[Freeipa-users] Setup of freeipa 4.1.3 failed

Markus Roth markus at die5roths.de
Tue Mar 31 17:54:20 UTC 2015 

Hi all,

I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:

configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/38]: creating directory server user
  [2/38]: creating directory server instance
  [3/38]: adding default schema
  [4/38]: enabling memberof plugin
  [5/38]: enabling winsync plugin
  [6/38]: configuring replication version plugin
  [7/38]: enabling IPA enrollment plugin
  [8/38]: enabling ldapi
  [9/38]: configuring uniqueness plugin
  [10/38]: configuring uuid plugin
  [11/38]: configuring modrdn plugin
  [12/38]: configuring DNS plugin
  [13/38]: enabling entryUSN plugin
  [14/38]: configuring lockout plugin
  [15/38]: creating indices
  [16/38]: enabling referential integrity plugin
  [17/38]: configuring certmap.conf
  [18/38]: configure autobind for root
  [19/38]: configure new location for managed entries
  [20/38]: configure dirsrv ccache
  [21/38]: enable SASL mapping fallback
  [22/38]: restarting directory server
  [23/38]: adding default layout
  [24/38]: adding delegation layout
  [25/38]: creating container for managed entries
  [26/38]: configuring user private groups
  [27/38]: configuring netgroups from hostgroups
  [28/38]: creating default Sudo bind user
  [29/38]: creating default Auto Member layout
  [30/38]: adding range check plugin
  [31/38]: creating default HBAC rule allow_all
  [32/38]: initializing group membership
  [33/38]: adding master entry
  [34/38]: configuring Posix uid/gid generation
  [35/38]: adding replication acis
  [36/38]: enabling compatibility plugin
  [37/38]: tuning directory server
  [38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 
seconds
  [1/27]: creating certificate server user
  [2/27]: configuring certificate server instance
  [3/27]: stopping certificate server instance to update CS.cfg
  [4/27]: backing up CS.cfg
  [5/27]: disabling nonces
  [6/27]: set up CRL publishing
  [7/27]: enable PKIX certificate path discovery and validation
  [8/27]: starting certificate server instance
  [error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s

The ipa server install log shows this:

2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
382, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
372, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
line 526, in __start
    self.start()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
279, in start
    self.service.start(instance_name, capture_output=capture_output, 
wait=wait)
  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 
229, in start
    self.wait_until_running()
  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 
223, in wait_until_running
    raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s

2015-03-31T17:39:36Z DEBUG   [error] RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG   File "/usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py", line 642, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1183, in main
    ca_signing_algorithm=options.ca_signing_algorithm)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
line 520, in configure_instance
    self.start_creation(runtime=210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
382, in start_creation
    run_step(full_msg, method)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
372, in run_step
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
line 526, in __start
    self.start()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
279, in start
    self.service.start(instance_name, capture_output=capture_output, 
wait=wait)

  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 
229, in start
    self.wait_until_running()

  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 
223, in wait_until_running
    raise RuntimeError('CA did not start in %ss' % timeout)

2015-03-31T17:39:36Z DEBUG The ipa-server-install command failed, exception: 
RuntimeError: CA did not start in 300.0s

I uninstalled the ipa server completely several times and installed it again. 
But it always stops at the same step with the setup.

Can anybody help?

Markus.

More information about the Freeipa-users mailing list