On 04/28/2014 07:52 AM, Bret Wortman wrote:
I'm trying to stand up a new ipa server on a clean box, and I keep getting this error so _something_ is amiss but I'm not sure what:

:
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
    [1/22]: creating certificate server user
    [2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
Configuration of CA failed
#

In the /var/log/ipaserver-install.log, I see this:

:
:
Installing CA into /var/lib/pki/pki-tomcat.

Installation failed.


2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR ........ PKI subsystem 'CA' for instance 'pki-tomcat' already exists!

2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1 2014-04-28T11:43:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1074, in main
    dm_password, subject_base=options.subject)

File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 478, in configure_instance
    self.start_creation(runtime=210)

File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", line 364, in start_creation
    method()

File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 604, in __spawn_instance
    raise RUntimeError('Configuration of CA failed')
:
:

So it looks like somehow this has gotten configured already. Possibly Puppet copied over something it shouldn't have. What do I need to remove to make this step work without removing so much that I render something inoperable?


Run uninstall several times. Each time uninstall might clean next portion and untangle things so trying to do it several times pays off. Then check if there is a DS instance for PKI. If there is remove it and try again.

--
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to