[Freeipa-users] Error creating new freeipa-server
Bret Wortman
bret.wortman at damascusgrp.com
Mon Apr 28 12:41:11 UTC 2014
I thought that might be it and didn't see anything but will look again.
Bret Wortman
http://bretwortman.com/
http://twitter.com/BretWortman
> On Apr 28, 2014, at 8:20 AM, Dmitri Pal <dpal at redhat.com> wrote:
>
>> On 04/28/2014 08:06 AM, Bret Wortman wrote:
>> Not to be thick, but what's the best way to check the DS instance for a pki entry?
>
> I do not remember the exact path and I do not have an instance handy. Something like /var/lib/dirsrv/PKI, do not want to mislead you.
>
>
>>
>>> On 04/28/2014 07:57 AM, Dmitri Pal wrote:
>>>> On 04/28/2014 07:52 AM, Bret Wortman wrote:
>>>> I'm trying to stand up a new ipa server on a clean box, and I keep getting this error so _something_ is amiss but I'm not sure what:
>>>>
>>>> :
>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
>>>> [1/22]: creating certificate server user
>>>> [2/22]: configuring certificate server instance
>>>> ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
>>>> Configuration of CA failed
>>>> #
>>>>
>>>> In the /var/log/ipaserver-install.log, I see this:
>>>>
>>>> :
>>>> :
>>>> Installing CA into /var/lib/pki/pki-tomcat.
>>>>
>>>> Installation failed.
>>>>
>>>>
>>>> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR ........ PKI subsystem 'CA' for instance 'pki-tomcat' already exists!
>>>>
>>>> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
>>>> 2014-04-28T11:43:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script
>>>> return_value = main_function()
>>>>
>>>> File "/usr/sbin/ipa-server-install", line 1074, in main
>>>> dm_password, subject_base=options.subject)
>>>>
>>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 478, in configure_instance
>>>> self.start_creation(runtime=210)
>>>>
>>>> File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line 364, in start_creation
>>>> method()
>>>>
>>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 604, in __spawn_instance
>>>> raise RUntimeError('Configuration of CA failed')
>>>> :
>>>> :
>>>>
>>>> So it looks like somehow this has gotten configured already. Possibly Puppet copied over something it shouldn't have. What do I need to remove to make this step work without removing so much that I render something inoperable?
>>> Run uninstall several times. Each time uninstall might clean next portion and untangle things so trying to do it several times pays off.
>>> Then check if there is a DS instance for PKI. If there is remove it and try again.
>>>
>>>> --
>>>> Bret Wortman
>>>> <mime-attachment.png>
>>>> http://damascusgrp.com/
>>>> http://about.me/wortmanbret
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/626b2549/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2346 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/626b2549/attachment.p7s>
More information about the Freeipa-users
mailing list