[Freeipa-users] Error creating new freeipa-server

Petr Viktorin pviktori at redhat.com
Mon Apr 28 12:33:30 UTC 2014 

On 04/28/2014 01:52 PM, Bret Wortman wrote:
> I'm trying to stand up a new ipa server on a clean box, and I keep
> getting this error so _something_ is amiss but I'm not sure what:
>
> :
> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
> 30 seconds
>      [1/22]: creating certificate server user
>      [2/22]: configuring certificate server instance
> ipa        : CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
> Configuration of CA failed
> #
>
> In the /var/log/ipaserver-install.log, I see this:
>
> :
> :
> Installing CA into /var/lib/pki/pki-tomcat.
>
> Installation failed.
>
>
> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR ........ PKI
> subsystem 'CA' for instance 'pki-tomcat' already exists!
>
> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
> 2014-04-28T11:43:46Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 622, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-server-install", line 1074, in main
>      dm_password, subject_base=options.subject)
>
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 478, in configure_instance
>      self.start_creation(runtime=210)
>
>    File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
> line 364, in start_creation
>      method()
>
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 604, in __spawn_instance
>      raise RUntimeError('Configuration of CA failed')
> :
> :
>
> So it looks like somehow this has gotten configured already. Possibly
> Puppet copied over something it shouldn't have. What do I need to remove
> to make this step work without removing so much that I render something
> inoperable?


According to the error you're getting, there is a CA instance already 
installed.
After uninstalling IPA, destroy it with:
     pkidestroy -s CA -i pki-tomcat



-- 
Petr³

More information about the Freeipa-users mailing list