[Freeipa-users] Error creating new freeipa-server

Bret Wortman bret.wortman at damascusgrp.com
Mon Apr 28 12:41:11 UTC 2014 

I thought that might be it and didn't see anything but will look again. 


Bret Wortman
http://bretwortman.com/
http://twitter.com/BretWortman

> On Apr 28, 2014, at 8:20 AM, Dmitri Pal <dpal at redhat.com> wrote:
> 
>> On 04/28/2014 08:06 AM, Bret Wortman wrote:
>> Not to be thick, but what's the best way to check the DS instance       for a pki entry?
> 
> I do not remember the exact path and I do not have an instance handy. Something like /var/lib/dirsrv/PKI, do not want to mislead you.
> 
> 
>> 
>>> On 04/28/2014 07:57 AM, Dmitri Pal wrote:
>>>> On 04/28/2014 07:52 AM, Bret Wortman wrote:
>>>> I'm trying to stand up a new ipa server on a clean box, and I keep getting this error so _something_ is amiss but I'm not sure what:
>>>> 
>>>> :
>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
>>>>     [1/22]: creating certificate server user
>>>>     [2/22]: configuring certificate server instance
>>>> ipa        : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
>>>> Configuration of CA failed
>>>> #
>>>> 
>>>> In the /var/log/ipaserver-install.log, I see this:
>>>> 
>>>> :
>>>> :
>>>> Installing CA into /var/lib/pki/pki-tomcat.
>>>> 
>>>> Installation failed.
>>>> 
>>>> 
>>>> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR    ........ PKI subsystem 'CA' for instance 'pki-tomcat' already exists!
>>>> 
>>>> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
>>>> 2014-04-28T11:43:46Z DEBUG   File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script
>>>>     return_value = main_function()
>>>> 
>>>>   File "/usr/sbin/ipa-server-install", line 1074, in main
>>>>     dm_password, subject_base=options.subject)
>>>> 
>>>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 478, in configure_instance
>>>>     self.start_creation(runtime=210)
>>>> 
>>>>   File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line 364, in start_creation
>>>>     method()
>>>> 
>>>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 604, in __spawn_instance
>>>>     raise RUntimeError('Configuration of CA failed')
>>>> :
>>>> :
>>>> 
>>>> So it looks like somehow this has gotten configured already. Possibly Puppet copied over something it shouldn't have. What do I need to remove to make this step work without removing so much that I render something inoperable?
>>> Run uninstall several times. Each time uninstall might clean next portion and untangle things so trying to do it several times pays off.
>>> Then check if there is a DS instance for PKI. If there is remove it and try again.
>>> 
>>>> -- 
>>>> Bret Wortman
>>>> <mime-attachment.png>
>>>> http://damascusgrp.com/
>>>> http://about.me/wortmanbret
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> 
>>> 
>>> -- 
>>> Thank you,
>>> Dmitri Pal
>>> 
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>> 
>>> 
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> 
>> 
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/626b2549/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2346 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/626b2549/attachment.p7s>

More information about the Freeipa-users mailing list