On 02/28/2015 07:18 AM, Rob Crittenden wrote: > Hadoop Solutions wrote: >> Hi Rob, >> >> please find the attached log of /var/log/ipaserver-install.log >> >> kindly let me know the solution for this.. > > Can you see if you have any SElinux failures? > > # ausearch -m AVC -ts recent > > I see some SELinux errors in the log. Not sure if this is it or not but > for some reason the dogtag SELinux policy doesn't always install > correctly. The fix seems to be to re-install the pki-selinux package. > > You'll also need to run pkiremove manually after running > ipa-server-install --uninstall. It doesn't always record the fact that a > service install is attempted and fails. > > # pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force > > rob
With regards to PKI and SELinux, I can only recall that pki-selinux package required the most up to date selinux-policy package, otherwise it printed SELinux related error during installation. Your bug also reminds me of https://fedorahosted.org/pki/ticket/1282 which was caused by HTTPD not having some of the modules (AJP proxy module) enabled. Can you please check /var/log/httpd/error_log if there are any related interesting error messages? Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project