[Freeipa-users] Error creating new freeipa-server
Dmitri Pal
dpal at redhat.com
Mon Apr 28 11:57:07 UTC 2014
On 04/28/2014 07:52 AM, Bret Wortman wrote:
> I'm trying to stand up a new ipa server on a clean box, and I keep
> getting this error so _something_ is amiss but I'm not sure what:
>
> :
> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
> 30 seconds
> [1/22]: creating certificate server user
> [2/22]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit
> status 1
> Configuration of CA failed
> #
>
> In the /var/log/ipaserver-install.log, I see this:
>
> :
> :
> Installing CA into /var/lib/pki/pki-tomcat.
>
> Installation failed.
>
>
> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR ........ PKI
> subsystem 'CA' for instance 'pki-tomcat' already exists!
>
> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit
> status 1
> 2014-04-28T11:43:46Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 622, in run_script
> return_value = main_function()
>
> File "/usr/sbin/ipa-server-install", line 1074, in main
> dm_password, subject_base=options.subject)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
> line 478, in configure_instance
> self.start_creation(runtime=210)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line
> 364, in start_creation
> method()
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
> line 604, in __spawn_instance
> raise RUntimeError('Configuration of CA failed')
> :
> :
>
> So it looks like somehow this has gotten configured already. Possibly
> Puppet copied over something it shouldn't have. What do I need to
> remove to make this step work without removing so much that I render
> something inoperable?
>
>
Run uninstall several times. Each time uninstall might clean next
portion and untangle things so trying to do it several times pays off.
Then check if there is a DS instance for PKI. If there is remove it and
try again.
> --
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/ce8f630b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/ce8f630b/attachment.png>
More information about the Freeipa-users
mailing list