Chuck Lever wrote:
Hi-

I'm new to FreeIPA.  I'm installing on an up-to-date Fedora 18 system from the 
freeipa packages available with Fedora 18.  When running ipa-server-install, 
the install process fails here:

Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 
seconds
   [1/20]: creating certificate server user
     ...
   [15/20]: requesting RA certificate from CA
Unexpected error - see /var/log/ipaserver-install.log for details:
IndexError: list index out of range

The tail of the installer log looks like this:

Generating key.  This may take a few moments...


2013-02-12T21:04:46Z INFO   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 617, 
in run_script
     return_value = main_function()

   File "/sbin/ipa-server-install", line 986, in main
     dm_password, subject_base=options.subject)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
line 621, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
358, in start_creation
     method()

   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
line 1219, in __request_ra_certificate
     self.requestId = item_node[0].childNodes[0].data

2013-02-12T21:04:46Z INFO The ipa-server-install command failed, exception: 
IndexError: list index out of range


Is there a workaround or fix available?  I haven't found any relevant 
information via a web search, and a few searches on bugzilla.redhat.com have 
come up empty.


We've seen just one other report of this and unfortunately the VM was removed before we could do a lot of diagnosis. What we saw was that certutil output garbage when requesting the RA admin certificate. Can you look in /var/log/ipaserver-install.log for the last certutil command? Does stdout contain a lot of garbage characters in it? It should consist of a base64-encoded CSR.

If so, what version of nss and nss-tools do you have installed?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to