[Freeipa-users] Unable to Install IPA
Martin Kosek
mkosek at redhat.com
Tue Mar 3 12:06:15 UTC 2015
On 02/28/2015 07:18 AM, Rob Crittenden wrote:
> Hadoop Solutions wrote:
>> Hi Rob,
>>
>> please find the attached log of /var/log/ipaserver-install.log
>>
>> kindly let me know the solution for this..
>
> Can you see if you have any SElinux failures?
>
> # ausearch -m AVC -ts recent
>
> I see some SELinux errors in the log. Not sure if this is it or not but
> for some reason the dogtag SELinux policy doesn't always install
> correctly. The fix seems to be to re-install the pki-selinux package.
>
> You'll also need to run pkiremove manually after running
> ipa-server-install --uninstall. It doesn't always record the fact that a
> service install is attempted and fails.
>
> # pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force
>
> rob
With regards to PKI and SELinux, I can only recall that pki-selinux package
required the most up to date selinux-policy package, otherwise it printed
SELinux related error during installation.
Your bug also reminds me of
https://fedorahosted.org/pki/ticket/1282
which was caused by HTTPD not having some of the modules (AJP proxy module)
enabled. Can you please check /var/log/httpd/error_log if there are any related
interesting error messages?
Thanks,
Martin
More information about the Freeipa-users
mailing list