2010-09-15 17:35:49,784 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:35:49,785 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:35:49,785 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2010-09-15 17:36:04,448 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... 2010-09-15 17:36:04,449 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' 2010-09-15 17:36:04,456 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' 2010-09-15 17:36:04,465 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' 2010-09-15 17:36:04,465 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' 2010-09-15 17:36:04,477 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' 2010-09-15 17:36:04,481 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' 2010-09-15 17:36:04,491 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' 2010-09-15 17:36:04,495 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbac.py' 2010-09-15 17:36:04,505 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' 2010-09-15 17:36:04,507 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' 2010-09-15 17:36:04,509 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' 2010-09-15 17:36:04,514 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' 2010-09-15 17:36:04,517 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' 2010-09-15 17:36:04,517 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' 2010-09-15 17:36:04,519 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' 2010-09-15 17:36:04,521 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' 2010-09-15 17:36:04,522 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' 2010-09-15 17:36:04,525 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' 2010-09-15 17:36:04,526 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' 2010-09-15 17:36:04,531 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/rolegroup.py' 2010-09-15 17:36:04,533 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' 2010-09-15 17:36:04,533 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/taskgroup.py' 2010-09-15 17:36:04,536 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' 2010-09-15 17:36:04,541 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' 2010-09-15 17:36:04,541 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' 2010-09-15 17:36:04,541 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/plugins'... 2010-09-15 17:36:04,542 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py' 2010-09-15 17:36:04,568 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/join.py' 2010-09-15 17:36:04,571 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py' 2010-09-15 17:36:04,571 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/ldapapi.py' 2010-09-15 17:36:04,572 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/rabase.py' 2010-09-15 17:36:04,573 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/selfsign.py' 2010-09-15 17:36:04,573 INFO skipping plugin module ipaserver.plugins.selfsign: selfsign is not selected as RA plugin, it is dogtag 2010-09-15 17:36:04,573 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/xmlserver.py' 2010-09-15 17:36:04,619 INFO Mounting ipaserver.rpcserver.jsonserver() at 'json' 2010-09-15 17:36:04,626 INFO Mounting ipaserver.rpcserver.xmlserver() at 'xml' 2010-09-15 17:36:04,975 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:04,975 DEBUG Configuring directory server for the CA: 2010-09-15 17:36:04,975 DEBUG [1/4]: creating directory server user 2010-09-15 17:36:04,976 DEBUG adding ds user dirsrv 2010-09-15 17:36:05,173 INFO args=/usr/sbin/useradd -c DS System User -d /var/lib/dirsrv -M -r -s /sbin/nologin dirsrv 2010-09-15 17:36:05,174 INFO stdout= 2010-09-15 17:36:05,174 INFO stderr= 2010-09-15 17:36:05,174 DEBUG done adding user 2010-09-15 17:36:05,175 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:05,176 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:05,177 DEBUG [2/4]: creating directory server instance 2010-09-15 17:36:05,302 INFO args=/sbin/service dirsrv status 2010-09-15 17:36:05,304 INFO stdout= 2010-09-15 17:36:05,304 INFO stderr=/bin/ls: cannot access /etc/dirsrv/slapd-*: No such file or directory 2010-09-15 17:36:05,304 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:05,305 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:05,308 DEBUG writing inf template 2010-09-15 17:36:05,311 DEBUG [General] FullMachineName= loznica.lhs-systems.com SuiteSpotUserID= dirsrv ServerRoot= /usr/lib/dirsrv [slapd] ServerPort= 7389 ServerIdentifier= PKI-IPA Suffix= dc=lhs-systems,dc=com RootDN= cn=Directory Manager 2010-09-15 17:36:05,311 DEBUG calling setup-ds.pl 2010-09-15 17:36:15,811 