<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 12/16/2013 06:46 PM, Galen Brownsmith wrote:
<blockquote
cite="mid:CAADHiiHuAJ558gtaLLFXJRsAaqshzuyvHy_d2Vxv3_8fb-hyQg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>My install fails on the invocation of pkispawn with a
Socket Error in the pki-ca-spawn log ; anyone have any
ideas? (It isn't the issue with special characters in the
DM's password, as my Directory Manager and IPA Admin
passwords may be 32 characters long, but only contain
[A-Za-z0-9_] )<br>
</div>
<div><br>
Configuration and Error Messages follow.<br>
<br>
Target System: Fedora19 64bit LXC Container running on top
of a Fedora19 64bit host. Kernel 3.11.10, Q9550 Intel
CPU.<br>
</div>
Attempting to install freeipa server 3.3.3 . SEllinux has
been set to 'disabled' on the host and container. <br>
</div>
<div><br>
</div>
<div>/etc/hosts:<br>
# IP FQDN Alias(es)<br>
127.0.0.1 localhost.localdomain localhost
localhost4<br>
192.168.253.94 <a moz-do-not-send="true"
href="http://woeg.marphod.net">woeg.marphod.net</a>
woeg <br>
<br>
# Peers<br>
192.168.253.99 <a moz-do-not-send="true"
href="http://skete.marphod.net">skete.marphod.net</a>
skete <a moz-do-not-send="true"
href="http://wiki.marphod.net">wiki.marphod.net</a> wiki <a
moz-do-not-send="true" href="http://www.marphod.net">www.marphod.net</a>
www<br>
</div>
<div>[... several more machines]<br>
<br>
</div>
<div>/etc/resolv.conf<br>
</div>
<div>; generated by /usr/sbin/dhclient-script<br>
search <a moz-do-not-send="true" href="http://marphod.net">marphod.net</a><br>
nameserver 192.168.253.1<br>
<br>
</div>
<div>/etc/sysconfig/network:<br>
NETWORKING=yes<br>
HOSTNAME=<a moz-do-not-send="true"
href="http://woeg.marphod.net">woeg.marphod.net</a><br>
<br>
</div>
<div>
<div>No software firewall on the Container:<br>
</div>
<div># iptables -L<br>
</div>
<div>Chain INPUT (policy ACCEPT)<br>
target prot opt source
destination <br>
<br>
Chain FORWARD (policy ACCEPT)<br>
target prot opt source
destination <br>
<br>
Chain OUTPUT (policy ACCEPT)<br>
target prot opt source destination <br>
</div>
<br>
<br>
</div>
<div>Not using NetworkManager. The machine has a virtual nic,
and is connected to the bridge on the host, and can interact
with the outside world.<br>
</div>
<div><br>
</div>
<div>Installation commands:<br>
# ipa-server-install --uninstall -U<br>
# pkidestroy -s CA -i pki-tomcat<br>
# ipa-server-install -N -d --no-host-dns<br>
<br>
</div>
<div>I select the defaults during the interactive install.<br>
</div>
<div><br>
</div>
During installation, everything seems to run fine up to the
invocation of pkispawn. I then get the errors:<br>
<text><br>
Installing CA into /var/lib/pki/pki-tomcat.<br>
</div>
<div>Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.<br>
Installation failed.<br>
<br>
ipa : DEBUG stderr=Job for
<a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a> failed. See 'systemctl status
<a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a>' and 'journalctl -xn' for
details.<br>
pkispawn : ERROR ....... server failed to restart<br>
<br>
ipa : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpwNB5bU' returned non-zero
exit status 1<br>
ipa : DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 622, in run_script<br>
return_value = main_function()<br>
<br>
File "/usr/sbin/ipa-server-install", line 1074, in main<br>
dm_password, subject_base=options.subject)<br>
<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 478, in configure_instance<br>
self.start_creation(runtime=210)<br>
<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 364, in start_creation<br>
method()<br>
<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 604, in __spawn_instance<br>
raise RuntimeError('Configuration of CA failed')<br>
<br>
ipa : DEBUG The ipa-server-install command failed,
exception: RuntimeError: Configuration of CA failed<br>
Configuration of CA failed<br>
</div>
<div></text><br>
<br>
</div>
<div>the relevant errors from
/var/log/pki/pki-ca-spawn.timestamp.log: (the ... skipping...
is from the file)<br>
</div>
<div><text><br>
</div>
<div>...skipping...<br>
y still be down<br>
2013-12-16 18:12:23 pkispawn : DEBUG ........... No
connection - exception thrown: Cannot connect to proxy. Socket
error: [Errno 111] Connection refused.<br>
2013-12-16 18:12:24 pkispawn : DEBUG ........... No
connection - server may still be down<br>
2013-12-16 18:12:24 pkispawn : DEBUG ........... No
connection - exception thrown: Cannot connect to proxy. Socket
error: [Errno 111] Connection refused.<br>
2013-12-16 18:12:25 pkispawn : DEBUG ........... No
connection - server may still be down<br>
</div>
<div>...<br>
(error repeated 12 more times)<br>
...<br>
2013-12-16 18:12:39 pkispawn : ERROR ....... server
failed to restart<br>
2013-12-16 18:12:39 pkispawn : DEBUG ....... Error Type:
SystemExit<br>
2013-12-16 18:12:39 pkispawn : DEBUG ....... Error
Message: 1<br>
2013-12-16 18:12:39 pkispawn : DEBUG ....... File
"/usr/sbin/pkispawn", line 374, in main<br>
rv = instance.spawn()<br>
File
"/usr/lib/python2.7/site-packages/pki/deployment/configuration.py",
line 102, in spawn<br>
sys.exit(1)<br>
</div>
<div></text><br>
<br>
</div>
</div>
</blockquote>
<br>
You are trying it in a container. I do not know whether this makes a
difference.<br>
It might be due to the fact that underlying directory server has not
started.<br>
Please look at the pki instance DS logs to determine whether the DS
instance was installed and configured correctly.<br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Troubleshooting#Server_Installation">http://www.freeipa.org/page/Troubleshooting#Server_Installation</a><br>
Please publish these logs here.<br>
<br>
<br>
<blockquote
cite="mid:CAADHiiHuAJ558gtaLLFXJRsAaqshzuyvHy_d2Vxv3_8fb-hyQg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
<br>
</div>
<div>
<div>
<div>
<div>
<br>
<br clear="all">
<div>----------------------------------------------------------------------<br>
That's the news from the Mystic River, where all the
alliums are strong, all the degu are good looking, and
all the stuffed animals are above average.<br>
"May the ducks of your life quack ever harmoniously" -
A. Yelton<br>
<a moz-do-not-send="true"
href="mailto:galens@capaccess.org" target="_blank">galens@capaccess.org</a>
<a moz-do-not-send="true"
href="mailto:galens@marphod.net" target="_blank">galens@marphod.net</a>
<a moz-do-not-send="true"
href="mailto:marphod@gmail.com" target="_blank">marphod@gmail.com</a>
& others</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>