[Freeipa-users] i could use some help with installing FreeIPA

Rob Crittenden rcritten at redhat.com
Tue Dec 17 03:30:16 UTC 2013 

Dmitri Pal wrote:
> On 12/16/2013 06:46 PM, Galen Brownsmith wrote:
>> My install fails on the invocation of pkispawn with a Socket Error in
>> the pki-ca-spawn log  ; anyone have any ideas?  (It isn't the issue
>> with special characters in the DM's password, as my Directory Manager
>> and IPA Admin passwords may be 32 characters long, but only contain
>> [A-Za-z0-9_] )
>>
>> Configuration and Error Messages follow.
>>
>> Target System: Fedora19 64bit LXC Container running on top of a
>> Fedora19 64bit host.  Kernel 3.11.10, Q9550 Intel CPU.
>> Attempting to install freeipa server 3.3.3 .  SEllinux has been set to
>> 'disabled' on the host and container.
>>
>> /etc/hosts:
>> # IP            FQDN                            Alias(es)
>> 127.0.0.1       localhost.localdomain           localhost localhost4
>> 192.168.253.94 woeg.marphod.net <http://woeg.marphod.net> woeg
>>
>> # Peers
>> 192.168.253.99 skete.marphod.net <http://skete.marphod.net> skete
>> wiki.marphod.net <http://wiki.marphod.net> wiki www.marphod.net
>> <http://www.marphod.net> www
>> [... several more machines]
>>
>> /etc/resolv.conf
>> ; generated by /usr/sbin/dhclient-script
>> search marphod.net <http://marphod.net>
>> nameserver 192.168.253.1
>>
>> /etc/sysconfig/network:
>> NETWORKING=yes
>> HOSTNAME=woeg.marphod.net <http://woeg.marphod.net>
>>
>> No software firewall on the Container:
>> # iptables -L
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target     prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>>
>> Not using NetworkManager.  The machine has a virtual nic, and is
>> connected to the bridge on the host, and can interact with the outside
>> world.
>>
>> Installation commands:
>> # ipa-server-install --uninstall -U
>> # pkidestroy -s CA -i pki-tomcat
>> # ipa-server-install -N -d --no-host-dns
>>
>> I select the defaults during the interactive install.
>>
>> During installation, everything seems to run fine up to the invocation
>> of pkispawn.   I then get the errors:
>> <text>
>> Installing CA into /var/lib/pki/pki-tomcat.
>> Storing deployment configuration into
>> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
>> Installation failed.
>>
>> ipa         : DEBUG    stderr=Job for pki-tomcatd at pki-tomcat.service
>> failed. See 'systemctl status pki-tomcatd at pki-tomcat.service' and
>> 'journalctl -xn' for details.
>> pkispawn    : ERROR    ....... server failed to restart
>>
>> ipa         : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpwNB5bU' returned non-zero exit
>> status 1
>> ipa         : DEBUG      File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 622, in run_script
>>     return_value = main_function()
>>
>>   File "/usr/sbin/ipa-server-install", line 1074, in main
>>     dm_password, subject_base=options.subject)
>>
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 478, in configure_instance
>>     self.start_creation(runtime=210)
>>
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 364, in start_creation
>>     method()
>>
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 604, in __spawn_instance
>>     raise RuntimeError('Configuration of CA failed')
>>
>> ipa         : DEBUG    The ipa-server-install command failed,
>> exception: RuntimeError: Configuration of CA failed
>> Configuration of CA failed
>> </text>
>>
>> the relevant errors from /var/log/pki/pki-ca-spawn.timestamp.log: (the
>> ... skipping... is from the file)
>> <text>
>> ...skipping...
>> y still be down
>> 2013-12-16 18:12:23 pkispawn    : DEBUG    ........... No connection -
>> exception thrown: Cannot connect to proxy. Socket error: [Errno 111]
>> Connection refused.
>> 2013-12-16 18:12:24 pkispawn    : DEBUG    ........... No connection -
>> server may still be down
>> 2013-12-16 18:12:24 pkispawn    : DEBUG    ........... No connection -
>> exception thrown: Cannot connect to proxy. Socket error: [Errno 111]
>> Connection refused.
>> 2013-12-16 18:12:25 pkispawn    : DEBUG    ........... No connection -
>> server may still be down
>> ...
>> (error repeated 12 more times)
>> ...
>> 2013-12-16 18:12:39 pkispawn    : ERROR    ....... server failed to
>> restart
>> 2013-12-16 18:12:39 pkispawn    : DEBUG    ....... Error Type: SystemExit
>> 2013-12-16 18:12:39 pkispawn    : DEBUG    ....... Error Message: 1
>> 2013-12-16 18:12:39 pkispawn    : DEBUG    .......   File
>> "/usr/sbin/pkispawn", line 374, in main
>>     rv = instance.spawn()
>>   File
>> "/usr/lib/python2.7/site-packages/pki/deployment/configuration.py",
>> line 102, in spawn
>>     sys.exit(1)
>> </text>
>>
>
> You are trying it in a container. I do not know whether this makes a
> difference.
> It might be due to the fact that underlying directory server has not
> started.
> Please look at the pki instance DS logs to determine whether the DS
> instance was installed and configured correctly.
> http://www.freeipa.org/page/Troubleshooting#Server_Installation
> Please publish these logs here.

I'm not entirely sure that IPA works in a container. I think that 
Nathaniel looked at this a few months ago but I can't recall his findings.

rob

More information about the Freeipa-users mailing list