[Freeipa-users] Issues with new install - Configuration of CA failed
Megan .
nagemnna at gmail.com
Tue Jan 13 20:06:16 UTC 2015
I am having a very difficult time getting the ipa server installed on
our test server.
CentOS release 6.6 (Final)
Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ipa-server-3.0.0-42.el6.centos.x86_64
I tried to reinstall pki-selinux, reboot, relabel and that didn't help
yum reinstall pki-selinux
I reviewed a number of threads and didn't seem to see my issue of
Request:java.net.ConnectException: Connection refused at step 2/20
https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html
Any suggestions would be greatly appreciated.
I used: ipa-server-install --no-ntp
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w
-client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u
-domain_name IPA -admin_user admin -admin_email root at localhost
-admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
-agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM
-ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory
Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca
-key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false' returned non-zero exit status 255
Configuration of CA failed
install log:
[root at test1-vm log]# cat ipaserver-install.log
2015-01-13T19:47:59Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:47:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2015-01-13T19:47:59Z DEBUG httpd is not configured
2015-01-13T19:47:59Z DEBUG kadmin is not configured
2015-01-13T19:47:59Z DEBUG dirsrv is not configured
2015-01-13T19:47:59Z DEBUG pki-cad is not configured
2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured
2015-01-13T19:47:59Z DEBUG pkids is not configured
2015-01-13T19:47:59Z DEBUG install is not configured
2015-01-13T19:47:59Z DEBUG krb5kdc is not configured
2015-01-13T19:47:59Z DEBUG ntpd is not configured
2015-01-13T19:47:59Z DEBUG named is not configured
2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured
2015-01-13T19:47:59Z DEBUG filestore is tracking no files
2015-01-13T19:47:59Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked
with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name':
None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False,
'subject': None, 'no_forwarders': False, 'persistent_search': True,
'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow':
False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended':
False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file':
None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False,
'forwarders': None, 'idstart': 1844800000, 'external_ca': False,
'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True,
'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug':
False, 'external_cert_file': None, 'uninstall': False}
2015-01-13T19:47:59Z DEBUG missing options might be asked for
interactively later
2015-01-13T19:47:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2015-01-13T19:47:59Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:8443 test1-vm.example.com (/etc/httpd/conf.d/nss.conf:84)
2015-01-13T19:47:59Z DEBUG stderr=Syntax OK
2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com is a primary
hostname for localhost
2015-01-13T19:48:02Z DEBUG Primary hostname for localhost: test1-vm.example.com
2015-01-13T19:48:02Z DEBUG Search DNS for test1-vm.example.com
2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com. is not a CNAME
2015-01-13T19:48:02Z DEBUG Check reverse address of 123.12.12.166
2015-01-13T19:48:02Z DEBUG Found reverse name: test1-vm.example.com
2015-01-13T19:48:02Z DEBUG will use host_name: test1-vm.example.com
2015-01-13T19:48:03Z DEBUG read domain_name: example.com
2015-01-13T19:48:03Z DEBUG args=/sbin/ip -family inet -oneline address show
2015-01-13T19:48:03Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo
2: eth0 inet 123.12.12.166/25 brd 123.12.12.255 scope global eth0
2015-01-13T19:48:03Z DEBUG stderr=
2015-01-13T19:48:03Z DEBUG read realm_name: EXAMPLE.COM
2015-01-13T19:48:11Z DEBUG will use dns_forwarders: ()
2015-01-13T19:48:14Z DEBUG importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
2015-01-13T19:48:14Z DEBUG args=klist -V
2015-01-13T19:48:14Z DEBUG stdout=Kerberos 5 version 1.10.3
2015-01-13T19:48:14Z DEBUG stderr=
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
2015-01-13T19:48:14Z DEBUG importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins'...
