<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/28/2014 08:06 AM, Bret Wortman
wrote:<br>
</div>
<blockquote cite="mid:535E443D.5000607@damascusgrp.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Not to be thick, but what's the best way to check the DS instance
for a pki entry?<br>
</blockquote>
<br>
I do not remember the exact path and I do not have an instance
handy. Something like /var/lib/dirsrv/PKI, do not want to mislead
you.<br>
<br>
<br>
<blockquote cite="mid:535E443D.5000607@damascusgrp.com" type="cite">
<br>
<div class="moz-cite-prefix">On 04/28/2014 07:57 AM, Dmitri Pal
wrote:<br>
</div>
<blockquote cite="mid:535E4213.8090307@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 04/28/2014 07:52 AM, Bret
Wortman wrote:<br>
</div>
<blockquote cite="mid:535E4104.1040509@damascusgrp.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
I'm trying to stand up a new ipa server on a clean box, and I
keep getting this error so _something_ is amiss but I'm not
sure what:<br>
<br>
<tt>:</tt><tt><br>
</tt><tt>Configuring certificate server (pki-tomcatd):
Estimated time 3 minutes 30 seconds</tt><tt><br>
</tt><tt> [1/22]: creating certificate server user</tt><tt><br>
</tt><tt> [2/22]: configuring certificate server instance</tt><tt><br>
</tt><tt>ipa : CRITICAL failed to configure ca instance
Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20'
returned non-zero exit status 1</tt><tt><br>
</tt><tt>Configuration of CA failed</tt><tt><br>
</tt><tt>#</tt><br>
<br>
In the /var/log/ipaserver-install.log, I see this:<br>
<br>
<tt>:</tt><tt><br>
</tt><tt>:</tt><tt><br>
</tt><tt>Installing CA into /var/lib/pki/pki-tomcat.</tt><tt><br>
</tt><tt><br>
</tt><tt>Installation failed.</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
</tt><tt>2014-04-28T11:43:46Z DEBUG stderr=pkispawn :
ERROR ........ PKI subsystem 'CA' for instance
'pki-tomcat' already exists!</tt><tt><br>
</tt><tt><br>
</tt><tt>2014-04-28T11:432:46Z CRITICAL failed to configure ca
instance Command '/usr/sbin/pkispawn -s CA -f
/tmp/tmpX8RW20' returned non-zero exit status 1</tt><tt><br>
</tt><tt>2014-04-28T11:43:46Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 622, in run_script</tt><tt><br>
</tt><tt> return_value = main_function()</tt><tt><br>
</tt><tt><br>
</tt><tt> File "/usr/sbin/ipa-server-install", line 1074, in
main</tt><tt><br>
</tt><tt> dm_password, subject_base=options.subject)</tt><tt><br>
</tt><tt><br>
</tt><tt> File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 478, in configure_instance</tt><tt><br>
</tt><tt> self.start_creation(runtime=210)</tt><tt><br>
</tt><tt><br>
</tt><tt> File
"/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
line 364, in start_creation</tt><tt><br>
</tt><tt> method()</tt><tt><br>
</tt><tt><br>
</tt><tt> File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 604, in __spawn_instance</tt><tt><br>
</tt><tt> raise RUntimeError('Configuration of CA failed')</tt><tt><br>
</tt><tt>:</tt><tt><br>
</tt><tt>:</tt><tt><br>
</tt><br>
So it looks like somehow this has gotten configured already.
Possibly Puppet copied over something it shouldn't have. What
do I need to remove to make this step work without removing so
much that I render something inoperable?<br>
<br>
<br>
</blockquote>
Run uninstall several times. Each time uninstall might clean
next portion and untangle things so trying to do it several
times pays off.<br>
Then check if there is a DS instance for PKI. If there is remove
it and try again.<br>
<br>
<blockquote cite="mid:535E4104.1040509@damascusgrp.com"
type="cite">
<div class="moz-signature">-- <br>
<div><b>Bret Wortman</b></div>
<div><img src="cid:part1.07060808.03090505@redhat.com"
height="53/" width="200"><br>
</div>
<div><a moz-do-not-send="true"
href="http://damascusgrp.com/">http://damascusgrp.com/</a><br>
</div>
<div><a moz-do-not-send="true"
href="http://about.me/wortmanbret">http://about.me/wortmanbret</a><br>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>