John Tor via FreeIPA-users wrote: > Hi, > > I had tried many times to install free-ipa-replica, but I always have the > same error at this step: > > DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins > DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f > /tmp/tmpxotjk756/password.txt -n Server-Cert cert-pki-ca -a > DEBUG: stdout: -1 > DEBUG: NSSDatabase: stderr: > certutil: Could not find cert: Server-Cert cert-pki-ca > : PR_FILE_NOT_FOUND_ERROR: File not found > > DEBUG: Cert not found: Server-Cert cert-pki-ca
^^ is fine and not causing any issues. > INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf > INFO: Updating serverCertNickFile in server.xml > INFO: Joining security domain at https://master.example.com:443 > ERROR: KeyError: 'CA' For ^^ we'd need to see the full /var/log/ipareplicata-install.log to try to determine what is going on. rob > File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 594, > in main > deployer.spawn() > File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", > line 5986, in spawn > scriptlet.spawn(self) > File > "/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py", > line 76, in spawn > deployer.setup_security_domain(subsystem) > File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", > line 2854, in setup_security_domain > self.join_security_domain() > File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", > line 2795, in join_security_domain > sd_subsystem = self.domain_info.subsystems['CA'] > > > Failed to configure CA instance > See the installation logs and the following files/directories for more > information: > /var/log/pki/pki-tomcat > Traceback (most recent call last): > File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line > 688, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line > 674, in run_step > method() > File "/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py", > line 685, in __spawn_instance > DogtagInstance.spawn_instance( > File > "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line > 227, in spawn_instance > self.handle_setup_error(e) > File > "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line > 643, in handle_setup_error > raise RuntimeError( > RuntimeError: CA configuration failed. > > [error] RuntimeError: CA configuration failed. > [error] RuntimeError: CA configuration failed. > Removing /root/.dogtag/pki-tomcat/ca > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > File "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 219, > in execute > return_value = self.run() > File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line 343, > in run > return cfgr.run() > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 360, in run > return self.execute() > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 386, in execute > for rval in self._executor(): > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 435, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 468, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise > raise value > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 425, in __runner > step() > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 419, in step_next > return next(self.__gen) > File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise > raise value > File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 663, in _configure > next(executor) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 435, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 468, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 526, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise > raise value > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 523, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise > raise value > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 425, in __runner > step() > File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line > 419, in step_next > return next(self.__gen) > File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise > raise value > File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.9/site-packages/ipapython/install/common.py", line > 65, in _install > for unused in self._installer(self.parent): > File > "/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py", line > 687, in main > replica_install(self) > File > "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", > line 387, in decorated > func(installer) > File > "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", > line 1446, in install > ca.install(False, config, options, custodia=custodia) > File "/usr/lib/python3.9/site-packages/ipaserver/install/ca.py", line 546, > in install > install_step_0(standalone, replica_config, options, custodia=custodia) > File "/usr/lib/python3.9/site-packages/ipaserver/install/ca.py", line 621, > in install_step_0 > ca.configure_instance( > File "/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py", > line 522, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line > 688, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line > 674, in run_step > method() > File "/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py", > line 685, in __spawn_instance > DogtagInstance.spawn_instance( > File > "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line > 227, in spawn_instance > self.handle_setup_error(e) > File > "/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py", line > 643, in handle_setup_error > raise RuntimeError( > > The ipa-replica-install command failed, exception: RuntimeError: CA > configuration failed. > CA configuration failed. > The ipa-replica-install command failed. See /var/log/ipareplica-install.log > for more information > > I am stuck in a loop, I tried with new server but It didn't work. I am using > AlmaLinux 9.6 fully updated and the command I used was: > > ipa-replica-install --setup-dns --forwarder 1.1.1.1 --setup-ca --verbose > > The command ipa-client-install worked perfect. > > certutil -L -d sql:/var/lib/pki/pki-tomcat/conf/alias > > Certificate Nickname Trust Attributes > > SSL,S/MIME,JAR/XPI > > caSigningCert cert-pki-ca CTu,Cu,Cu > ocspSigningCert cert-pki-ca u,u,u > auditSigningCert cert-pki-ca u,u,u > subsystemCert cert-pki-ca u,u,u > > > > I don't know what else to do :/ > > Regards > -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
