On 04/28/2014 01:52 PM, Bret Wortman wrote:
I'm trying to stand up a new ipa server on a clean box, and I keep
getting this error so _something_ is amiss but I'm not sure what:

:
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30 seconds
     [1/22]: creating certificate server user
     [2/22]: configuring certificate server instance
ipa        : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
Configuration of CA failed
#

In the /var/log/ipaserver-install.log, I see this:

:
:
Installing CA into /var/lib/pki/pki-tomcat.

Installation failed.


2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR ........ PKI
subsystem 'CA' for instance 'pki-tomcat' already exists!

2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 1
2014-04-28T11:43:46Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 622, in run_script
     return_value = main_function()

   File "/usr/sbin/ipa-server-install", line 1074, in main
     dm_password, subject_base=options.subject)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
478, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py",
line 364, in start_creation
     method()

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
604, in __spawn_instance
     raise RUntimeError('Configuration of CA failed')
:
:

So it looks like somehow this has gotten configured already. Possibly
Puppet copied over something it shouldn't have. What do I need to remove
to make this step work without removing so much that I render something
inoperable?


According to the error you're getting, there is a CA instance already installed.
After uninstalling IPA, destroy it with:
    pkidestroy -s CA -i pki-tomcat



--
PetrĀ³

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to