INFO args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpkeNa6c 2010-09-15 17:36:15,812 INFO stdout=[10/09/15:17:36:15] - [Setup] Info Your new DS instance 'PKI-IPA' was successfully created. Your new DS instance 'PKI-IPA' was successfully created. [10/09/15:17:36:15] - [Setup] Success Exiting . . . Log file is '-' Exiting . . . Log file is '-' 2010-09-15 17:36:15,812 INFO stderr= 2010-09-15 17:36:15,813 DEBUG completed creating ds instance 2010-09-15 17:36:15,814 DEBUG [3/4]: configuring directory to start on boot 2010-09-15 17:36:15,843 INFO args=/sbin/chkconfig --list dirsrv 2010-09-15 17:36:15,845 INFO stdout=dirsrv 0:off 1:off 2:off 3:off 4:off 5:off 6:off 2010-09-15 17:36:15,845 INFO stderr= 2010-09-15 17:36:15,846 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:15,876 INFO args=/sbin/chkconfig dirsrv on 2010-09-15 17:36:15,877 INFO stdout= 2010-09-15 17:36:15,877 INFO stderr= 2010-09-15 17:36:15,877 DEBUG [4/4]: restarting directory server 2010-09-15 17:36:19,420 INFO args=/sbin/service dirsrv restart PKI-IPA 2010-09-15 17:36:19,421 INFO stdout=Shutting down dirsrv: PKI-IPA...[ OK ] Starting dirsrv: PKI-IPA...[ OK ] 2010-09-15 17:36:19,422 INFO stderr= 2010-09-15 17:36:19,569 INFO args=/sbin/service dirsrv status 2010-09-15 17:36:19,570 INFO stdout=dirsrv PKI-IPA (pid 31889) is running... 2010-09-15 17:36:19,571 INFO stderr= 2010-09-15 17:36:19,571 DEBUG done configuring pkids. 2010-09-15 17:36:19,572 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:19,574 DEBUG Configuring certificate server: 2010-09-15 17:36:19,575 DEBUG [1/14]: creating certificate server user 2010-09-15 17:36:19,575 DEBUG adding ca user pkiuser 2010-09-15 17:36:19,764 INFO args=/usr/sbin/useradd -c CA System User -d /var/lib -M -r -s /sbin/nologin pkiuser 2010-09-15 17:36:19,765 INFO stdout= 2010-09-15 17:36:19,765 INFO stderr= 2010-09-15 17:36:19,765 DEBUG done adding user 2010-09-15 17:36:19,766 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:19,767 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:36:19,769 DEBUG [2/14]: creating pki-ca instance 2010-09-15 17:37:26,758 INFO args=/usr/bin/pkicreate -pki_instance_root /var/lib -pki_instance_name pki-ca -subsystem_type ca -agent_secure_port 9443 -ee_secure_port 9444 -admin_secure_port 9445 -ee_secure_client_auth_port 9446 -unsecure_port 9180 -tomcat_server_port 9701 -redirect conf=/etc/pki-ca -redirect logs=/var/log/pki-ca 2010-09-15 17:37:26,762 INFO stdout=PKI instance creation Utility ... PKI instance creation completed ... Stopping pki-ca: process already stopped ============================================================ Starting pki-ca: [ OK ] pki-ca (pid 303) is running ... 'pki-ca' must still be CONFIGURED! (see /var/log/pki-ca-install.log) Before proceeding with the configuration, make sure the firewall settings of this machine permit proper access to this subsystem. Please start the configuration by accessing: https://loznica.lhs-systems.com:9445/ca/admin/console/config/login?pin=eTvJduILXN6kCgkX46ih After configuration, the server can be operated by the command: /sbin/service pki-cad restart pki-ca 2010-09-15 17:37:26,762 INFO stderr= 2010-09-15 17:37:26,765 DEBUG [3/14]: configuring certificate server instance 2010-09-15 17:37:26,789 DEBUG restarting ca instance 2010-09-15 17:38:14,324 INFO args=/sbin/service pki-cad restart 2010-09-15 17:38:14,326 INFO stdout=Stopping pki-ca: ...............................[ OK ] ============================================================ Starting pki-ca: [ OK ] pki-ca (pid 1625) is running ... 'pki-ca' must still be CONFIGURED! (see /var/log/pki-ca-install.log) 2010-09-15 17:38:14,326 INFO stderr=Sep 15, 2010 5:37:30 PM org.apache.catalina.startup.Catalina stopServer SEVERE: Catalina.stop: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:310) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:176) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:163) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) at java.net.Socket.connect(Socket.java:546) at java.net.Socket.connect(Socket.java:495) at java.net.Socket.(Socket.java:392) at java.net.Socket.