On 06/14/2013 03:37 PM, Josh wrote:
I'm trying to install freeipa on RHEL6.4 running version
ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the
"Configuration of CA failed".  I believe the problem is that the python
used to generate the perl command doesn't wrap any of the arguments in
quotes.

The command doesn't go through the shell so quoting is not necessary. I can see how the the log line is confusing, though; I filed https://fedorahosted.org/freeipa/ticket/3724.

   [1/20]: creating certificate server user
ipa         : DEBUG    ca user pkiuser exists
ipa         : DEBUG      duration: 0 seconds
ipa         : DEBUG      [2/20]: configuring certificate server instance
   [2/20]: configuring certificate server instance
ipa         : DEBUG    args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA
-cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir
/tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin
5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email
root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port
7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn
o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
SHA256withRSA
-save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false
ipa         : DEBUG    stdout=libpath=/usr/lib64
#######################################################################

#######################################################################

ipa         : DEBUG    stderr=sh: -c: line 0: syntax error near
unexpected token `)'
sh: -c: line 0: `java -cp
/usr/share/java/pki/pki-silent.jar:/usr/share/java/pki/pki-certsrv.jar:/usr/share/java/pki/pki-cmscore.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/pki/pki-tools.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/xerces-j2.jar:/usr/share/java/xml-commons-apis.jar:/usr/share/java/xml-commons-resolver.jar:/usr/lib/java/dirsec/jss4.jar:/usr/lib/java/jss4.jar:/usr/lib/java/dirsec/osutil.jar:/usr/lib/java/osutil.jar:
ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445
-client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX
-preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin
-admin_email root@localhost -admin_password XXXXXXXX -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host
jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false'

ipa         : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE
-client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name
IPA -admin_user admin -admin_email root@localhost -admin_password
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type
rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host
jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false' returned non-zero exit status 255
ipa         : INFO       File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 614, in run_script
     return_value = main_function()

   File "/usr/sbin/ipa-server-install", line 942, in main
     subject_base=options.subject)

   File
"/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line
617, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
line 358, in start_creation
     method()

   File
"/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line
879, in __configure_instance
     raise RuntimeError('Configuration of CA failed')

ipa         : INFO     The ipa-server-install command failed, exception:
RuntimeError: Configuration of CA failed
Configuration of CA failed

Any recommendations on how to proceed?

Thanks,
-josh

Adding Ade (a Dogtag developer) to CC, he might be able to help.

--
PetrĀ³

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to