<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Not to be thick, but what's the best way to check the DS instance
    for a pki entry?<br>
    <br>
    <div class="moz-cite-prefix">On 04/28/2014 07:57 AM, Dmitri Pal
      wrote:<br>
    </div>
    <blockquote cite="mid:535E4213.8090307@redhat.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">On 04/28/2014 07:52 AM, Bret Wortman
        wrote:<br>
      </div>
      <blockquote cite="mid:535E4104.1040509@damascusgrp.com"
        type="cite">
        <meta http-equiv="content-type" content="text/html;
          charset=ISO-8859-1">
        I'm trying to stand up a new ipa server on a clean box, and I
        keep getting this error so _something_ is amiss but I'm not sure
        what:<br>
        <br>
        <tt>:</tt><tt><br>
        </tt><tt>Configuring certificate server (pki-tomcatd): Estimated
          time 3 minutes 30 seconds</tt><tt><br>
        </tt><tt>    [1/22]: creating certificate server user</tt><tt><br>
        </tt><tt>    [2/22]: configuring certificate server instance</tt><tt><br>
        </tt><tt>ipa        : CRITICAL failed to configure ca instance
          Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned
          non-zero exit status 1</tt><tt><br>
        </tt><tt>Configuration of CA failed</tt><tt><br>
        </tt><tt>#</tt><br>
        <br>
        In the /var/log/ipaserver-install.log, I see this:<br>
        <br>
        <tt>:</tt><tt><br>
        </tt><tt>:</tt><tt><br>
        </tt><tt>Installing CA into /var/lib/pki/pki-tomcat.</tt><tt><br>
        </tt><tt><br>
        </tt><tt>Installation failed.</tt><tt><br>
        </tt><tt><br>
        </tt><tt><br>
        </tt><tt>2014-04-28T11:43:46Z DEBUG stderr=pkispawn     :
          ERROR    ........ PKI subsystem 'CA' for instance 'pki-tomcat'
          already exists!</tt><tt><br>
        </tt><tt><br>
        </tt><tt>2014-04-28T11:432:46Z CRITICAL failed to configure ca
          instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20'
          returned non-zero exit status 1</tt><tt><br>
        </tt><tt>2014-04-28T11:43:46Z DEBUG   File
          "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
          line 622, in run_script</tt><tt><br>
        </tt><tt>    return_value = main_function()</tt><tt><br>
        </tt><tt><br>
        </tt><tt>  File "/usr/sbin/ipa-server-install", line 1074, in
          main</tt><tt><br>
        </tt><tt>    dm_password, subject_base=options.subject)</tt><tt><br>
        </tt><tt><br>
        </tt><tt>  File
          "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
          line 478, in configure_instance</tt><tt><br>
        </tt><tt>    self.start_creation(runtime=210)</tt><tt><br>
        </tt><tt><br>
        </tt><tt>  File
          "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
          line 364, in start_creation</tt><tt><br>
        </tt><tt>    method()</tt><tt><br>
        </tt><tt><br>
        </tt><tt>  File
          "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
          line 604, in __spawn_instance</tt><tt><br>
        </tt><tt>    raise RUntimeError('Configuration of CA failed')</tt><tt><br>
        </tt><tt>:</tt><tt><br>
        </tt><tt>:</tt><tt><br>
        </tt><br>
        So it looks like somehow this has gotten configured already.
        Possibly Puppet copied over something it shouldn't have. What do
        I need to remove to make this step work without removing so much
        that I render something inoperable?<br>
        <br>
        <br>
      </blockquote>
      Run uninstall several times. Each time uninstall might clean next
      portion and untangle things so trying to do it several times pays
      off.<br>
      Then check if there is a DS instance for PKI. If there is remove
      it and try again.<br>
      <br>
      <blockquote cite="mid:535E4104.1040509@damascusgrp.com"
        type="cite">
        <div class="moz-signature">-- <br>
          <div><b>Bret Wortman</b></div>
          <div><img src="cid:part1.04090200.02070908@damascusgrp.com"
              height="53/" width="200"><br>
          </div>
          <div><a moz-do-not-send="true" href="http://damascusgrp.com/">http://damascusgrp.com/</a><br>
          </div>
          <div><a moz-do-not-send="true"
              href="http://about.me/wortmanbret">http://about.me/wortmanbret</a><br>
            <br>
          </div>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
      </blockquote>
      <br>
      <br>
      <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>