[Freeipa-users] ipa-server-install fails at last leg?

Martin Kosek mkosek at redhat.com
Wed Oct 14 06:56:16 UTC 2015 

On 10/13/2015 12:23 PM, lejeczek wrote:
> dear all,
> 
> my first try at ipa server, I get this when install fails:

Hi lejeczek,

Can you please start with specifying your IPA version?

http://www.freeipa.org/page/Troubleshooting#Reporting_bugs

>   [15/16]: restarting httpd
>   [error] CalledProcessError: Command ''/bin/systemctl' 'restart'
> 'httpd.service'' returned non-zero exit status 1
> Unexpected error - see /var/log/ipaserver-install.log for details:
> CalledProcessError: Command ''/bin/systemctl' 'restart' 'httpd.service''
> returned non-zero exit status 1
> 
> then I can see that httpd fails to restart for:
> 
> Starting The Apache HTTP Server...
> (98)Address already in use: AH00072: make_sock: could not bind to address
> [::]:8443
> (98)Address already in use: AH00072: make_sock: could not bind to address
> 0.0.0.0:8443
> no listening sockets available, shutting down
> 
> and port is bound by:
> 
> UID        PID  PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
> pkiuser   5330     1  1 2128224 494604 5 11:00 ?       00:00:16 java
> -agentpath:/usr/lib64/libabrt-java-connector.so=abrt=on
> -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath
> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
> -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
> -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
> -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> -Djava.security.manager
> -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
> org.apache.catalina.startup.Bootstrap start
> 
> and this is as you can see, the process, the result of the ipa-server-install
> itself.
> Any suggestions as what is the problem there?

It is expected that Dogtag takes over port 8443. What FreeIPA does is
re-configure installed mod_nss (nss.conf) originally listening on 8443 to
occupy port 443  instead.

So this failure likely means that something else is bound to port 8443, whether
it is other Apache module or other program.

I would start with
# netstat -putna run before the installation to see what's it.

Upstream wise, there should be a check since
https://fedorahosted.org/freeipa/ticket/4564

More information about the Freeipa-users mailing list