[Freeipa-users] Upgrading freeipa server from f18 to f20
Thomas Sailer
t.sailer at alumni.ethz.ch
Thu Jan 9 15:15:55 UTC 2014
Hi Martin,
> ipa config-mod --enable-migration=1
Thanks! I'm getting farther now.
It seems to manage setting up the main directory server, but fails
configuring the ca system.
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30 seconds
[1/17]: creating certificate server user
[2/17]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpqX0Uul' returned non-zero exit status 1
2014-01-09T14:53:42Z DEBUG Starting external process
2014-01-09T14:53:42Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpqX0Uul
2014-01-09T14:53:55Z DEBUG Process finished, return code=1
2014-01-09T14:53:55Z DEBUG stdout=Loading deployment configuration from
/tmp/tmp
qX0Uul.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/de
ployment.cfg.
Installation failed.
2014-01-09T14:53:55Z DEBUG stderr=pkispawn : WARNING ....... unable
to valid
ate security domain user/password through REST interface. Interface not
availabl
e
mmap: Invalid argument
mmap: Invalid argument
mmap: Invalid argument
pkispawn : ERROR ....... Exception from Java Configuration
Servlet: Failed
to obtain installation token from security domain:
java.lang.NullPointerException
2014-01-09T14:53:55Z CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpqX0Uul' returned non-zero exit status 1
2014-01-09T14:53:55Z INFO File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 619, in run_script
return_value = main_function()
File "/usr/sbin/ipa-replica-install", line 652, in main
(CA, cs) = cainstance.install_replica_ca(config, dogtag_master_ds_port)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1809, in install_replica_ca
subject_base=config.subject_base)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
625, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 358, in start_creation
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
744, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
2014-01-09T14:53:55Z INFO The ipa-replica-install command failed,
exception: RuntimeError: Configuration of CA failed
/var/log/pki/pki-tomcat/ca/system:
17875.localhost-startStop-1 - [09/Jan/2014:15:53:52 CET] [3] [3] Cannot
build CA chain. Error java.security.cert.CertificateException:
Certificate is not a PKCS #11 certificate
17875.localhost-startStop-1 - [09/Jan/2014:15:53:52 CET] [13] [3] authz
instance DirAclAuthz initialization failed and skipped, error=Property
internaldb.ldapconn.port missing value
More information about the Freeipa-users
mailing list