[Freeipa-users] Setup of freeipa 4.1.3 failed
Endi Sukma Dewata
edewata at redhat.com
Wed Apr 1 21:04:54 UTC 2015
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote:
>>> On 03/31/2015 01:54 PM, Markus Roth wrote:
>>>> Hi all,
>>>>
>>>> I want setup freeipa 4.1.3 on a fresh installed fedora 21.
>>>> The ipa-server-install shows the following output:
>
> ...
>
>>>> Done configuring directory server (dirsrv).
>>>> Configuring certificate server (pki-tomcatd): Estimated time 3
>>>> minutes 30
>>>> seconds
>>>> [1/27]: creating certificate server user
>>>> [2/27]: configuring certificate server instance
>>>> [3/27]: stopping certificate server instance to update CS.cfg
>>>> [4/27]: backing up CS.cfg
>>>> [5/27]: disabling nonces
>>>> [6/27]: set up CRL publishing
>>>> [7/27]: enable PKIX certificate path discovery and validation
>>>> [8/27]: starting certificate server instance
>>>> [error] RuntimeError: CA did not start in 300.0s
>>>> CA did not start in 300.0s
>>>>
>>>> The ipa server install log shows this:
>>>>
>>>> 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
>>>> 2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
>
> ...
>
>>>> I uninstalled the ipa server completely several times and installed
>>>> it again.
>>>> But it always stops at the same step with the setup.
>>>>
>>>> Can anybody help?
> Based on the IPA install log alone it looks like the DS is already
> started, and the Dogtag is already started too in step [3/27]. It's the
> restart on step [8/27] that is failing.
>
> We will need to see the Dogtag debug log in order to know if Dogtag is
> indeed failing to restart or the installer for some reason cannot
> connect to Dogtag.
Hi Markus,
Based on the logs that you sent me, the Dogtag took a really long time
to start:
INFORMATION: Server startup in 739700 ms
More than half of that time was spent starting the CA subsystem alone:
INFORMATION: Deployment of configuration descriptor /etc/pki
/pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms
The whole (failed) IPA installation took about 38 minutes. Is this correct?
It's possible the system was running out of entropy. You might want to
install haveged or rngd. See:
http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged
However, the system seems to be running very slowly in general. How
powerful is this machine?
--
Endi S. Dewata
More information about the Freeipa-users
mailing list