[Freeipa-users] replica install seems to hang forever when "--setup-ca" is enabled - any advice?

Martin Basti mbasti at redhat.com
Thu Mar 16 08:29:12 UTC 2017 


On 16.03.2017 01:34, Fraser Tweedale wrote:
> On Wed, Mar 15, 2017 at 06:32:42PM -0400, Chris Dagdigian wrote:
>> Any tips for diving into this a bit more to troubleshoot?
>>
>> For the 1st time I'm setting up an ipa-server 4.4 replica with CA features
>> enabled but the replica install seems to hang forever here:
>>
>> ...
>> ...
>> ...
>> Done configuring directory server (dirsrv).
>> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
>> seconds
>>   [1/27]: creating certificate server user
>>   [2/27]: configuring certificate server instance
>>   [3/27]: stopping certificate server instance to update CS.cfg
>>   [4/27]: backing up CS.cfg
>>   [5/27]: disabling nonces
>>   [6/27]: set up CRL publishing
>>   [7/27]: enable PKIX certificate path discovery and validation
>>   [8/27]: starting certificate server instance
>>
>> < no output after this >
>>
>>
>> The replica-install.log file ends here:
>>
>> ...
>> ...
>> ...
>> 2017-03-15T22:16:05Z DEBUG Starting external process
>> 2017-03-15T22:16:05Z DEBUG args=/bin/systemctl is-active
>> pki-tomcatd at pki-tomcat.service
>> 2017-03-15T22:16:05Z DEBUG Process finished, return code=0
>> 2017-03-15T22:16:05Z DEBUG stdout=active
>>
>> 2017-03-15T22:16:05Z DEBUG stderr=
>> 2017-03-15T22:16:05Z DEBUG wait_for_open_ports: localhost [8080, 8443]
>> timeout 300
>> 2017-03-15T22:16:06Z DEBUG Waiting until the CA is running
>> 2017-03-15T22:16:06Z DEBUG request POST
>> http://deawilidmp001.XXX.org:8080/ca/admin/ca/getStatus
>> 2017-03-15T22:16:06Z DEBUG request body ''
>>
>>
>>
>>
>> I've confirmed that SELINUX is disabled, there is no firewall and the AWS
>> Security Groups are allowing TCP:8080 and TCP:8443 to the replica instance.
>> The systemctl command also verifies that
>> pki-tomcatd at pki-tomcat.service is "active" as well.
>>
>>
>> Any tips for debugging further?
>>
> Could you please provide the /var/log/pki/pki-tomcat/ca/debug log
> file?
>
> Thanks,
> Fraser
>

Could it be this?
https://pagure.io/freeipa/issue/6766

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170316/3264dfc1/attachment.sig>

More information about the Freeipa-users mailing list