Bret Wortman wrote:


On 04/28/2014 10:48 AM, Rob Crittenden wrote:
Bret Wortman wrote:

On 04/28/2014 10:21 AM, Bret Wortman wrote:

On 04/28/2014 08:33 AM, Petr Viktorin wrote:

According to the error you're getting, there is a CA instance already
installed.
After uninstalling IPA, destroy it with:
    pkidestroy -s CA -i pki-tomcat


I tried, this, but no joy.

# pkidestroy -s CA -i pki-tomcat
Loading deployment configuration from /var/lib/pki/pki-tomcat
/ca/registry/ca/deployment.cfg.
Uninstalling CA from /var/lib/pki/pki-tomcat.
pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
security domain 'unknown'!
pkidestroy : ERROR   ....... No security domain defined.
If this is an unconfigured instance, then that is OK.
Otherwise, manually delete the entry from the security domain master.

Uninstallation complete.
#

And then when I tried to run ipa-server-install, I got the same error
again. I may just wipe the box and start over. It might take less time
overall.


Bret

This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also
dogtag-10.1.1-1).

From the ipa-server installation output the error looks the same, but
the underlying error should be different when there isn't already a
PKI instance.

If the PKI installer fails early enough we don't record that it was
installed which is why ipa-server-install --uninstall doesn't remove
it. We have a ticket open for this.

rob

So is there a recommended way to clean it up and get it working?

Re-run pkidestroy, then if the subsequent IPA install fails closely examine the logs to determine the reason. The problem in cases like this is that the first install fails and subsequent installs mask the original failure with this PKI re-install failure.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to