[Freeipa-users] Fedora 18 + FreeIPA 3.1

Rob Crittenden rcritten at redhat.com
Wed Jan 2 00:42:02 UTC 2013 

Dale Macartney wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 01/01/2013 11:42 PM, Rob Crittenden wrote:
>> Dale Macartney wrote:
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> On 12/29/2012 06:38 PM, Rob Crittenden wrote:
>>>> Dale Macartney wrote:
>>>>>
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> Afternoon all
>>>>>
>>>>> using Fedora 18 Beta and attempting to install FreeIPA 3.1
>>>>>
>>>>> when running through the install of "ipa-server-install --setup-dns" I
>>>>> end up with a failure with the below output
>>>>>
>>>>>
>>>>> [root at ds01 ~]# ipa-server-install --setup-dns
>>>>> .....
>>>>> .....
>>>>> Done configuring directory server (dirsrv).
>>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
>>>>> 30 seconds
>>>>> [1/20]: creating certificate server user
>>>>> [2/20]: configuring certificate server instance
>>>>> [3/20]: disabling nonces
>>>>> [4/20]: creating RA agent certificate database
>>>>> [5/20]: importing CA chain to RA certificate database
>>>>> [6/20]: fixing RA database permissions
>>>>> [7/20]: setting up signing cert profile
>>>>> [8/20]: set up CRL publishing
>>>>> [9/20]: set certificate subject base
>>>>> [10/20]: enabling Subject Key Identifier
>>>>> [11/20]: enabling CRL and OCSP extensions for certificates
>>>>> [12/20]: setting audit signing renewal to 2 years
>>>>> [13/20]: configuring certificate server to start on boot
>>>>> [14/20]: restarting certificate server
>>>>> [15/20]: requesting RA certificate from CA
>>>>> [16/20]: issuing RA agent certificate
>>>>> Unexpected error - see /var/log/ipaserver-install.log for details:
>>>>> CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p
>>>>> XXXXXXXX -d /tmp/tmp-kUFAyN -r /ca/agent/ca/profileReview?requestId=7
>>>>> ds01.domain.com:8443' returned non-zero exit status 6
>>>>>
>>>>>
>>>>> there is absolutely nothing in any logs at all apart from a few selinux
>>>>> audit logs (system running in permissive mode).
>>>>>
>>>>> Any thoughts?
>>>>
>>>> This usually means a problem with DNS.
>>> Hmm... normally I set a dns forwarder of 10.0.0.254... This time I tried
>>> it with no forwarder at all... Same error occurs...
>>
>> Not really sure. The errors out of sslget are not particularly helpful.
>>
>> I'd check /etc/hosts to be sure it is sane, and perhaps dig/host to be
> sure that the forward and reverse entries match up.
> that'll teach me for using non-kickstarted systems...
>
> error is caused by mis or unconfigured /etc/hosts

It's hard to programmatically check for some things but I was pretty 
sure we did some /etc/hosts sanity checking. What was the problem, and I 
guess more importantly, is it something we can/should check for prior to 
starting the install?

thanks

rob

More information about the Freeipa-users mailing list