 on an updated fedora 17 (updates-testing enabled)
1) dependency error for libsss_sudo
Error: Package: sudo-1.8.3p1-7.fc17.x86_64 (@updates)
Requires: libsss_sudo.so.0(EXPORTED)(64bit)
Removing: libsss_sudo-1.8.4-14.fc17.x86_64 (@updates)
libsss_sudo.so.0(EXPORTED)(64bit)
Updated By:
libsss_sudo-1.8.99-0.20120913T1717Zgitbb42eab.fc17.x86_64
(freeipa-devel)
Not found
Available: libsss_sudo-1.8.2-10.fc17.x86_64 (fedora)
libsss_sudo.so.0(EXPORTED)(64bit)
Error: Package: sudo-1.8.3p1-7.fc17.x86_64 (@updates)
Requires: libsss_sudo.so.0()(64bit)
Removing: libsss_sudo-1.8.4-14.fc17.x86_64 (@updates)
libsss_sudo.so.0()(64bit)
Updated By:
libsss_sudo-1.8.99-0.20120913T1717Zgitbb42eab.fc17.x86_64
(freeipa-devel)
Not found
Available: libsss_sudo-1.8.2-10.fc17.x86_64 (fedora)
libsss_sudo.so.0()(64bit)
2) some error on RA agent certificate issuing
[16/20]: issuing RA agent certificate
Unexpected error - see /var/log/ipaserver-install.log for details:
CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p
XXXXXXXX -d /tmp/tmp-1ItZiZ -r /ca/agent/ca/profileReview?requestId=7
ipa.nix.be:9443' returned non-zero exit status 6
3) if I then try to remove using --uninstall, I get this error
Unexpected error - see /var/log/ipaserver-uninstall.log for details:
CalledProcessError: Command '/bin/systemctl start messagebus.service'
returned non-zero exit status 1
DEBUG LOG (2)
=========
- 2012-09-27T07:22:01Z DEBUG [8/20]: fixing RA database permissions
2012-09-27T07:22:01Z DEBUG duration: 0 seconds
2012-09-27T07:22:01Z DEBUG [9/20]: setting up signing cert profile
2012-09-27T07:22:01Z DEBUG duration: 0 seconds
2012-09-27T07:22:01Z DEBUG [10/20]: set up CRL publishing
2012-09-27T07:22:01Z DEBUG args=/usr/sbin/selinuxenabled
2012-09-27T07:22:01Z DEBUG stdout=
2012-09-27T07:22:01Z DEBUG stderr=
2012-09-27T07:22:01Z DEBUG args=/usr/sbin/restorecon /var/lib/pki-ca/publish
2012-09-27T07:22:01Z DEBUG stdout=
2012-09-27T07:22:01Z DEBUG stderr=
2012-09-27T07:22:01Z DEBUG duration: 0 seconds
2012-09-27T07:22:01Z DEBUG [11/20]: set certificate subject base
2012-09-27T07:22:01Z DEBUG duration: 0 seconds
2012-09-27T07:22:01Z DEBUG [12/20]: enabling Subject Key Identifier
2012-09-27T07:22:01Z DEBUG duration: 0 seconds
2012-09-27T07:22:01Z DEBUG [13/20]: configuring certificate server
to start on boot
2012-09-27T07:22:01Z DEBUG args=/bin/systemctl is-enabled pki-cad.target
2012-09-27T07:22:01Z DEBUG stdout=disabled
2012-09-27T07:22:01Z DEBUG stderr=
2012-09-27T07:22:01Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-27T07:22:01Z DEBUG duration: 0 seconds
2012-09-27T07:22:01Z DEBUG [14/20]: restarting certificate server
2012-09-27T07:22:02Z DEBUG args=/bin/systemctl restart pki-cad at pki-ca.service
2012-09-27T07:22:02Z DEBUG stdout=
2012-09-27T07:22:02Z DEBUG stderr=
2012-09-27T07:22:02Z DEBUG args=/bin/systemctl is-active pki-cad at pki-ca.service
2012-09-27T07:22:02Z DEBUG stdout=active
2012-09-27T07:22:02Z DEBUG stderr=
2012-09-27T07:22:02Z DEBUG wait_for_open_ports: localhost [9180] timeout 120
2012-09-27T07:22:04Z DEBUG duration: 3 seconds
2012-09-27T07:22:04Z DEBUG [15/20]: requesting RA certificate from CA
2012-09-27T07:22:07Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias
-f XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=NIX.BE -z /tmp/tmpW2tvmL
-a
2012-09-27T07:22:07Z DEBUG stdout=
Certificate request generated by Netscape certutil
Phone: (not specified)
Common Name: IPA RA
Email: (not specified)
Organization: NIX.BE
State: (not specified)
Country: (not specified)
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICbTCCAVUCAQAwKDEVMBMGA1UEChMMTklYLlJBSUxCLkJFMQ8wDQYDVQQDEwZJ
<cut>
Mw==
-----END NEW CERTIFICATE REQUEST-----
2012-09-27T07:22:07Z DEBUG stderr=
Generating key. This may take a few moments...
2012-09-27T07:22:11Z DEBUG duration: 6 seconds
2012-09-27T07:22:11Z DEBUG [16/20]: issuing RA agent certificate
2012-09-27T07:22:11Z DEBUG args=/usr/bin/certutil -d /tmp/tmp-1ItZiZ
-f XXXXXXXX -M -t CT,C,C -n Certificate Authority - NIX.BE
2012-09-27T07:22:11Z DEBUG stdout=
2012-09-27T07:22:11Z DEBUG stderr=
2012-09-27T07:22:11Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p
XXXXXXXX -d /tmp/tmp-1ItZiZ -r /ca/agent/ca/profileReview?requestId=7
ipa.nix.be:9443
2012-09-27T07:22:11Z DEBUG stdout=
2012-09-27T07:22:11Z DEBUG stderr=GET
/ca/agent/ca/profileReview?requestId=7 HTTP/1.0
port: 9443
addr='ipa.nix.be'
family='10'
exit after PR_Connect with error -5987:
2012-09-27T07:22:11Z INFO File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 614, in run_script
return_value = main_function()
File "/sbin/ipa-server-install", line 931, in main
subject_base=options.subject)
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 562, in configure_instance
self.start_creation("Configuring certificate server", 210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 321, in start_creation
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 903, in __issue_ra_cert
(stdout, stderr, returncode) = ipautil.run(args,
nolog=(self.admin_password,))
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 309, in run
raise CalledProcessError(p.returncode, args)
2012-09-27T07:22:11Z INFO The ipa-server-install command failed,
exception: CalledProcessError: Command '/usr/bin/sslget -v -n
ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-1ItZiZ -r
/ca/agent/ca/profileReview?requestId=7 ipa.nix.be:9443' returned
non-zero exit status 6
More information about the Freeipa-users
mailing list