[Freeipa-users] Error creating new freeipa-server
Bret Wortman
bret.wortman at damascusgrp.com
Mon Apr 28 12:06:21 UTC 2014
Not to be thick, but what's the best way to check the DS instance for a
pki entry?
On 04/28/2014 07:57 AM, Dmitri Pal wrote:
> On 04/28/2014 07:52 AM, Bret Wortman wrote:
>> I'm trying to stand up a new ipa server on a clean box, and I keep
>> getting this error so _something_ is amiss but I'm not sure what:
>>
>> :
>> Configuring certificate server (pki-tomcatd): Estimated time 3
>> minutes 30 seconds
>> [1/22]: creating certificate server user
>> [2/22]: configuring certificate server instance
>> ipa : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit
>> status 1
>> Configuration of CA failed
>> #
>>
>> In the /var/log/ipaserver-install.log, I see this:
>>
>> :
>> :
>> Installing CA into /var/lib/pki/pki-tomcat.
>>
>> Installation failed.
>>
>>
>> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR ........
>> PKI subsystem 'CA' for instance 'pki-tomcat' already exists!
>>
>> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance
>> Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned
>> non-zero exit status 1
>> 2014-04-28T11:43:46Z DEBUG File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 622, in run_script
>> return_value = main_function()
>>
>> File "/usr/sbin/ipa-server-install", line 1074, in main
>> dm_password, subject_base=options.subject)
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 478, in configure_instance
>> self.start_creation(runtime=210)
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line
>> 364, in start_creation
>> method()
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 604, in __spawn_instance
>> raise RUntimeError('Configuration of CA failed')
>> :
>> :
>>
>> So it looks like somehow this has gotten configured already. Possibly
>> Puppet copied over something it shouldn't have. What do I need to
>> remove to make this step work without removing so much that I render
>> something inoperable?
>>
>>
> Run uninstall several times. Each time uninstall might clean next
> portion and untangle things so trying to do it several times pays off.
> Then check if there is a DS instance for PKI. If there is remove it
> and try again.
>
>> --
>> *Bret Wortman*
>>
>> http://damascusgrp.com/
>> http://about.me/wortmanbret
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/3df4c136/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/3df4c136/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/3df4c136/attachment.p7s>
More information about the Freeipa-users
mailing list