[Freeipa-users] Setup of freeipa 4.1.3 failed
Endi Sukma Dewata
edewata at redhat.com
Wed Apr 1 16:56:38 UTC 2015
On 4/1/2015 2:29 AM, Martin Kosek wrote:
> On 03/31/2015 07:58 PM, Dmitri Pal wrote:
>> On 03/31/2015 01:54 PM, Markus Roth wrote:
>>> Hi all,
>>>
>>> I want setup freeipa 4.1.3 on a fresh installed fedora 21.
>>> The ipa-server-install shows the following output:
...
>>> Done configuring directory server (dirsrv).
>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
>>> seconds
>>> [1/27]: creating certificate server user
>>> [2/27]: configuring certificate server instance
>>> [3/27]: stopping certificate server instance to update CS.cfg
>>> [4/27]: backing up CS.cfg
>>> [5/27]: disabling nonces
>>> [6/27]: set up CRL publishing
>>> [7/27]: enable PKIX certificate path discovery and validation
>>> [8/27]: starting certificate server instance
>>> [error] RuntimeError: CA did not start in 300.0s
>>> CA did not start in 300.0s
>>>
>>> The ipa server install log shows this:
>>>
>>> 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
>>> 2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
...
>>> I uninstalled the ipa server completely several times and installed it again.
>>> But it always stops at the same step with the setup.
>>>
>>> Can anybody help?
>>>
>>> Markus.
>>>
>> Please provide install logs, and look at directory server and PKI server logs
>> created during the installation.
>> It seems that Dogtag did not start. It usually does not start when the DS under
>> it does not start. The logs would show that.
>> DS does not start does because of different issues. Can bind to the port for
>> example. So please review the logs and see what they reveal.
>>
>> This might help you with details http://www.freeipa.org/page/Troubleshooting
>
> +1. CCing Dogtag guys for reference.
Based on the IPA install log alone it looks like the DS is already
started, and the Dogtag is already started too in step [3/27]. It's the
restart on step [8/27] that is failing.
We will need to see the Dogtag debug log in order to know if Dogtag is
indeed failing to restart or the installer for some reason cannot
connect to Dogtag.
--
Endi S. Dewata
More information about the Freeipa-users
mailing list