[Freeipa-users] Error creating new freeipa-server

Dmitri Pal dpal at redhat.com
Mon Apr 28 12:20:30 UTC 2014 

On 04/28/2014 08:06 AM, Bret Wortman wrote:
> Not to be thick, but what's the best way to check the DS instance for 
> a pki entry?

I do not remember the exact path and I do not have an instance handy. 
Something like /var/lib/dirsrv/PKI, do not want to mislead you.


>
> On 04/28/2014 07:57 AM, Dmitri Pal wrote:
>> On 04/28/2014 07:52 AM, Bret Wortman wrote:
>>> I'm trying to stand up a new ipa server on a clean box, and I keep 
>>> getting this error so _something_ is amiss but I'm not sure what:
>>>
>>> :
>>> Configuring certificate server (pki-tomcatd): Estimated time 3 
>>> minutes 30 seconds
>>>     [1/22]: creating certificate server user
>>>     [2/22]: configuring certificate server instance
>>> ipa        : CRITICAL failed to configure ca instance Command 
>>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit 
>>> status 1
>>> Configuration of CA failed
>>> #
>>>
>>> In the /var/log/ipaserver-install.log, I see this:
>>>
>>> :
>>> :
>>> Installing CA into /var/lib/pki/pki-tomcat.
>>>
>>> Installation failed.
>>>
>>>
>>> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR    ........ 
>>> PKI subsystem 'CA' for instance 'pki-tomcat' already exists!
>>>
>>> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance 
>>> Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned 
>>> non-zero exit status 1
>>> 2014-04-28T11:43:46Z DEBUG   File 
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 
>>> 622, in run_script
>>>     return_value = main_function()
>>>
>>>   File "/usr/sbin/ipa-server-install", line 1074, in main
>>>     dm_password, subject_base=options.subject)
>>>
>>>   File 
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
>>> line 478, in configure_instance
>>>     self.start_creation(runtime=210)
>>>
>>>   File 
>>> "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", 
>>> line 364, in start_creation
>>>     method()
>>>
>>>   File 
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
>>> line 604, in __spawn_instance
>>>     raise RUntimeError('Configuration of CA failed')
>>> :
>>> :
>>>
>>> So it looks like somehow this has gotten configured already. 
>>> Possibly Puppet copied over something it shouldn't have. What do I 
>>> need to remove to make this step work without removing so much that 
>>> I render something inoperable?
>>>
>>>
>> Run uninstall several times. Each time uninstall might clean next 
>> portion and untangle things so trying to do it several times pays off.
>> Then check if there is a DS instance for PKI. If there is remove it 
>> and try again.
>>
>>> -- 
>>> *Bret Wortman*
>>>
>>> http://damascusgrp.com/
>>> http://about.me/wortmanbret
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> -- 
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/455fdf62/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/455fdf62/attachment.png>

More information about the Freeipa-users mailing list