[Freeipa-users] Upgrading freeipa server from f18 to f20

Thomas Sailer t.sailer at alumni.ethz.ch
Thu Jan 9 15:15:55 UTC 2014 

Hi Martin,

> ipa config-mod --enable-migration=1

Thanks! I'm getting farther now.

It seems to manage setting up the main directory server, but fails 
configuring the ca system.

Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 
30 seconds
   [1/17]: creating certificate server user
   [2/17]: configuring certificate server instance
ipa         : CRITICAL failed to configure ca instance Command 
'/usr/sbin/pkispawn -s CA -f /tmp/tmpqX0Uul' returned non-zero exit status 1

2014-01-09T14:53:42Z DEBUG Starting external process
2014-01-09T14:53:42Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpqX0Uul
2014-01-09T14:53:55Z DEBUG Process finished, return code=1
2014-01-09T14:53:55Z DEBUG stdout=Loading deployment configuration from 
/tmp/tmp
qX0Uul.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into 
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/de
ployment.cfg.
Installation failed.


2014-01-09T14:53:55Z DEBUG stderr=pkispawn    : WARNING  ....... unable 
to valid
ate security domain user/password through REST interface. Interface not 
availabl
e
mmap: Invalid argument
mmap: Invalid argument
mmap: Invalid argument
pkispawn    : ERROR    ....... Exception from Java Configuration 
Servlet: Failed
  to obtain installation token from security domain: 
java.lang.NullPointerException

2014-01-09T14:53:55Z CRITICAL failed to configure ca instance Command 
'/usr/sbin/pkispawn -s CA -f /tmp/tmpqX0Uul' returned non-zero exit status 1
2014-01-09T14:53:55Z INFO   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
line 619, in run_script
     return_value = main_function()

   File "/usr/sbin/ipa-replica-install", line 652, in main
     (CA, cs) = cainstance.install_replica_ca(config, dogtag_master_ds_port)

   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
1809, in install_replica_ca
     subject_base=config.subject_base)

   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
625, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", 
line 358, in start_creation
     method()

   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
744, in __spawn_instance
     raise RuntimeError('Configuration of CA failed')

2014-01-09T14:53:55Z INFO The ipa-replica-install command failed, 
exception: RuntimeError: Configuration of CA failed

/var/log/pki/pki-tomcat/ca/system:
17875.localhost-startStop-1 - [09/Jan/2014:15:53:52 CET] [3] [3] Cannot 
build CA chain. Error java.security.cert.CertificateException: 
Certificate is not a PKCS #11 certificate
17875.localhost-startStop-1 - [09/Jan/2014:15:53:52 CET] [13] [3] authz 
instance DirAclAuthz initialization failed and skipped, error=Property 
internaldb.ldapconn.port missing value

More information about the Freeipa-users mailing list