> iulian roman via FreeIPA-users wrote:
> I suspect this is a red herring. The installer is
> likely failing
> elsewhere but pkispawn seems to charge on when errors are discovered so
> you need to find the first error reported.
>
It can be. Nevertheless, i have run pkispawn manually with the same parameters
(/usr/sbin/pkispawn -s CA -f /tmp/tmpM6kqkX), and it always fails after the
checking phase :
pkispawn : INFO ........... checking https://ipa.server.local:8443/ca
Installation failed:
<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server
Error</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b>
Exception Report</p><p><b>Message</b> Subsystem
unavailable</p><p><b>Description</b> The server encountered an unexpected
condition that prevented it from fulfilling the
request.</p><p><b>Exception</b></p><pre>javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
com.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:138)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:748)
</pre><p><b>Note</b> The full stack trace of the root cause is available in the
server logs.</p><hr class="line" /><h3>Apache Tomcat/8.5.39
(Ubuntu)</h3></body></html>
Unfortunately, the only error in the debug.log before Shutting down the
CMSEngine in
2020-12-14 17:47:46 [localhost-startStop-1] SEVERE: Unable to start CMS engine:
Property internaldb.ldapconn.port missing value
I tried to look for clues in all the logs , but i couldn't find anything
relevant, apart from the above mentioned error in /var/log/pki/pki-tomcat/ca
folder.
> That said I don't know how well/if the CA works in Ubuntu these days, or
> what version you're on (or what version of IPA). e.g. I don't know if
> the current maintainer of IPA in Ubuntu even has it working.
>
Ubuntu 18.04 , with freeipa-server 4.7.4 , dogtag 10.6.1 and tomcat 8.5
> rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
