I thought that might be it and didn't see anything but will look again. 

Bret Wortman
http://bretwortman.com/
http://twitter.com/BretWortman

> On Apr 28, 2014, at 8:20 AM, Dmitri Pal <d...@redhat.com> wrote:
> 
>> On 04/28/2014 08:06 AM, Bret Wortman wrote:
>> Not to be thick, but what's the best way to check the DS instance       for 
>> a pki entry?
> 
> I do not remember the exact path and I do not have an instance handy. 
> Something like /var/lib/dirsrv/PKI, do not want to mislead you.
> 
> 
>> 
>>> On 04/28/2014 07:57 AM, Dmitri Pal wrote:
>>>> On 04/28/2014 07:52 AM, Bret Wortman wrote:
>>>> I'm trying to stand up a new ipa server on a clean box, and I keep getting 
>>>> this error so _something_ is amiss but I'm not sure what:
>>>> 
>>>> :
>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 
>>>> seconds
>>>>     [1/22]: creating certificate server user
>>>>     [2/22]: configuring certificate server instance
>>>> ipa        : CRITICAL failed to configure ca instance Command 
>>>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 
>>>> 1
>>>> Configuration of CA failed
>>>> #
>>>> 
>>>> In the /var/log/ipaserver-install.log, I see this:
>>>> 
>>>> :
>>>> :
>>>> Installing CA into /var/lib/pki/pki-tomcat.
>>>> 
>>>> Installation failed.
>>>> 
>>>> 
>>>> 2014-04-28T11:43:46Z DEBUG stderr=pkispawn     : ERROR    ........ PKI 
>>>> subsystem 'CA' for instance 'pki-tomcat' already exists!
>>>> 
>>>> 2014-04-28T11:432:46Z CRITICAL failed to configure ca instance Command 
>>>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpX8RW20' returned non-zero exit status 
>>>> 1
>>>> 2014-04-28T11:43:46Z DEBUG   File 
>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 
>>>> 622, in run_script
>>>>     return_value = main_function()
>>>> 
>>>>   File "/usr/sbin/ipa-server-install", line 1074, in main
>>>>     dm_password, subject_base=options.subject)
>>>> 
>>>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
>>>> line 478, in configure_instance
>>>>     self.start_creation(runtime=210)
>>>> 
>>>>   File "/usr/lib/python2.7/site-packages/ipaserver/isntall/service.py", 
>>>> line 364, in start_creation
>>>>     method()
>>>> 
>>>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
>>>> line 604, in __spawn_instance
>>>>     raise RUntimeError('Configuration of CA failed')
>>>> :
>>>> :
>>>> 
>>>> So it looks like somehow this has gotten configured already. Possibly 
>>>> Puppet copied over something it shouldn't have. What do I need to remove 
>>>> to make this step work without removing so much that I render something 
>>>> inoperable?
>>> Run uninstall several times. Each time uninstall might clean next portion 
>>> and untangle things so trying to do it several times pays off.
>>> Then check if there is a DS instance for PKI. If there is remove it and try 
>>> again.
>>> 
>>>> -- 
>>>> Bret Wortman
>>>> <mime-attachment.png>
>>>> http://damascusgrp.com/
>>>> http://about.me/wortmanbret
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> 
>>> 
>>> -- 
>>> Thank you,
>>> Dmitri Pal
>>> 
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>> 
>>> 
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> 
>> 
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to