[Freeipa-users] Error creating new freeipa-server

Bret Wortman bret.wortman at damascusgrp.com
Mon Apr 28 12:41:37 UTC 2014 

Great. I'll try that next. 


Bret Wortman
http://bretwortman.com/
http://twitter.com/BretWortman

> On Apr 28, 2014, at 8:33 AM, Petr Viktorin <pviktori at redhat.com> wrote:
> 
>> On 04/28/2014 01:52 PM, Bret Wortman wrote:
>> I'm trying to stand up a new ipa server on a clean box, and I keep
>> getting this error so _something_ is amiss but I'm not sure what:
>> 
>> :
>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
>> 30 seconds
>>     [1/22]: creating certificate server user
>>     [2/22]: configuring certificate server instance
>> ipa        : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
>> Configuration of CA failed
>> #
>> 
>> In the /var/log/ipaserver-install.log, I see this:
>> 
>> :
>> :
>> Installing CA into /var/lib/pki/pki-tomcat.
>> 
>> Installation failed.
>> 
>> 
>> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR ........ PKI
>> subsystem 'CA' for instance 'pki-tomcat' already exists!
>> 
>> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
>> 2014-04-28T11:43:46Z DEBUG   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 622, in run_script
>>     return_value = main_function()
>> 
>>   File "/usr/sbin/ipa-server-install", line 1074, in main
>>     dm_password, subject_base=options.subject)
>> 
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
>> 478, in configure_instance
>>     self.start_creation(runtime=210)
>> 
>>   File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
>> line 364, in start_creation
>>     method()
>> 
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
>> 604, in __spawn_instance
>>     raise RUntimeError('Configuration of CA failed')
>> :
>> :
>> 
>> So it looks like somehow this has gotten configured already. Possibly
>> Puppet copied over something it shouldn't have. What do I need to remove
>> to make this step work without removing so much that I render something
>> inoperable?
> 
> 
> According to the error you're getting, there is a CA instance already installed.
> After uninstalling IPA, destroy it with:
>    pkidestroy -s CA -i pki-tomcat
> 
> 
> 
> -- 
> Petr³
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2346 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/905fcdac/attachment.p7s>

More information about the Freeipa-users mailing list