Not to be thick, but what's the best way to check the DS instance for a pki entry?

On 04/28/2014 07:57 AM, Dmitri Pal wrote:
On 04/28/2014 07:52 AM, Bret Wortman wrote:
I'm trying to stand up a new ipa server on a clean box, and I keep getting this error so _something_ is amiss but I'm not sure what:

Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
    [1/22]: creating certificate server user
    [2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
Configuration of CA failed

In the /var/log/ipaserver-install.log, I see this:

Installing CA into /var/lib/pki/pki-tomcat.

Installation failed.

2014-04-28T11:43:46Z DEBUG stderr=pkispawn : ERROR ........ PKI subsystem 'CA' for instance 'pki-tomcat' already exists!

2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1 2014-04-28T11:43:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/", line 622, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1074, in main
    dm_password, subject_base=options.subject)

File "/usr/lib/python2.7/site-packages/ipaserver/install/", line 478, in configure_instance

File "/usr/lib/python2.7/site-packages/ipaserver/isntall/", line 364, in start_creation

File "/usr/lib/python2.7/site-packages/ipaserver/install/", line 604, in __spawn_instance
    raise RUntimeError('Configuration of CA failed')

So it looks like somehow this has gotten configured already. Possibly Puppet copied over something it shouldn't have. What do I need to remove to make this step work without removing so much that I render something inoperable?

Run uninstall several times. Each time uninstall might clean next portion and untangle things so trying to do it several times pays off. Then check if there is a DS instance for PKI. If there is remove it and try again.

*Bret Wortman*

Freeipa-users mailing list

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Freeipa-users mailing list

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to