[Freeipa-users] Error creating new freeipa-server
Bret Wortman
bret.wortman at damascusgrp.com
Mon Apr 28 15:24:22 UTC 2014
On 04/28/2014 11:08 AM, Bret Wortman wrote:
>
> On 04/28/2014 10:48 AM, Rob Crittenden wrote:
>> Bret Wortman wrote:
>>>
>>> On 04/28/2014 10:21 AM, Bret Wortman wrote:
>>>>
>>>> On 04/28/2014 08:33 AM, Petr Viktorin wrote:
>>>>>
>>>>> According to the error you're getting, there is a CA instance already
>>>>> installed.
>>>>> After uninstalling IPA, destroy it with:
>>>>> pkidestroy -s CA -i pki-tomcat
>>>>>
>>>>>
>>>> I tried, this, but no joy.
>>>>
>>>> # pkidestroy -s CA -i pki-tomcat
>>>> Loading deployment configuration from /var/lib/pki/pki-tomcat
>>>> /ca/registry/ca/deployment.cfg.
>>>> Uninstalling CA from /var/lib/pki/pki-tomcat.
>>>> pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
>>>> security domain 'unknown'!
>>>> pkidestroy : ERROR ....... No security domain defined.
>>>> If this is an unconfigured instance, then that is OK.
>>>> Otherwise, manually delete the entry from the security domain master.
>>>>
>>>> Uninstallation complete.
>>>> #
>>>>
>>>> And then when I tried to run ipa-server-install, I got the same error
>>>> again. I may just wipe the box and start over. It might take less time
>>>> overall.
>>>>
>>>>
>>>> Bret
>>>>
>>> This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also
>>> dogtag-10.1.1-1).
>>
>> From the ipa-server installation output the error looks the same, but
>> the underlying error should be different when there isn't already a
>> PKI instance.
>>
>> If the PKI installer fails early enough we don't record that it was
>> installed which is why ipa-server-install --uninstall doesn't remove
>> it. We have a ticket open for this.
>>
>> rob
>>
> So is there a recommended way to clean it up and get it working?
>
Never mind; I found the bug (953488) which said to:
# pkidestroy -s CA -i pki-tomcat
ERROR: PKI instance '/var/lib/pki/pki-tomcat' does NOT exist!
# rm -rf /var/log/pki/pki-tomcat
# rm -rf /etc/sysconfig/pki-tomcat
# rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat
# rm -rf /var/lib/pki/pki-tomcat
# rm -rf /etc/pki/pki-tomcat
# ipa-server-install --uninstall
And re-run installation. This didn't work for me. Was there another bug
that I missed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/21ef4382/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/21ef4382/attachment.p7s>
More information about the Freeipa-users
mailing list