[Freeipa-users] FreeIPA on Fedora 20: Configuration of CA failed

Nathan Kinder nkinder at redhat.com
Wed Sep 11 23:54:05 UTC 2013


On 09/11/2013 03:33 PM, Mateusz Marzantowicz wrote:
> I'm trying to install FreeIPA Server on Fedora 20 (with all updates
> installed) but it fails on ipa-server-install -N command.
>
> Error message:
> CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s
> CA -f /tmp/tmppTdhYM' returned non-zero exit status 1
>
> which pointed me to [1] and [2]. I've found bug 953488 [3] but
> recommended solution does not work for me.
>
> Is there any way I can install and configure FreeIPA server on Fedora 20?
I believe that this is all caused by a recent change to the way Tomcat 
startup works in F20, which breaks the Dogtag CA.  We hope to have a new 
build of Dogtag soon that addresses this.

Thanks,
-NGK
>
> Here are some lines from /var/log/ipaserver-install.log:
>
> 2013-09-11T20:13:40Z DEBUG Starting external process
> 2013-09-11T20:13:40Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmppTdhYM
> 2013-09-11T20:13:40Z DEBUG Process finished, return code=1
> 2013-09-11T20:13:40Z DEBUG stdout=Loading deployment configuration from
> /tmp/tmppTdhYM.
> Installing CA into /var/lib/pki/pki-tomcat.
> Storing deployment configuration into
> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
> Installation failed.
>
>
> 2013-09-11T20:13:40Z DEBUG stderr=pkispawn    : WARNING  .......
> Dangling symlink
> '/var/lib/pki/pki-tomcat/pki-tomcat'-->'/usr/sbin/tomcat-sysd'
>
> 2013-09-11T20:13:40Z CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmppTdhYM' returned non-zero exit status 1
> 2013-09-11T20:13:40Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 622, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-server-install", line 1022, in main
>      dm_password, subject_base=options.subject)
>
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 478, in configure_instance
>      self.start_creation(runtime=210)
>
>    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 364, in start_creation
>      method()
>
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 604, in __spawn_instance
>      raise RuntimeError('Configuration of CA failed')
>
> 2013-09-11T20:13:40Z DEBUG The ipa-server-install command failed,
> exception: RuntimeError: Configuration of CA failed
>
>
> and few more lines from /var/log/pki/pki-ca-spawn.20130911221340.log:
>
> 2013-09-11 22:13:40 pkispawn    : INFO     ....... mkdir -p
> /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca
> 2013-09-11 22:13:40 pkispawn    : DEBUG    ........... chmod 770
> /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca
> 2013-09-11 22:13:40 pkispawn    : DEBUG    ........... chown 995:994
> /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca
> 2013-09-11 22:13:40 pkispawn    : INFO     ....... ln -s
> /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin
> 2013-09-11 22:13:40 pkispawn    : DEBUG    ........... chown -h 995:994
> /var/lib/pki/pki-tomcat/bin
> 2013-09-11 22:13:40 pkispawn    : WARNING  ....... Dangling symlink
> '/var/lib/pki/pki-tomcat/pki-tomcat'-->'/usr/sbin/tomcat-sysd'
> 2013-09-11 22:13:40 pkispawn    : DEBUG    ....... Error Type: SystemExit
> 2013-09-11 22:13:40 pkispawn    : DEBUG    ....... Error Message: 1
> 2013-09-11 22:13:40 pkispawn    : DEBUG    .......   File
> "/usr/sbin/pkispawn", line 374, in main
>      rv = instance.spawn()
>    File
> "/usr/lib/python2.7/site-packages/pki/deployment/instance_layout.py",
> line 87, in spawn
>      uid=0, gid=0)
>    File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py",
> line 1774, in create
>      sys.exit(1)
>
>
> Mateusz Marzantowicz
>
>
> [1] https://www.redhat.com/archives/freeipa-users/2013-July/msg00247.html
> [2]
> https://www.redhat.com/archives/freeipa-users/2012-December/msg00010.html
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=953488
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users




More information about the Freeipa-users mailing list