Anyone have any suggestions for how I can fix this? Dan
On Mon, Feb 27, 2012 at 21:06, Dan Scott <danieljamessc...@gmail.com> wrote: > Hi, > > I'm having another problem with replica installation - just the CA this time > > It looks like there's a problem with SELinux and the pki-ca service: > > After configuration, the server can be operated by the command: > > /bin/systemctl restart pki-cad@pki-ca.service > > > 2012-02-27 20:33:45,729 DEBUG stderr=[error] Failed setting selinux > context pki_ca_port_t for 9180. Port already defined otherwise. > [error] Failed setting selinux context pki_ca_port_t for 9701. Port > already defined otherwise. > [error] Failed setting selinux context pki_ca_port_t for 9443. Port > already defined otherwise. > [error] Failed setting selinux context pki_ca_port_t for 9444. Port > already defined otherwise. > [error] Failed setting selinux context pki_ca_port_t for 9446. Port > already defined otherwise. > [error] Failed setting selinux context pki_ca_port_t for 9445. Port > already defined otherwise. > [error] Failed setting selinux context pki_ca_port_t for 9447. Port > already defined otherwise. > [error] FAILED run_command("/bin/systemctl restart > pki-cad@pki-ca.service"), exit status=1 output="Job failed. See system > logs and 'systemctl status' for details." > > 2012-02-27 20:33:45,729 DEBUG duration: 6 seconds > 2012-02-27 20:33:45,730 DEBUG [3/11]: configuring certificate server > instance > [clip] > 2012-02-27 20:33:46,159 DEBUG stdout=libpath=/usr/lib64 > ####################################################################### > CRYPTO INIT WITH CERTDB:/tmp/tmp-cDdVph > tokenpwd:XXXXXXXX > ############################################# > Attempting to connect to: fileserver3.example.com:9445 > Exception in LoginPanel(): java.lang.NullPointerException > ERROR: ConfigureCA: LoginPanel() failure > ERROR: unable to create CA > > ####################################################################### > > 2012-02-27 20:33:46,159 DEBUG stderr=Exception: Unable to Send > Request:java.net.ConnectException: Connection refused > java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384) > at java.net.Socket.connect(Socket.java:546) > at java.net.Socket.connect(Socket.java:495) > at java.net.Socket.<init>(Socket.java:392) > at java.net.Socket.<init>(Socket.java:235) > at HTTPClient.sslConnect(HTTPClient.java:326) > at ConfigureCA.LoginPanel(ConfigureCA.java:244) > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) > at ConfigureCA.main(ConfigureCA.java:1672) > java.lang.NullPointerException > at ConfigureCA.LoginPanel(ConfigureCA.java:245) > at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157) > at ConfigureCA.main(ConfigureCA.java:1672) > > /var/log/messages contains the following: > > Feb 27 20:40:45 localhost kpasswd[2198]: Error receiving request (104) > Connection reset by peer > Feb 27 20:57:26 localhost pkicontrol[2778]: /usr/bin/runcon: invalid > context: system_u:system_r:pki_ca_script_t:s0: Invalid argument > Feb 27 20:57:26 localhost systemd[1]: pki-cad@pki-ca.service: control > process exited, code=exited status=1 > Feb 27 20:57:26 localhost systemd[1]: Unit pki-cad@pki-ca.service > entered failed state. > > This is a fresh install of Fedora 16. There are no updates to apply. > > Any ideas? > > One more thing. Is there a way to remove and reinstall just the CA? Or > do I have to completely remove and re-install the entire IPA replica? > i.e. Is there something like ipa-ca-install --uninstall I couldn't see > the option anywhere. > > Thanks, > > Dan _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users