Hi all, I'm having an issue creating a new replica with CA. The Directory Service installation works fine but adding the CA clone fails with a java.lang.NumberFormatException when getting the serial number range.
This is the error logged in /var/log/pki/pki-tomcat/ca/debug: ###### ... [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: retrieving ou=ca, ou=requests,o=ipaca [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: updating nextRange from 80000001 to 90000001 [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: adding new range object: cn=80000001,ou=requests, ou=ranges,o=ipaca [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: getNextRange Next range has been added: 80000001 - 90000000 [20/Jun/2020:15:09:55][localhost-startStop-1]: Releasing ldap connection [20/Jun/2020:15:09:55][localhost-startStop-1]: returnConn: mNumConns now 3 [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: next range: 80000001 [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: Next min serial number: 80000001 [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: Setting next min requests number: 80000001 [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: Setting next max requests number: 90000000 [20/Jun/2020:15:09:55][localhost-startStop-1]: Checking for a range conflict [20/Jun/2020:15:09:55][localhost-startStop-1]: In LdapBoundConnFactory::getConn() [20/Jun/2020:15:09:55][localhost-startStop-1]: masterConn is connected: true [20/Jun/2020:15:09:55][localhost-startStop-1]: getConn: conn is connected true [20/Jun/2020:15:09:55][localhost-startStop-1]: getConn: mNumConns now 2 [20/Jun/2020:15:09:55][localhost-startStop-1]: Releasing ldap connection [20/Jun/2020:15:09:55][localhost-startStop-1]: returnConn: mNumConns now 3 [20/Jun/2020:15:09:55][localhost-startStop-1]: CMSEngine: checking certificate serial number ranges [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: Serial numbers left in range: 65536 [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: Last serial number: 2415656960 [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: Serial numbers available: 65536 [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: Low water mark: 33554432 [20/Jun/2020:15:09:55][localhost-startStop-1]: Repository: Requesting next range [20/Jun/2020:15:09:55][localhost-startStop-1]: In LdapBoundConnFactory::getConn() [20/Jun/2020:15:09:55][localhost-startStop-1]: masterConn is connected: true [20/Jun/2020:15:09:55][localhost-startStop-1]: getConn: conn is connected true [20/Jun/2020:15:09:55][localhost-startStop-1]: getConn: mNumConns now 2 [20/Jun/2020:15:09:55][localhost-startStop-1]: DBSubsystem: retrieving ou=certificateRepository, ou=ca,o=ipaca java.lang.NumberFormatException: For input string: "e0000001" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.math.BigInteger.<init>(BigInteger.java:470) at java.math.BigInteger.<init>(BigInteger.java:606) at com.netscape.cmscore.dbs.DBSubsystem.getNextRange(DBSubsystem.java:417) at com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:546) at com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1268) at com.netscape.certsrv.apps.CMS.startup(CMS.java:204) at com.netscape.certsrv.apps.CMS.start(CMS.java:1459) at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117) at javax.servlet.GenericServlet.init(GenericServlet.java:158) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) ... ###### This is logged in /var/log/pki/pki-ca-spawn.20200620150752.log: ###### ... 2020-06-20 15:09:47 pkispawn : INFO ....... executing 'systemctl stop pki-tomcatd@pki-tomcat.service' 2020-06-20 15:09:48 pkispawn : INFO ....... removing temp SSL server cert from internal token: Server-Cert cert-pki-ca 2020-06-20 15:09:48 pki.nssdb : DEBUG Command: certutil -D -d /var/lib/pki/pki-tomcat/alias -f /tmp/tmptjRzW6/password.txt -n Server-Cert cert-pki-ca 2020-06-20 15:09:48 pkispawn : INFO ....... importing permanent SSL server cert into internal token: Server-Cert cert-pki-ca 2020-06-20 15:09:48 pki.nssdb : DEBUG Command: certutil -A -d /var/lib/pki/pki-tomcat/alias -f /tmp/tmplJLOg8/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpeCzA_b/sslserver.crt -t ,, 2020-06-20 15:09:48 pkispawn : INFO ....... executing 'systemctl daemon-reload' 2020-06-20 15:09:48 pkispawn : INFO ....... executing 'systemctl start pki-tomcatd@pki-tomcat.service' 2020-06-20 15:09:48 pkispawn : INFO ........... FIPS mode is NOT enabled on this operating system. 2020-06-20 15:09:48 pkispawn : DEBUG ........... No connection - server may still be down 2020-06-20 15:09:48 pkispawn : DEBUG ........... No connection - exception thrown: ('Connection aborted.', error(111, 'Connection refused')) 2020-06-20 15:09:49 pkispawn : DEBUG ........... No connection - server may still be down 2020-06-20 15:09:49 pkispawn : DEBUG ........... No connection - exception thrown: ('Connection aborted.', error(111, 'Connection refused')) 2020-06-20 15:09:56 pkispawn : DEBUG ........... No connection - server may still be down 2020-06-20 15:09:56 pkispawn : DEBUG ........... No connection - exception thrown: 500 Server Error: Internal Server Error 2020-06-20 15:09:57 pkispawn : DEBUG ........... No connection - server may still be down 2020-06-20 15:09:57 pkispawn : DEBUG ........... No connection - exception thrown: 500 Server Error: Internal Server Error 2020-06-20 15:09:58 pkispawn : DEBUG ........... No connection - server may still be down ... repeats every second 2020-06-20 15:10:47 pkispawn : DEBUG ........... No connection - exception thrown: 500 Server Error: Internal Server Error 2020-06-20 15:10:48 pkispawn : DEBUG ........... No connection - server may still be down 2020-06-20 15:10:48 pkispawn : DEBUG ........... No connection - exception thrown: 500 Server Error: Internal Server Error 2020-06-20 15:10:49 pkispawn : ERROR ... server failed to restart 2020-06-20 15:10:49 pkispawn : DEBUG ....... Error Type: RuntimeError 2020-06-20 15:10:49 pkispawn : DEBUG ....... Error Message: server failed to restart 2020-06-20 15:10:49 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 534, in main scriptlet.spawn(deployer) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 1304, in spawn raise RuntimeError("server failed to restart") ###### And here is the failure in /var/log/ipareplica-ca-install.log: ###### ... --------------- Import complete --------------- Imported certificates into /etc/pki/pki-tomcat/alias: Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Third-party RSA CA C,, caSigningCert cert-pki-ca CTu,Cu,Cu subsystemCert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,Pu Third-party Root CA C,, ocspSigningCert cert-pki-ca u,u,u Installation failed: server failed to restart 2020-06-20T15:10:50Z DEBUG stderr=pkispawn : ERROR ... server failed to restart 2020-06-20T15:10:50Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpcQ1jxM' returned non-zero exit status 1 2020-06-20T15:10:50Z CRITICAL See the installation logs and the following files/directories for more information: 2020-06-20T15:10:50Z CRITICAL /var/log/pki/pki-tomcat 2020-06-20T15:10:50Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 675, in __spawn_instance pki_pin) File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 167, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 408, in handle_setup_error raise RuntimeError("%s configuration failed." % self.subsystem) RuntimeError: CA configuration failed. 2020-06-20T15:10:50Z DEBUG [error] RuntimeError: CA configuration failed. ... ###### Has anyone run into this? Is this a known bug/issue? Current environment of all replicas: - CentOS 7.8 - FreeIPA 4.6.6 Any help/guidance on fixing this would be really appreciated. Thanks so much, Guillermo _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org