Chuck Lever wrote:
On Feb 12, 2013, at 4:24 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
Chuck Lever wrote:
Hi-
I'm new to FreeIPA. I'm installing on an up-to-date Fedora 18 system from the
freeipa packages available with Fedora 18. When running ipa-server-install,
the install process fails here:
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/20]: creating certificate server user
...
[15/20]: requesting RA certificate from CA
Unexpected error - see /var/log/ipaserver-install.log for details:
IndexError: list index out of range
The tail of the installer log looks like this:
Generating key. This may take a few moments...
2013-02-12T21:04:46Z INFO File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 617,
in run_script
return_value = main_function()
File "/sbin/ipa-server-install", line 986, in main
dm_password, subject_base=options.subject)
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 621, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
358, in start_creation
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 1219, in __request_ra_certificate
self.requestId = item_node[0].childNodes[0].data
2013-02-12T21:04:46Z INFO The ipa-server-install command failed, exception:
IndexError: list index out of range
Is there a workaround or fix available? I haven't found any relevant
information via a web search, and a few searches on bugzilla.redhat.com have
come up empty.
We've seen just one other report of this and unfortunately the VM was removed
before we could do a lot of diagnosis. What we saw was that certutil output
garbage when requesting the RA admin certificate. Can you look in
/var/log/ipaserver-install.log for the last certutil command? Does stdout
contain a lot of garbage characters in it? It should consist of a
base64-encoded CSR.
2013-02-12T21:04:29Z DEBUG [15/20]: requesting RA certificate from CA
2013-02-12T21:04:29Z DEBUG Starting external process
2013-02-12T21:04:29Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f
XXXXXXXX -R -k
rsa -g 2048 -s CN=IPA RA,O=1015GRANGER.NET -z /tmp/tmptIYFZ5 -a
2013-02-12T21:04:33Z DEBUG Process finished, return code=0
2013-02-12T21:04:33Z DEBUG
stdout=^X^\<FB>^<^@^@^@^X^\<FB>^<^@^@^@^P-<85>^B^@^@^@^@^P-
<85>^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@@^G
<C1>8^?^@^@<C1>^E^@^@^@^@^@^@<98>^W<FB>^<^@^@^@<98>^W<FB>^<^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@<F6><F5><D7><F7>Ƣ<87><C7><CA>^U<CE>^^<F0>6ĸ^L^R|<C0><D6><D3>=^^W^D^N
<A1>^\=<9F><FE>^@^@^@^@^@^@^@^@q^E^@^@^@^@^@^@<98>^W<FB>^<^@^@^@^P<U+0084>^B^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<B0>^Y<85>^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<F0>^A<C2>_<^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<F0>+<C1>_<^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^A
^@^@^@^@^@^@^@^@^@^@^@^@^@^@<B0>^@^@^@^@^@^@^@<C1>^D^@^@^@^@^@^@<98>^W<FB>^<^@^@^@<F0>*
<85>^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<80><BD><84>^B^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@^@^@P^@^@^@^@^@^@^@^P^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^!
@^@^@^@^@`
^B^@^@^@^@^@^@^P^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
2013-02-12T21:04:33Z DEBUG stderr=
If so, what version of nss and nss-tools do you have installed?
[root@forain ~]# yum info nss nss-tools
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name : nss
Arch : x86_64
Version : 3.14.2
Release : 2.fc18
Size : 2.5 M
Repo : installed
From repo : updates
Summary : Network Security Services
URL : http://www.mozilla.org/projects/security/pki/nss/
License : MPLv2.0
Description : Network Security Services (NSS) is a set of libraries designed to
: support cross-platform development of security-enabled client and
: server applications. Applications built with NSS can support SSL
v2
: and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
: v3 certificates, and other security standards.
Name : nss-tools
Arch : x86_64
Version : 3.14.2
Release : 2.fc18
Size : 1.7 M
Repo : installed
From repo : updates
Summary : Tools for the Network Security Services
URL : http://www.mozilla.org/projects/security/pki/nss/
License : MPLv2.0
Description : Network Security Services (NSS) is a set of libraries designed to
: support cross-platform development of security-enabled client and
: server applications. Applications built with NSS can support SSL
v2
: and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
: v3 certificates, and other security standards.
:
: Install the nss-tools package if you need command-line tools to
: manipulate the NSS certificate and key database.
Available Packages
Name : nss
Arch : i686
Version : 3.14.2
Release : 2.fc18
Size : 833 k
Repo : updates/18/x86_64
Summary : Network Security Services
URL : http://www.mozilla.org/projects/security/pki/nss/
License : MPLv2.0
Description : Network Security Services (NSS) is a set of libraries designed to
: support cross-platform development of security-enabled client and
: server applications. Applications built with NSS can support SSL
v2
: and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
: v3 certificates, and other security standards.
[root@forain ~]#
Hope this helps.
--
Chuck Lever
chucklever[at]gmail[dot]com
Ok, easily reproduced with this version of nss. I filed
https://bugzilla.redhat.com/show_bug.cgi?id=910584
For a workaround you might try to yum downgrade nss. You may need to
downgrade several other subpackages as well like nss-tools and
nss-sysinit depending on your install.
I think you can safely upgrade again once the install is complete.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users