On 4/1/2015 4:29 PM, Markus Roth wrote:
Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie:
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote:
On 03/31/2015 01:54 PM, Markus Roth wrote:
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
I uninstalled the ipa server completely several times and installed
But it always stops at the same step with the setup.
Can anybody help?
Based on the IPA install log alone it looks like the DS is already
started, and the Dogtag is already started too in step [3/27]. It's the
restart on step [8/27] that is failing.
We will need to see the Dogtag debug log in order to know if Dogtag is
indeed failing to restart or the installer for some reason cannot
connect to Dogtag.
Based on the logs that you sent me, the Dogtag took a really long time
INFORMATION: Server startup in 739700 ms
More than half of that time was spent starting the CA subsystem alone:
INFORMATION: Deployment of configuration descriptor /etc/pki
/pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms
The whole (failed) IPA installation took about 38 minutes. Is this correct?
It's possible the system was running out of entropy. You might want to
install haveged or rngd. See:
However, the system seems to be running very slowly in general. How
powerful is this machine?
the system is a banana pi system. Seems that this ARM CPU based system isn't
suitable for FreeIPA....
The installation might still succeed if IPA doesn't have the 300s time
limit. If you want to try, you probably can specify a larger
startup_timeout in ~/.ipa/default.conf, or change the code in
ipaplatform/redhat/services.py to wait indefinitely, and see what
happens. I don't know if it will be usable though.
Endi S. Dewata
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project