On 01/08/2016 01:06 PM, Markus Roth wrote:
Hi all,I tried to install freeipa server (freeipa-server.armv7hl 4.2.3-1.1.fc23), but the installation failed. ----------------------------------------------------- Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance [3/43]: adding default schema [4/43]: enabling memberof plugin [5/43]: enabling winsync plugin [6/43]: configuring replication version plugin [7/43]: enabling IPA enrollment plugin [8/43]: enabling ldapi [9/43]: configuring uniqueness plugin [10/43]: configuring uuid plugin [11/43]: configuring modrdn plugin [12/43]: configuring DNS plugin [13/43]: enabling entryUSN plugin [14/43]: configuring lockout plugin [15/43]: creating indices [16/43]: enabling referential integrity plugin [17/43]: configuring certmap.conf [18/43]: configure autobind for root [19/43]: configure new location for managed entries [20/43]: configure dirsrv ccache [21/43]: enable SASL mapping fallback [22/43]: restarting directory server [23/43]: adding default layout [24/43]: adding delegation layout [25/43]: creating container for managed entries [26/43]: configuring user private groups [27/43]: configuring netgroups from hostgroups [28/43]: creating default Sudo bind user [29/43]: creating default Auto Member layout [30/43]: adding range check plugin [31/43]: creating default HBAC rule allow_all [32/43]: creating default CA ACL rule [33/43]: adding entries for topology management [34/43]: initializing group membership [35/43]: adding master entry [36/43]: initializing domain level [37/43]: configuring Posix uid/gid generation [38/43]: adding replication acis [39/43]: enabling compatibility plugin [40/43]: activating sidgen plugin [41/43]: activating extdom plugin [42/43]: tuning directory server [43/43]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/25]: creating certificate server user [2/25]: configuring certificate server instance [3/25]: stopping certificate server instance to update CS.cfg [4/25]: backing up CS.cfg [5/25]: disabling nonces [6/25]: set up CRL publishing [7/25]: enable PKIX certificate path discovery and validation [8/25]: starting certificate server instance [9/25]: creating RA agent certificate database [10/25]: importing CA chain to RA certificate database [11/25]: fixing RA database permissions [12/25]: setting up signing cert profile [13/25]: setting audit signing renewal to 2 years [14/25]: restarting certificate server [15/25]: requesting RA certificate from CA [16/25]: issuing RA agent certificate [17/25]: adding RA agent as a trusted user [18/25]: authorizing RA to modify profiles [19/25]: configure certmonger for renewals [20/25]: configure certificate renewals [21/25]: configure RA certificate renewal [22/25]: configure Server-Cert certificate renewal [23/25]: Configure HTTP to proxy connections [24/25]: restarting certificate server [25/25]: Importing IPA certificate profiles Done configuring certificate server (pki-tomcatd). Configuring directory server (dirsrv). Estimated time: 10 seconds [1/3]: configuring ssl for ds instance [error] RuntimeError: Certificate issuance failed ipa.ipapython.install.cli.install_tool(Server): ERROR Certificate issuance failed ----------------------------------------------- The last messages in the log file (/var/log/ipaserver-install.log): File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl self.nickname, self.fqdn, cadb) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 337, in create_server_cert cdb.issue_server_cert(self.certreq_fname, self.certder_fname) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 419, in issue_server_cert raise RuntimeError("Certificate issuance failed") 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, exception: RuntimeError: Certificate issuance failed 2016-01-08T09:33:47Z ERROR Certificate issuance failed any ideas about this error? Markus
Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I can not be sure without seeing installation log (/var/log/ipaserver-install.log).
As a workaround, you can try to re-run the installation in verbose mode using '-v' option and see if it succeeds. Be prepared for a lot of garbage spouted on the output, though.
-- Martin^3 Babinsky -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
