<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>I thought that might be it and didn't see anything but will look again. </div><div><br><br><div>Bret Wortman</div><div><a href="http://bretwortman.com/">http://bretwortman.com/</a></div><div><a href="http://twitter.com/BretWortman">http://twitter.com/BretWortman</a></div></div><div><br>On Apr 28, 2014, at 8:20 AM, Dmitri Pal <<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  
    <div class="moz-cite-prefix">On 04/28/2014 08:06 AM, Bret Wortman
      wrote:<br>
    </div>
    <blockquote cite="mid:535E443D.5000607@damascusgrp.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
      Not to be thick, but what's the best way to check the DS instance
      for a pki entry?<br>
    </blockquote>
    <br>
    I do not remember the exact path and I do not have an instance
    handy. Something like /var/lib/dirsrv/PKI, do not want to mislead
    you.<br>
    <br>
    <br>
    <blockquote cite="mid:535E443D.5000607@damascusgrp.com" type="cite">
      <br>
      <div class="moz-cite-prefix">On 04/28/2014 07:57 AM, Dmitri Pal
        wrote:<br>
      </div>
      <blockquote cite="mid:535E4213.8090307@redhat.com" type="cite">
        <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
        <div class="moz-cite-prefix">On 04/28/2014 07:52 AM, Bret
          Wortman wrote:<br>
        </div>
        <blockquote cite="mid:535E4104.1040509@damascusgrp.com" type="cite">
          <meta http-equiv="content-type" content="text/html;
            charset=ISO-8859-1">
          I'm trying to stand up a new ipa server on a clean box, and I
          keep getting this error so _something_ is amiss but I'm not
          sure what:<br>
          <br>
          <tt>:</tt><tt><br>
          </tt><tt>Configuring certificate server (pki-tomcatd):
            Estimated time 3 minutes 30 seconds</tt><tt><br>
          </tt><tt>    [1/22]: creating certificate server user</tt><tt><br>
          </tt><tt>    [2/22]: configuring certificate server instance</tt><tt><br>
          </tt><tt>ipa        : CRITICAL failed to configure ca instance
            Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20'
            returned non-zero exit status 1</tt><tt><br>
          </tt><tt>Configuration of CA failed</tt><tt><br>
          </tt><tt>#</tt><br>
          <br>
          In the /var/log/ipaserver-install.log, I see this:<br>
          <br>
          <tt>:</tt><tt><br>
          </tt><tt>:</tt><tt><br>
          </tt><tt>Installing CA into /var/lib/pki/pki-tomcat.</tt><tt><br>
          </tt><tt><br>
          </tt><tt>Installation failed.</tt><tt><br>
          </tt><tt><br>
          </tt><tt><br>
          </tt><tt>2014-04-28T11:43:46Z DEBUG stderr=pkispawn     :
            ERROR    ........ PKI subsystem 'CA' for instance
            'pki-tomcat' already exists!</tt><tt><br>
          </tt><tt><br>
          </tt><tt>2014-04-28T11:432:46Z CRITICAL failed to configure ca
            instance Command '/usr/sbin/pkispawn -s CA -f
            /tmp/tmpX8RW20' returned non-zero exit status 1</tt><tt><br>
          </tt><tt>2014-04-28T11:43:46Z DEBUG   File
            "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
            line 622, in run_script</tt><tt><br>
          </tt><tt>    return_value = main_function()</tt><tt><br>
          </tt><tt><br>
          </tt><tt>  File "/usr/sbin/ipa-server-install", line 1074, in
            main</tt><tt><br>
          </tt><tt>    dm_password, subject_base=options.subject)</tt><tt><br>
          </tt><tt><br>
          </tt><tt>  File
            "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
            line 478, in configure_instance</tt><tt><br>
          </tt><tt>    self.start_creation(runtime=210)</tt><tt><br>
          </tt><tt><br>
          </tt><tt>  File
            "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
            line 364, in start_creation</tt><tt><br>
          </tt><tt>    method()</tt><tt><br>
          </tt><tt><br>
          </tt><tt>  File
            "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
            line 604, in __spawn_instance</tt><tt><br>
          </tt><tt>    raise RUntimeError('Configuration of CA failed')</tt><tt><br>
          </tt><tt>:</tt><tt><br>
          </tt><tt>:</tt><tt><br>
          </tt><br>
          So it looks like somehow this has gotten configured already.
          Possibly Puppet copied over something it shouldn't have. What
          do I need to remove to make this step work without removing so
          much that I render something inoperable?<br>
          <br>
          <br>
        </blockquote>
        Run uninstall several times. Each time uninstall might clean
        next portion and untangle things so trying to do it several
        times pays off.<br>
        Then check if there is a DS instance for PKI. If there is remove
        it and try again.<br>
        <br>
        <blockquote cite="mid:535E4104.1040509@damascusgrp.com" type="cite">
          <div class="moz-signature">-- <br>
            <div><b>Bret Wortman</b></div>
            <div><mime-attachment.png><br>
            </div>
            <div><a moz-do-not-send="true" href="http://damascusgrp.com/">http://damascusgrp.com/</a><br>
            </div>
            <div><a moz-do-not-send="true" href="http://about.me/wortmanbret">http://about.me/wortmanbret</a><br>
              <br>
            </div>
          </div>
          <br>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <br>
          <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
        </blockquote>
        <br>
        <br>
        <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
  

</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Freeipa-users mailing list</span><br><span><a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a></span><br><span><a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></span></div></blockquote></body></html>