Hi Rob, In this node we have disabled SELinux. Is it cusing this error???
Thanks, Shaik On 28 February 2015 at 14:18, Rob Crittenden <rcrit...@redhat.com> wrote: > Hadoop Solutions wrote: > > Hi Rob, > > > > please find the attached log of /var/log/ipaserver-install.log > > > > kindly let me know the solution for this.. > > Can you see if you have any SElinux failures? > > # ausearch -m AVC -ts recent > > I see some SELinux errors in the log. Not sure if this is it or not but > for some reason the dogtag SELinux policy doesn't always install > correctly. The fix seems to be to re-install the pki-selinux package. > > You'll also need to run pkiremove manually after running > ipa-server-install --uninstall. It doesn't always record the fact that a > service install is attempted and fails. > > # pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force > > rob > > > > > Thanks, > > Shaik > > > > On 28 February 2015 at 11:29, Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > Hadoop Solutions wrote: > > > Hi, > > > > > > i am trying to install IPA on RHEL 6, but i am getting following > errors > > > while installing the IPA. > > > > > > Configuring certificate server (pki-cad): Estimated time 3 minutes > 30 > > > seconds > > > [1/20]: creating certificate server user > > > [2/20]: configuring certificate server instance > > > ipa : CRITICAL failed to configure ca instance Command > > > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname > > > sv2lxdpdsedi02.corp.equinix.com > > <http://sv2lxdpdsedi02.corp.equinix.com> > > <http://sv2lxdpdsedi02.corp.equinix.com> > > > -cs_port 9445 -client_certdb_dir /tmp/tmp-ipQMeE -client_certdb_pwd > > > XXXXXXXX -preop_pin rYjqarUHssRQtfthaFFT -domain_name IPA > -admin_user > > > admin -admin_email root@localhost -admin_password XXXXXXXX > -agent_name > > > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa > > > -agent_cert_subject CN=ipa-ca-agent,O=LAB.BDP -ldap_host > > > sv2lxdpdsedi02.corp.equinix.com > > <http://sv2lxdpdsedi02.corp.equinix.com> > > <http://sv2lxdpdsedi02.corp.equinix.com> > > > -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password > XXXXXXXX > > > -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa > > > -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX > > > -subsystem_name pki-cad -token_name internal > > > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LAB.BDP > > > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LAB.BDP > > > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LAB.BDP > > > -ca_server_cert_subject_name CN=sv2lxdpdsedi02.corp.equinix.com < > http://sv2lxdpdsedi02.corp.equinix.com> > > > <http://sv2lxdpdsedi02.corp.equinix.com>,O=LAB.BDP > > > -ca_audit_signing_cert_subject_name CN=CA Audit,O=LAB.BDP > > > -ca_sign_cert_subject_name CN=Certificate Authority,O=LAB.BDP > -external > > > false -clone false' returned non-zero exit status 255 > > > Configuration of CA failed > > > > You'll find more relevant error messages in the full > > /var/log/ipaserver-install.log and /var/log/pki-ca/debug > > > > rob > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project