I noticed that the error said it could not unzip the zip file. I installed lzo and then did a clean install and it worked.
Perhaps lzo should be a package dependency? Thanks On 28 May 2014 15:11, Ade Lee <[email protected]> wrote: > On Wed, 2014-05-28 at 10:37 +0100, Scott Ryan wrote: >> I am trying to get freeIPA up and running on a minimal CentOS6.5 >> installation. >> i have forward and reverse DNS setup on an external DNS server - no >> SELinux & no iptables (for troubleshooting) >> >> but keep running into the following problem during installation : >> >> [3/21]: configuring certificate server instance >> ipa : CRITICAL failed to configure ca instance Command >> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname >> ipa1.int.immi.gov.au -cs_port 9445 -client_certdb_dir /tmp/tmp-RsFkUW >> -client_certdb_pwd XXXXXXXX -preop_pin miTD9vj5e6KwfqQNy2ig >> -domain_name IPA -admin_user admin -admin_email root@localhost >> -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 >> -agent_key_type rsa -agent_cert_subject >> CN=ipa-ca-agent,O=INT.IMMI.GOV.AU -ldap_host ipa1.int.immi.gov.au >> -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX >> -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa >> -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX >> -subsystem_name pki-cad -token_name internal >> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU >> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU >> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INT.IMMI.GOV.AU >> -ca_server_cert_subject_name CN=ipa1.int.immi.gov.au,O=INT.IMMI.GOV.AU >> -ca_audit_signing_cert_subject_name CN=CA Audit,O=INT.IMMI.GOV.AU >> -ca_sign_cert_subject_name CN=Certificate Authority,O=INT.IMMI.GOV.AU >> -external false -clone false' returned non-zero exit status 255 >> Configuration of CA failed >> >> The installation log shows this : >> >> 2014-05-28T09:19:47Z DEBUG importing plugin module >> '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' >> ...skipping... >> at java.net.URLClassLoader$1.run(URLClassLoader.java:358) >> at java.net.URLClassLoader$1.run(URLClassLoader.java:355) >> at java.security.AccessController.doPrivileged(Native Method) >> at java.net.URLClassLoader.findClass(URLClassLoader.java:354) >> at java.lang.ClassLoader.loadClass(ClassLoader.java:425) >> at java.lang.ClassLoader.loadClass(ClassLoader.java:412) >> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) >> at java.lang.ClassLoader.loadClass(ClassLoader.java:358) >> at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:215) >> at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) >> at java.security.AccessController.doPrivileged(Native Method) >> at >> sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) >> at >> sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) >> at sun.security.jca.ProviderList.loadAll(ProviderList.java:281) >> at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:298) >> at sun.security.jca.Providers.getFullProviderList(Providers.java:176) >> at java.security.Security.insertProviderAt(Security.java:362) >> at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:942) >> at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:869) >> at ComCrypto.loginDB(ComCrypto.java:420) >> at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1145) >> at ConfigureCA.main(ConfigureCA.java:1672) >> Caused by: java.util.zip.ZipException: error in opening zip file >> at java.util.zip.ZipFile.open(Native Method) >> at java.util.zip.ZipFile.<init>(ZipFile.java:215) >> at java.util.zip.ZipFile.<init>(ZipFile.java:145) >> at java.util.jar.JarFile.<init>(JarFile.java:153) >> at java.util.jar.JarFile.<init>(JarFile.java:90) >> at sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:728) >> at sun.misc.URLClassPath$JarLoader.access$600(URLClassPath.java:591) >> at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:673) >> at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:666) >> at java.security.AccessController.doPrivileged(Native Method) >> at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:665) >> at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:836) >> ... 23 more >> > > Thats a very interesting error. Looks like something is going on at the > nss/jss level on the client side when trying to initialize the client > side nss database. > > Can you tell me what versions you have for nss, jss, pki-common, > pkisilent, pki-ca ? > > rpm -q nss jss pki-common pki-silent pki-ca > > Thanks. > >> 2014-05-28T09:20:15Z CRITICAL failed to configure ca instance Command >> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname >> ipa1.int.immi.gov.au -cs_port 9445 -client_certdb_dir /tmp/tmp-RsFkUW >> -client_certdb_pwd XXXXXXXX -preop_pin miTD9vj5e6KwfqQNy2ig >> -domain_name IPA -admin_user admin -admin_email root@localhost >> -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 >> -agent_key_type rsa -agent_cert_subject >> CN=ipa-ca-agent,O=INT.IMMI.GOV.AU -ldap_host ipa1.int.immi.gov.au >> -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX >> -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa >> -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX >> -subsystem_name pki-cad -token_name internal >> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU >> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU >> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INT.IMMI.GOV.AU >> -ca_server_cert_subject_name CN=ipa1.int.immi.gov.au,O=INT.IMMI.GOV.AU >> -ca_audit_signing_cert_subject_name CN=CA Audit,O=INT.IMMI.GOV.AU >> -ca_sign_cert_subject_name CN=Certificate Authority,O=INT.IMMI.GOV.AU >> -external false -clone false' returned non-zero exit status 255 >> 2014-05-28T09:20:15Z INFO File >> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", >> line 614, in run_script >> return_value = main_function() >> >> Any ideas would be helpful. >> >> Thanks > > -- Scott Ryan Mobile +44 (0)7511803027 Skype - scottlryan _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
