On 04/28/2014 11:08 AM, Bret Wortman wrote:


On 04/28/2014 10:48 AM, Rob Crittenden wrote:
Bret Wortman wrote:

On 04/28/2014 10:21 AM, Bret Wortman wrote:

On 04/28/2014 08:33 AM, Petr Viktorin wrote:

According to the error you're getting, there is a CA instance already
installed.
After uninstalling IPA, destroy it with:
    pkidestroy -s CA -i pki-tomcat


I tried, this, but no joy.

# pkidestroy -s CA -i pki-tomcat
Loading deployment configuration from /var/lib/pki/pki-tomcat
/ca/registry/ca/deployment.cfg.
Uninstalling CA from /var/lib/pki/pki-tomcat.
pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted from
security domain 'unknown'!
pkidestroy : ERROR   ....... No security domain defined.
If this is an unconfigured instance, then that is OK.
Otherwise, manually delete the entry from the security domain master.

Uninstallation complete.
#

And then when I tried to run ipa-server-install, I got the same error
again. I may just wipe the box and start over. It might take less time
overall.


Bret

This, BTW, is on F20 using freeipa 3.3.4-3 and pki-ca 10.1.1-1 (also
dogtag-10.1.1-1).

From the ipa-server installation output the error looks the same, but the underlying error should be different when there isn't already a PKI instance.

If the PKI installer fails early enough we don't record that it was installed which is why ipa-server-install --uninstall doesn't remove it. We have a ticket open for this.

rob

So is there a recommended way to clean it up and get it working?

Never mind; I found the bug (953488) which said to:

# pkidestroy -s CA -i pki-tomcat
ERROR:  PKI instance '/var/lib/pki/pki-tomcat' does NOT exist!
# rm -rf /var/log/pki/pki-tomcat
# rm -rf /etc/sysconfig/pki-tomcat
# rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat
# rm -rf /var/lib/pki/pki-tomcat
# rm -rf /etc/pki/pki-tomcat
# ipa-server-install --uninstall

And re-run installation. This didn't work for me. Was there another bug that I missed?


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to