(Socket.java:206) at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:395) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:344) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:435) 2010-09-15 17:38:14,327 DEBUG done restarting ca instance 2010-09-15 17:38:14,336 DEBUG ['/usr/bin/perl', '/usr/bin/pkisilent', 'ConfigureCA', '-cs_hostname', 'loznica.lhs-systems.com', '-cs_port', '9445', '-client_certdb_dir', '/tmp/tmp-0ANqdU', '-client_certdb_pwd', 'B5c51xR3', '-preop_pin', 'eTvJduILXN6kCgkX46ih', '-domain_name', 'IPA', '-admin_user', 'admin', '-admin_email', 'root@localhost', '-admin_password', 'B5c51xR3', '-agent_name', 'ipa-ca-agent', '-agent_key_size', '2048', '-agent_key_type', 'rsa', '-agent_cert_subject', '"CN=ipa-ca-agent,O=IPA"', '-ldap_host', 'loznica.lhs-systems.com', '-ldap_port', '7389', '-bind_dn', '"cn=Directory Manager"', '-bind_password', 'B5c51xR3', '-base_dn', 'o=ipaca', '-db_name', 'ipaca', '-key_size', '2048', '-key_type', 'rsa', '-save_p12', 'true', '-backup_pwd', 'B5c51xR3', '-subsystem_name', 'pki-cad', '-token_name', 'internal', '-ca_subsystem_cert_subject_name', '"CN=CA Subsystem,O=IPA"', '-ca_ocsp_cert_subject_name', '"CN=OCSP Subsystem,O=IPA"', '-ca_server_cert_subject_name', '"CN=loznica.lhs-systems.com,O=IPA"', '-ca_audit_signing_cert_subject_name', '"CN=CA Audit,O=IPA"', '-ca_sign_cert_subject_name', '"CN=Certificate Authority,O=IPA"', '-external', 'false', '-clone', 'false'] 2010-09-15 17:38:14,945 INFO args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname loznica.lhs-systems.com -cs_port 9445 -client_certdb_dir /tmp/tmp-0ANqdU -client_certdb_pwd XXXXXXXX -preop_pin eTvJduILXN6kCgkX46ih -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IPA" -ldap_host loznica.lhs-systems.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" -ca_server_cert_subject_name "CN=loznica.lhs-systems.com,O=IPA" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IPA" -external false -clone false 2010-09-15 17:38:14,946 INFO stdout=libpath=/usr/lib ####################################################################### Required parameter -key_algorithm is not specified. Use -help for help information ####################################################################### 2010-09-15 17:38:14,946 INFO stderr= 2010-09-15 17:38:14,947 CRITICAL failed to restart ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname loznica.lhs-systems.com -cs_port 9445 -client_certdb_dir /tmp/tmp-0ANqdU -client_certdb_pwd XXXXXXXX -preop_pin eTvJduILXN6kCgkX46ih -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IPA" -ldap_host loznica.lhs-systems.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" -ca_server_cert_subject_name "CN=loznica.lhs-systems.com,O=IPA" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IPA" -external false -clone false' returned non-zero exit status 255 2010-09-15 17:38:14,947 DEBUG restarting ca instance 2010-09-15 17:39:02,076 INFO args=/sbin/service pki-cad restart 2010-09-15 17:39:02,081 INFO stdout=Stopping pki-ca: ...............................[ OK ] ============================================================ Starting pki-ca: [ OK ] pki-ca (pid 2916) is running ... 'pki-ca' must still be CONFIGURED! (see /var/log/pki-ca-install.log) 2010-09-15 17:39:02,082 INFO stderr=Sep 15, 2010 5:38:18 PM org.apache.catalina.startup.Catalina stopServer SEVERE: Catalina.stop: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:310) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:176) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:163) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) at java.net.Socket.connect(Socket.java:546) at java.net.Socket.connect(Socket.java:495) at java.net.Socket.(Socket.java:392) at java.net.Socket.(Socket.java:206) at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:395) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:344) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:435) 2010-09-15 17:39:02,082 DEBUG done restarting ca instance 2010-09-15 17:39:02,083 DEBUG [4/14]: creating CA agent PKCS#12 file in /root 2010-09-15 17:39:02,189 INFO args=/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d /tmp/tmp-0ANqdU -k /tmp/tmplUonD_ -w /tmp/tmplUonD_ 2010-09-15 17:39:02,191 INFO stdout= 2010-09-15 17:39:02,191 INFO stderr=pk12util: find user certs from nickname failed: security library: bad database. 2010-09-15 17:39:02,200 DEBUG Command '/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d /tmp/tmp-0ANqdU -k /tmp/tmplUonD_ -w /tmp/tmplUonD_' returned non-zero exit status 24 File "/usr/sbin/ipa-server-install", line 849, in sys.exit(main()) File "/usr/sbin/ipa-server-install", line 705, in main ca.configure_instance("pkiuser", host_name, dm_password, dm_password, subject_base=options.subject) File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 455, in configure_instance self.start_creation("Configuring certificate server:") File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 240, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 833, in __create_ca_agent_pkcs12 "-w", pwd_name]) File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 138, in run raise CalledProcessError(p.returncode, ' '.join(args))