[Freeipa-users] Error creating new freeipa-server
Rob Crittenden
rcritten at redhat.com
Mon Apr 28 14:48:51 UTC 2014
Bret Wortman wrote:
>
> On 04/28/2014 10:21 AM, Bret Wortman wrote:
>>
>> On 04/28/2014 08:33 AM, Petr Viktorin wrote:
>>>
>>> According to the error you're getting, there is a CA instance already
>>> installed.
>>> After uninstalling IPA, destroy it with:
>>> pkidestroy -s CA -i pki-tomcat
>>>
>>>
>> I tried, this, but no joy.
>>
>> # pkidestroy -s CA -i pki-tomcat
>> Loading deployment configuration from /var/lib/pki/pki-tomcat
>> /ca/registry/ca/deployment.cfg.
>> Uninstalling CA from /var/lib/pki/pki-tomcat.
>> pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
>> security domain 'unknown'!
>> pkidestroy : ERROR ....... No security domain defined.
>> If this is an unconfigured instance, then that is OK.
>> Otherwise, manually delete the entry from the security domain master.
>>
>> Uninstallation complete.
>> #
>>
>> And then when I tried to run ipa-server-install, I got the same error
>> again. I may just wipe the box and start over. It might take less time
>> overall.
>>
>>
>> Bret
>>
> This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also
> dogtag-10.1.1-1).
From the ipa-server installation output the error looks the same, but
the underlying error should be different when there isn't already a PKI
instance.
If the PKI installer fails early enough we don't record that it was
installed which is why ipa-server-install --uninstall doesn't remove it.
We have a ticket open for this.
rob
More information about the Freeipa-users
mailing list