[Freeipa-users] ipa-replica-install fails at CA setup

Wed, 29 Apr 2015 07:33:03 -0700 

CentOS7.1 with IPA server 4.1.

"ipa-replica-install --setup-ca --setup-dns ..." fails with this error
message:
-----
  [2/22]: configuring certificate server instance
ipa         : CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero
exit status 1
  [error] RuntimeError: Configuration of CA failed
-----

ipareplica-install.log shows this:
-----
2015-04-29T13:40:11Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-04-29T13:40:11Z DEBUG Starting external process
2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpaUGoKX'
2015-04-29T13:40:51Z DEBUG Process finished, return code=1
2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration from
/tmp/tmpaUGoKX.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.

Installation failed.


2015-04-29T13:40:51Z DEBUG stderr=pkispawn    : ERROR    ....... Exception
from Java Configuration Servlet: Error in populating database: Could not
connect to LDAP server host mrip
a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to connect to
server ldap://mripa2.mr.ric:389 (91)

2015-04-29T13:40:51Z CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero
exit status 1
2015-04-29T13:40:51Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 382, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 372, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 673, in __spawn_instance
    raise RuntimeError('Configuration of CA failed')
RuntimeError: Configuration of CA failed
-----

I hope this is enough information.

Thanks in advance,

Qing Chang

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to