[Freeipa-users] ipa-server-install fails at last leg?

lejeczek peljasz at yahoo.co.uk
Wed Oct 14 14:14:30 UTC 2015 

On 14/10/15 07:56, Martin Kosek wrote:
> On 10/13/2015 12:23 PM, lejeczek wrote:
>> dear all,
>>
>> my first try at ipa server, I get this when install fails:
> Hi lejeczek,
>
> Can you please start with specifying your IPA version?
>
> http://www.freeipa.org/page/Troubleshooting#Reporting_bugs
it's: ipa-server-4.1.0-18.sl7_1.4.x86_64
and I did file a report before asking the list, also 
attached a log there.
I'm now trying a plain vanilla virtual system and it 
succeeded there.
Where to start troubleshooting it, it seems like that java 
process hangs on while installer tries to restart httpd.
>
>>    [15/16]: restarting httpd
>>    [error] CalledProcessError: Command ''/bin/systemctl' 'restart'
>> 'httpd.service'' returned non-zero exit status 1
>> Unexpected error - see /var/log/ipaserver-install.log for details:
>> CalledProcessError: Command ''/bin/systemctl' 'restart' 'httpd.service''
>> returned non-zero exit status 1
>>
>> then I can see that httpd fails to restart for:
>>
>> Starting The Apache HTTP Server...
>> (98)Address already in use: AH00072: make_sock: could not bind to address
>> [::]:8443
>> (98)Address already in use: AH00072: make_sock: could not bind to address
>> 0.0.0.0:8443
>> no listening sockets available, shutting down
>>
>> and port is bound by:
>>
>> UID        PID  PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
>> pkiuser   5330     1  1 2128224 494604 5 11:00 ?       00:00:16 java
>> -agentpath:/usr/lib64/libabrt-java-connector.so=abrt=on
>> -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath
>> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
>> -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
>> -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
>> -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>> -Djava.security.manager
>> -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
>> org.apache.catalina.startup.Bootstrap start
>>
>> and this is as you can see, the process, the result of the ipa-server-install
>> itself.
>> Any suggestions as what is the problem there?
> It is expected that Dogtag takes over port 8443. What FreeIPA does is
> re-configure installed mod_nss (nss.conf) originally listening on 8443 to
> occupy port 443  instead.
>
> So this failure likely means that something else is bound to port 8443, whether
> it is other Apache module or other program.
>
> I would start with
> # netstat -putna run before the installation to see what's it.
>
> Upstream wise, there should be a check since
> https://fedorahosted.org/freeipa/ticket/4564
>

More information about the Freeipa-users mailing list