On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,

I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:

configuring NTP daemon (ntpd)
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
   [1/38]: creating directory server user
   [2/38]: creating directory server instance
   [3/38]: adding default schema
   [4/38]: enabling memberof plugin
   [5/38]: enabling winsync plugin
   [6/38]: configuring replication version plugin
   [7/38]: enabling IPA enrollment plugin
   [8/38]: enabling ldapi
   [9/38]: configuring uniqueness plugin
   [10/38]: configuring uuid plugin
   [11/38]: configuring modrdn plugin
   [12/38]: configuring DNS plugin
   [13/38]: enabling entryUSN plugin
   [14/38]: configuring lockout plugin
   [15/38]: creating indices
   [16/38]: enabling referential integrity plugin
   [17/38]: configuring certmap.conf
   [18/38]: configure autobind for root
   [19/38]: configure new location for managed entries
   [20/38]: configure dirsrv ccache
   [21/38]: enable SASL mapping fallback
   [22/38]: restarting directory server
   [23/38]: adding default layout
   [24/38]: adding delegation layout
   [25/38]: creating container for managed entries
   [26/38]: configuring user private groups
   [27/38]: configuring netgroups from hostgroups
   [28/38]: creating default Sudo bind user
   [29/38]: creating default Auto Member layout
   [30/38]: adding range check plugin
   [31/38]: creating default HBAC rule allow_all
   [32/38]: initializing group membership
   [33/38]: adding master entry
   [34/38]: configuring Posix uid/gid generation
   [35/38]: adding replication acis
   [36/38]: enabling compatibility plugin
   [37/38]: tuning directory server
   [38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
   [1/27]: creating certificate server user
   [2/27]: configuring certificate server instance
   [3/27]: stopping certificate server instance to update CS.cfg
   [4/27]: backing up CS.cfg
   [5/27]: disabling nonces
   [6/27]: set up CRL publishing
   [7/27]: enable PKIX certificate path discovery and validation
   [8/27]: starting certificate server instance
   [error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s

The ipa server install log shows this:

2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
382, in start_creation
     run_step(full_msg, method)
   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
372, in run_step
     method()
   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 526, in __start
     self.start()
   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
279, in start
     self.service.start(instance_name, capture_output=capture_output,
wait=wait)
   File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
229, in start
     self.wait_until_running()
   File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
223, in wait_until_running
     raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s

2015-03-31T17:39:36Z DEBUG   [error] RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG   File "/usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py", line 642, in run_script
     return_value = main_function()

   File "/usr/sbin/ipa-server-install", line 1183, in main
     ca_signing_algorithm=options.ca_signing_algorithm)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 520, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
382, in start_creation
     run_step(full_msg, method)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
372, in run_step
     method()

   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 526, in __start
     self.start()

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
279, in start
     self.service.start(instance_name, capture_output=capture_output,
wait=wait)

   File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
229, in start
     self.wait_until_running()

   File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
223, in wait_until_running
     raise RuntimeError('CA did not start in %ss' % timeout)

2015-03-31T17:39:36Z DEBUG The ipa-server-install command failed, exception:
RuntimeError: CA did not start in 300.0s

I uninstalled the ipa server completely several times and installed it again.
But it always stops at the same step with the setup.

Can anybody help?

Markus.

Please provide install logs, and look at directory server and PKI server logs created during the installation. It seems that Dogtag did not start. It usually does not start when the DS under it does not start. The logs would show that. DS does not start does because of different issues. Can bind to the port for example. So please review the logs and see what they reveal.

This might help you with details http://www.freeipa.org/page/Troubleshooting

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to