Bret Wortman wrote:
Sorry, that wasn't clear at all, was it? The latest attempt was after I
ran the cleanup. No joy; it's still failing at the same point and tomcat
is definitely not running.

In order to diagnose why dogtag is failing to install we need to see the logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log. You can send them directly to me or Martin if you'd prefer.


On Thu, Oct 18, 2012 at 7:28 AM, Martin Kosek <
<>> wrote:

    On 10/18/2012 01:23 PM, Bret Wortman wrote:
     > Tomcat is definitely not running and there's no log in
    /var/log/pki-ca. SELinux
     > is disabled and not running. The same RPMs are installed on both
    my functioning
     > and nonfunctioning system, at least as far as "# rpm -qa | grep
    tomcat | sort"
     > revealed.
     > I also followed Martin's suggestion to clean out the CA
    configuration, but that
     > command seems to indicate that there wasn't any existing
     > [root@fs1 ~]# /usr/bin/pkiremove -pki_instance_root=/var/lib
     > -pki_instance_name=pki-ca --force
     > PKI instance Deletion Utility ...
     > PKI instance Deletion Utility cleaning up instance ...
     > No security domain defined.
     > If this is an unconfigured instance, then that is OK.
     > Otherwise, manually delete the entry from the security domain master.
     > Removing selinux contexts

    Actually, I think that the pkiremove utility removed the leftover
    CA. If the CA
    was not there, the output should look like that:

    # /usr/bin/pkiremove -pki_instance_root=/var/lib
    -pki_instance_name=pki-ca --force
    PKI instance Deletion Utility ...

    [error] /usr/bin/pkiremove:  Target directory /var/lib/pki-ca is not
    a legal

    Can you try running the server install again? So that we can see if
    the CA
    cleanup helped?


Bret Wortman
The Damascus Group
Fairfax, VA

Freeipa-users mailing list

Reply via email to