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/adtrust.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/baseupdate.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/dns.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py'
2015-01-13T19:48:14Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py'
2015-01-13T19:48:15Z DEBUG ds group dirsrv exists
2015-01-13T19:48:15Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:48:15Z DEBUG Configuring directory server for the CA
(pkids): Estimated time 30 seconds
2015-01-13T19:48:15Z DEBUG [1/3]: creating directory server user
2015-01-13T19:48:15Z DEBUG ds user pkisrv exists
2015-01-13T19:48:15Z DEBUG duration: 0 seconds
2015-01-13T19:48:15Z DEBUG [2/3]: creating directory server instance
2015-01-13T19:48:15Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:48:15Z DEBUG writing inf template
2015-01-13T19:48:15Z DEBUG
[General]
FullMachineName= test1-vm.example.com
SuiteSpotUserID= pkisrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib64/dirsrv
[slapd]
ServerPort= 7389
ServerIdentifier= PKI-IPA
Suffix= dc=example,dc=com
RootDN= cn=Directory Manager
ConfigFile = /usr/share/pki/ca/conf/database.ldif
2015-01-13T19:48:15Z DEBUG calling setup-ds.pl
2015-01-13T19:48:31Z DEBUG args=/usr/sbin/setup-ds.pl --silent
--logfile - -f /tmp/tmp33xewh
2015-01-13T19:48:31Z DEBUG stdout=[15/01/13:14:48:31] - [Setup] Info
Your new DS instance 'PKI-IPA' was successfully created.
Your new DS instance 'PKI-IPA' was successfully created.
[15/01/13:14:48:31] - [Setup] Success Exiting . . .
Log file is '-'
Exiting . . .
Log file is '-'
2015-01-13T19:48:31Z DEBUG stderr=
2015-01-13T19:48:31Z DEBUG completed creating ds instance
2015-01-13T19:48:31Z DEBUG duration: 15 seconds
2015-01-13T19:48:31Z DEBUG [3/3]: restarting directory server
2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv restart PKI-IPA
2015-01-13T19:48:34Z DEBUG stdout=Shutting down dirsrv:
PKI-IPA... [ OK ]
Starting dirsrv:
PKI-IPA... [ OK ]
2015-01-13T19:48:34Z DEBUG stderr=
2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv status PKI-IPA
2015-01-13T19:48:34Z DEBUG stdout=dirsrv PKI-IPA (pid 2126) is running...
2015-01-13T19:48:34Z DEBUG stderr=
2015-01-13T19:48:34Z DEBUG wait_for_open_ports: localhost [7389] timeout 300
2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv status PKI-IPA
2015-01-13T19:48:34Z DEBUG stdout=dirsrv PKI-IPA (pid 2126) is running...
2015-01-13T19:48:34Z DEBUG stderr=
2015-01-13T19:48:34Z DEBUG duration: 3 seconds
2015-01-13T19:48:34Z DEBUG Done configuring directory server for the CA (pkids).
2015-01-13T19:48:34Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:48:34Z DEBUG Configuring certificate server (pki-cad):
Estimated time 3 minutes 30 seconds
2015-01-13T19:48:34Z DEBUG [1/20]: creating certificate server user
2015-01-13T19:48:34Z DEBUG ca user pkiuser exists
2015-01-13T19:48:34Z DEBUG duration: 0 seconds
2015-01-13T19:48:34Z DEBUG [2/20]: configuring certificate server instance
2015-01-13T19:48:37Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent
ConfigureCA -cs_hostname test1-vm.example.com -cs_port 9445
-client_certdb_dir /tmp/tmp-WQ28_w -client_certdb_pwd XXXXXXXX
-preop_pin MvLsuha0GPxvJSnYoL5u -domain_name IPA -admin_user admin
-admin_email root at localhost -admin_XXXXXXXX XXXXXXXX -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host
test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false
2015-01-13T19:48:37Z DEBUG stdout=libpath=/usr/lib64
#######################################################################
CRYPTO INIT WITH CERTDB:/tmp/tmp-WQ28_w
tokenpwd:XXXXXXXX
#############################################
Attempting to connect to: test1-vm.example.com:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA
#######################################################################
2015-01-13T19:48:37Z DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:241)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
2015-01-13T19:48:37Z CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w
-client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u
-domain_name IPA -admin_user admin -admin_email root at localhost
-admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
-agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM
-ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory
Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca
-key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false' returned non-zero exit status 255
2015-01-13T19:48:37Z INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 614, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 942, in main
subject_base=options.subject)
File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
line 626, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
line 358, in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
line 888, in __configure_instance
raise RuntimeError('Configuration of CA failed')
2015-01-13T19:48:37Z INFO The ipa-server-install command failed,
exception: RuntimeError: Configuration of CA failed
[root at test1-vm log]#
More information about the Freeipa-users
mailing list