[Freeipa-users] Error creating new freeipa-server

Mon Apr 28 15:08:39 UTC 2014

On 04/28/2014 10:48 AM, Rob Crittenden wrote:
> Bret Wortman wrote:
>>
>> On 04/28/2014 10:21 AM, Bret Wortman wrote:
>>>
>>> On 04/28/2014 08:33 AM, Petr Viktorin wrote:
>>>>
>>>> According to the error you're getting, there is a CA instance already
>>>> installed.
>>>> After uninstalling IPA, destroy it with:
>>>>     pkidestroy -s CA -i pki-tomcat
>>>>
>>>>
>>> I tried, this, but no joy.
>>>
>>> # pkidestroy -s CA -i pki-tomcat
>>> Loading deployment configuration from /var/lib/pki/pki-tomcat
>>> /ca/registry/ca/deployment.cfg.
>>> Uninstalling CA from /var/lib/pki/pki-tomcat.
>>> pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
>>> security domain 'unknown'!
>>> pkidestroy : ERROR   ....... No security domain defined.
>>> If this is an unconfigured instance, then that is OK.
>>> Otherwise, manually delete the entry from the security domain master.
>>>
>>> Uninstallation complete.
>>> #
>>>
>>> And then when I tried to run ipa-server-install, I got the same error
>>> again. I may just wipe the box and start over. It might take less time
>>> overall.
>>>
>>>
>>> Bret
>>>
>> This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also
>> dogtag-10.1.1-1).
>
> From the ipa-server installation output the error looks the same, but 
> the underlying error should be different when there isn't already a 
> PKI instance.
>
> If the PKI installer fails early enough we don't record that it was 
> installed which is why ipa-server-install --uninstall doesn't remove 
> it. We have a ticket open for this.
>
> rob
>
So is there a recommended way to clean it up and get it working?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/5676bd06/attachment.p7s>