On 04/28/2014 11:08 AM, Bret Wortman wrote:

On 04/28/2014 10:48 AM, Rob Crittenden wrote:
Bret Wortman wrote:

On 04/28/2014 10:21 AM, Bret Wortman wrote:

On 04/28/2014 08:33 AM, Petr Viktorin wrote:

According to the error you're getting, there is a CA instance already
After uninstalling IPA, destroy it with:
    pkidestroy -s CA -i pki-tomcat

I tried, this, but no joy.

# pkidestroy -s CA -i pki-tomcat
Loading deployment configuration from /var/lib/pki/pki-tomcat
Uninstalling CA from /var/lib/pki/pki-tomcat.
pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
security domain 'unknown'!
pkidestroy : ERROR   ....... No security domain defined.
If this is an unconfigured instance, then that is OK.
Otherwise, manually delete the entry from the security domain master.

Uninstallation complete.

And then when I tried to run ipa-server-install, I got the same error
again. I may just wipe the box and start over. It might take less time


This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also

From the ipa-server installation output the error looks the same, but the underlying error should be different when there isn't already a PKI instance.

If the PKI installer fails early enough we don't record that it was installed which is why ipa-server-install --uninstall doesn't remove it. We have a ticket open for this.


So is there a recommended way to clean it up and get it working?

Never mind; I found the bug (953488) which said to:

# pkidestroy -s CA -i pki-tomcat
ERROR:  PKI instance '/var/lib/pki/pki-tomcat' does NOT exist!
# rm -rf /var/log/pki/pki-tomcat
# rm -rf /etc/sysconfig/pki-tomcat
# rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat
# rm -rf /var/lib/pki/pki-tomcat
# rm -rf /etc/pki/pki-tomcat
# ipa-server-install --uninstall

And re-run installation. This didn't work for me. Was there another bug that I missed?

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to