[Freeipa-users] Error creating new freeipa-server

Dmitri Pal dpal at redhat.com
Mon Apr 28 11:57:07 UTC 2014 

On 04/28/2014 07:52 AM, Bret Wortman wrote:
> I'm trying to stand up a new ipa server on a clean box, and I keep 
> getting this error so _something_ is amiss but I'm not sure what:
>
> :
> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 
> 30 seconds
>     [1/22]: creating certificate server user
>     [2/22]: configuring certificate server instance
> ipa        : CRITICAL failed to configure ca instance Command 
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit 
> status 1
> Configuration of CA failed
> #
>
> In the /var/log/ipaserver-install.log, I see this:
>
> :
> :
> Installing CA into /var/lib/pki/pki-tomcat.
>
> Installation failed.
>
>
> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR ........ PKI 
> subsystem 'CA' for instance 'pki-tomcat' already exists!
>
> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command 
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit 
> status 1
> 2014-04-28T11:43:46Z DEBUG   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
> line 622, in run_script
>     return_value = main_function()
>
>   File "/usr/sbin/ipa-server-install", line 1074, in main
>     dm_password, subject_base=options.subject)
>
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
> line 478, in configure_instance
>     self.start_creation(runtime=210)
>
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line 
> 364, in start_creation
>     method()
>
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
> line 604, in __spawn_instance
>     raise RUntimeError('Configuration of CA failed')
> :
> :
>
> So it looks like somehow this has gotten configured already. Possibly 
> Puppet copied over something it shouldn't have. What do I need to 
> remove to make this step work without removing so much that I render 
> something inoperable?
>
>
Run uninstall several times. Each time uninstall might clean next 
portion and untangle things so trying to do it several times pays off.
Then check if there is a DS instance for PKI. If there is remove it and 
try again.

> -- 
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/ce8f630b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/ce8f630b/attachment.png>

More information about the Freeipa-users mailing list