Re: [Freeipa-users] CA replica installation failure

Wed, 29 Feb 2012 13:05:31 -0800 

Thats a pretty strange error.  The ports there are supposed to be
reserved for pki_ca_port_t.

Can you do the following for each of the ports?
semanage port -l |grep 9443  

Its probably best to completely remove the replica. You could try use
dogtag specific commands to uninstall and install the ca - but then the
rest of the ipa install scripts would be confused.

Ade

On Wed, 2012-02-29 at 13:44 -0500, Dan Scott wrote:
> Anyone have any suggestions for how I can fix this?
> 
> Dan
> 
> On Mon, Feb 27, 2012 at 21:06, Dan Scott <danieljamessc...@gmail.com> wrote:
> > Hi,
> >
> > I'm having another problem with replica installation - just the CA this time
> >
> > It looks like there's a problem with SELinux and the pki-ca service:
> >
> > After configuration, the server can be operated by the command:
> >
> >    /bin/systemctl restart pki-cad@pki-ca.service
> >
> >
> > 2012-02-27 20:33:45,729 DEBUG stderr=[error] Failed setting selinux
> > context pki_ca_port_t for 9180.  Port already defined otherwise.
> > [error] Failed setting selinux context pki_ca_port_t for 9701.  Port
> > already defined otherwise.
> > [error] Failed setting selinux context pki_ca_port_t for 9443.  Port
> > already defined otherwise.
> > [error] Failed setting selinux context pki_ca_port_t for 9444.  Port
> > already defined otherwise.
> > [error] Failed setting selinux context pki_ca_port_t for 9446.  Port
> > already defined otherwise.
> > [error] Failed setting selinux context pki_ca_port_t for 9445.  Port
> > already defined otherwise.
> > [error] Failed setting selinux context pki_ca_port_t for 9447.  Port
> > already defined otherwise.
> > [error] FAILED run_command("/bin/systemctl restart
> > pki-cad@pki-ca.service"), exit status=1 output="Job failed. See system
> > logs and 'systemctl status' for details."
> >
> > 2012-02-27 20:33:45,729 DEBUG   duration: 6 seconds
> > 2012-02-27 20:33:45,730 DEBUG   [3/11]: configuring certificate server 
> > instance
> > [clip]
> > 2012-02-27 20:33:46,159 DEBUG stdout=libpath=/usr/lib64
> > #######################################################################
> > CRYPTO INIT WITH CERTDB:/tmp/tmp-cDdVph
> > tokenpwd:XXXXXXXX
> > #############################################
> > Attempting to connect to: fileserver3.example.com:9445
> > Exception in LoginPanel(): java.lang.NullPointerException
> > ERROR: ConfigureCA: LoginPanel() failure
> > ERROR: unable to create CA
> >
> > #######################################################################
> >
> > 2012-02-27 20:33:46,159 DEBUG stderr=Exception: Unable to Send
> > Request:java.net.ConnectException: Connection refused
> > java.net.ConnectException: Connection refused
> >        at java.net.PlainSocketImpl.socketConnect(Native Method)
> >        at 
> > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327)
> >        at 
> > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193)
> >        at 
> > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180)
> >        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384)
> >        at java.net.Socket.connect(Socket.java:546)
> >        at java.net.Socket.connect(Socket.java:495)
> >        at java.net.Socket.<init>(Socket.java:392)
> >        at java.net.Socket.<init>(Socket.java:235)
> >        at HTTPClient.sslConnect(HTTPClient.java:326)
> >        at ConfigureCA.LoginPanel(ConfigureCA.java:244)
> >        at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
> >        at ConfigureCA.main(ConfigureCA.java:1672)
> > java.lang.NullPointerException
> >        at ConfigureCA.LoginPanel(ConfigureCA.java:245)
> >        at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
> >        at ConfigureCA.main(ConfigureCA.java:1672)
> >
> > /var/log/messages contains the following:
> >
> > Feb 27 20:40:45 localhost kpasswd[2198]: Error receiving request (104)
> > Connection reset by peer
> > Feb 27 20:57:26 localhost pkicontrol[2778]: /usr/bin/runcon: invalid
> > context: system_u:system_r:pki_ca_script_t:s0: Invalid argument
> > Feb 27 20:57:26 localhost systemd[1]: pki-cad@pki-ca.service: control
> > process exited, code=exited status=1
> > Feb 27 20:57:26 localhost systemd[1]: Unit pki-cad@pki-ca.service
> > entered failed state.
> >
> > This is a fresh install of Fedora 16. There are no updates to apply.
> >
> > Any ideas?
> >
> > One more thing. Is there a way to remove and reinstall just the CA? Or
> > do I have to completely remove and re-install the entire IPA replica?
> > i.e. Is there something like ipa-ca-install --uninstall I couldn't see
> > the option anywhere.
> >
> > Thanks,
> >
> > Dan
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to