Hadoop Solutions wrote: > Hi, > > IPA required SELinux enabled on the system?
No, SELinux is not required, just very strongly recommended. We need a dogtag developer to take a look at the log to see if he can figure out the failure. He may also need the debug log from the CA to do this. rob > > Thanks, > Shaik > > On 28 February 2015 at 16:49, Hadoop Solutions <munna.had...@gmail.com > <mailto:munna.had...@gmail.com>> wrote: > > Hi Rob, > > In this node we have disabled SELinux. Is it cusing this error??? > > Thanks, > Shaik > > On 28 February 2015 at 14:18, Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Hadoop Solutions wrote: > > Hi Rob, > > > > please find the attached log of /var/log/ipaserver-install.log > > > > kindly let me know the solution for this.. > > Can you see if you have any SElinux failures? > > # ausearch -m AVC -ts recent > > I see some SELinux errors in the log. Not sure if this is it or > not but > for some reason the dogtag SELinux policy doesn't always install > correctly. The fix seems to be to re-install the pki-selinux > package. > > You'll also need to run pkiremove manually after running > ipa-server-install --uninstall. It doesn't always record the > fact that a > service install is attempted and fails. > > # pkiremove -pki_instance_root=/var/lib > -pki_instance_name=pki-ca --force > > rob > > > > > Thanks, > > Shaik > > > > On 28 February 2015 at 11:29, Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com> > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> wrote: > > > > Hadoop Solutions wrote: > > > Hi, > > > > > > i am trying to install IPA on RHEL 6, but i am getting > following errors > > > while installing the IPA. > > > > > > Configuring certificate server (pki-cad): Estimated time > 3 minutes 30 > > > seconds > > > [1/20]: creating certificate server user > > > [2/20]: configuring certificate server instance > > > ipa : CRITICAL failed to configure ca instance > Command > > > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname > > > sv2lxdpdsedi02.corp.equinix.com > <http://sv2lxdpdsedi02.corp.equinix.com> > > <http://sv2lxdpdsedi02.corp.equinix.com> > > <http://sv2lxdpdsedi02.corp.equinix.com> > > > -cs_port 9445 -client_certdb_dir /tmp/tmp-ipQMeE > -client_certdb_pwd > > > XXXXXXXX -preop_pin rYjqarUHssRQtfthaFFT -domain_name > IPA -admin_user > > > admin -admin_email root@localhost -admin_password > XXXXXXXX -agent_name > > > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa > > > -agent_cert_subject CN=ipa-ca-agent,O=LAB.BDP -ldap_host > > > sv2lxdpdsedi02.corp.equinix.com > <http://sv2lxdpdsedi02.corp.equinix.com> > > <http://sv2lxdpdsedi02.corp.equinix.com> > > <http://sv2lxdpdsedi02.corp.equinix.com> > > > -ldap_port 7389 -bind_dn cn=Directory Manager > -bind_password XXXXXXXX > > > -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa > > > -key_algorithm SHA256withRSA -save_p12 true -backup_pwd > XXXXXXXX > > > -subsystem_name pki-cad -token_name internal > > > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LAB.BDP > > > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LAB.BDP > > > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LAB.BDP > > > -ca_server_cert_subject_name > CN=sv2lxdpdsedi02.corp.equinix.com > <http://sv2lxdpdsedi02.corp.equinix.com> > <http://sv2lxdpdsedi02.corp.equinix.com> > > > <http://sv2lxdpdsedi02.corp.equinix.com>,O=LAB.BDP > > > -ca_audit_signing_cert_subject_name CN=CA Audit,O=LAB.BDP > > > -ca_sign_cert_subject_name CN=Certificate > Authority,O=LAB.BDP -external > > > false -clone false' returned non-zero exit status 255 > > > Configuration of CA failed > > > > You'll find more relevant error messages in the full > > /var/log/ipaserver-install.log and /var/log/pki-ca/debug > > > > rob > > > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project