On 03/31/2015 07:58 PM, Dmitri Pal wrote:
> On 03/31/2015 01:54 PM, Markus Roth wrote:
>> Hi all,
>>
>> I want setup freeipa 4.1.3 on a fresh installed fedora 21.
>> The ipa-server-install shows the following output:
>>
>> configuring NTP daemon (ntpd)
>> [1/4]: stopping ntpd
>> [2/4]: writing configuration
>> [3/4]: configuring ntpd to start on boot
>> [4/4]: starting ntpd
>> Done configuring NTP daemon (ntpd).
>> Configuring directory server (dirsrv): Estimated time 1 minute
>> [1/38]: creating directory server user
>> [2/38]: creating directory server instance
>> [3/38]: adding default schema
>> [4/38]: enabling memberof plugin
>> [5/38]: enabling winsync plugin
>> [6/38]: configuring replication version plugin
>> [7/38]: enabling IPA enrollment plugin
>> [8/38]: enabling ldapi
>> [9/38]: configuring uniqueness plugin
>> [10/38]: configuring uuid plugin
>> [11/38]: configuring modrdn plugin
>> [12/38]: configuring DNS plugin
>> [13/38]: enabling entryUSN plugin
>> [14/38]: configuring lockout plugin
>> [15/38]: creating indices
>> [16/38]: enabling referential integrity plugin
>> [17/38]: configuring certmap.conf
>> [18/38]: configure autobind for root
>> [19/38]: configure new location for managed entries
>> [20/38]: configure dirsrv ccache
>> [21/38]: enable SASL mapping fallback
>> [22/38]: restarting directory server
>> [23/38]: adding default layout
>> [24/38]: adding delegation layout
>> [25/38]: creating container for managed entries
>> [26/38]: configuring user private groups
>> [27/38]: configuring netgroups from hostgroups
>> [28/38]: creating default Sudo bind user
>> [29/38]: creating default Auto Member layout
>> [30/38]: adding range check plugin
>> [31/38]: creating default HBAC rule allow_all
>> [32/38]: initializing group membership
>> [33/38]: adding master entry
>> [34/38]: configuring Posix uid/gid generation
>> [35/38]: adding replication acis
>> [36/38]: enabling compatibility plugin
>> [37/38]: tuning directory server
>> [38/38]: configuring directory to start on boot
>> Done configuring directory server (dirsrv).
>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
>> seconds
>> [1/27]: creating certificate server user
>> [2/27]: configuring certificate server instance
>> [3/27]: stopping certificate server instance to update CS.cfg
>> [4/27]: backing up CS.cfg
>> [5/27]: disabling nonces
>> [6/27]: set up CRL publishing
>> [7/27]: enable PKIX certificate path discovery and validation
>> [8/27]: starting certificate server instance
>> [error] RuntimeError: CA did not start in 300.0s
>> CA did not start in 300.0s
>>
>> The ipa server install log shows this:
>>
>> 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
>> 2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
>> 2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 382, in start_creation
>> run_step(full_msg, method)
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 372, in run_step
>> method()
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 526, in __start
>> self.start()
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 279, in start
>> self.service.start(instance_name, capture_output=capture_output,
>> wait=wait)
>> File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py",
>> line
>> 229, in start
>> self.wait_until_running()
>> File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py",
>> line
>> 223, in wait_until_running
>> raise RuntimeError('CA did not start in %ss' % timeout)
>> RuntimeError: CA did not start in 300.0s
>>
>> 2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in 300.0s
>> 2015-03-31T17:39:36Z DEBUG File "/usr/lib/python2.7/site-
>> packages/ipaserver/install/installutils.py", line 642, in run_script
>> return_value = main_function()
>>
>> File "/usr/sbin/ipa-server-install", line 1183, in main
>> ca_signing_algorithm=options.ca_signing_algorithm)
>>
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 520, in configure_instance
>> self.start_creation(runtime=210)
>>
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 382, in start_creation
>> run_step(full_msg, method)
>>
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 372, in run_step
>> method()
>>
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 526, in __start
>> self.start()
>>
>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 279, in start
>> self.service.start(instance_name, capture_output=capture_output,
>> wait=wait)
>>
>> File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py",
>> line
>> 229, in start
>> self.wait_until_running()
>>
>> File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py",
>> line
>> 223, in wait_until_running
>> raise RuntimeError('CA did not start in %ss' % timeout)
>>
>> 2015-03-31T17:39:36Z DEBUG The ipa-server-install command failed, exception:
>> RuntimeError: CA did not start in 300.0s
>>
>> I uninstalled the ipa server completely several times and installed it again.
>> But it always stops at the same step with the setup.
>>
>> Can anybody help?
>>
>> Markus.
>>
> Please provide install logs, and look at directory server and PKI server logs
> created during the installation.
> It seems that Dogtag did not start. It usually does not start when the DS
> under
> it does not start. The logs would show that.
> DS does not start does because of different issues. Can bind to the port for
> example. So please review the logs and see what they reveal.
>
> This might help you with details http://www.freeipa.org/page/Troubleshooting
+1. CCing Dogtag guys for reference.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
