[Freeipa-users] Problems and questions installing Identity Manager on RHEL V7
Endi Sukma Dewata
edewata at redhat.com
Fri Oct 3 02:38:43 UTC 2014
On 10/1/2014 12:46 PM, Alexander Bokovoy wrote:
> On Wed, 01 Oct 2014, Licause, Al (CSC AMS BCS - UNIX/Linux Network
> Support) wrote:
>> I have tried to deinstall and reinstall the ipa server but the
>> installation is now failing.
>>
>>
>> The ipa-server-install is failing with the following:
>>
>> [37/38]: tuning directory server
>> [38/38]: configuring directory to start on boot
>> Done configuring directory server (dirsrv).
>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
>> 30 seconds
>> [1/22]: creating certificate server user
>> [2/22]: configuring certificate server instance
>> ipa : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpLb1CmI' returned non-zero exit
>> status 1
>> Configuration of CA failed
>>
>> This happens each time I try to uninstall and reinstall the ipa server
>> on RHEL V7.
>>
>>
>> Looking at the latest log in /var/log/pki, I see this at the end of
>> the log:
>>
>> 2014-10-01 11:53:10 pkispawn : INFO BEGIN spawning subsystem
>> 'CA' of instance 'pki-tomcat' . . .
>> 2014-10-01 11:53:10 pkispawn : INFO ... initializing
>> 'pki.deployment.initialization'
>> 2014-10-01 11:53:10 pkispawn : ERROR ....... PKI subsystem 'CA'
>> for instance 'pki-tomcat' already exists!
>> 2014-10-01 11:53:10 pkispawn : DEBUG ....... Error Type: SystemExit
>> 2014-10-01 11:53:10 pkispawn : DEBUG ....... Error Message: 1
>> 2014-10-01 11:53:10 pkispawn : DEBUG ....... File
>> "/usr/sbin/pkispawn", line 374, in main
>> rv = instance.spawn()
>> File
>> "/usr/lib/python2.7/site-packages/pki/deployment/initialization.py",
>> line 56, in spawn
>> util.instance.verify_subsystem_does_not_exist()
>> File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py",
>> line 990, in verify_subsystem_does_not_exist
>> sys.exit(1)
>>
>> I am no python expert by any means and I'm not sure what this is
>> telling us so any help
>> would be greatly appreciated.
> This issue is known -- when CA install fails, we rollback but since CA
> isn't installed, we miss rolling it back. There is a ticket for
> eventually fixing this issue.
Which ticket is this? The rollback was actually disabled to allow
troubleshooting the failed installation:
https://fedorahosted.org/freeipa/ticket/3990
> Following sequence should clean up all the bits:
>
> pkidestroy -s CA -i pki-tomcat
> rm -rf /var/log/pki/pki-tomcat
> rm -rf /etc/sysconfig/pki-tomcat
> rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat
> rm -rf /var/lib/pki/pki-tomcat
> rm -rf /etc/pki/pki-tomcat
It's not official, but we call this step pki-nuke.
> It also helps to reboot between multiple reinstalls on a single machine.
Rather than rolling back the installation automatically (and delete all
files needed to troubleshoot the problem), it would be better to provide
an option to the uninstall command to forcibly remove all installed
files regardless whether the installation was successful or not, just
like the pki-nuke above.
--
Endi S. Dewata
More information about the Freeipa-users
mailing list