On 01/08/2016 01:06 PM, Markus Roth wrote:
Hi all,

I tried to install freeipa server (freeipa-server.armv7hl
  4.2.3-1.1.fc23), but the installation failed.

Configuring NTP daemon (ntpd)
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
   [1/43]: creating directory server user
   [2/43]: creating directory server instance
   [3/43]: adding default schema
   [4/43]: enabling memberof plugin
   [5/43]: enabling winsync plugin
   [6/43]: configuring replication version plugin
   [7/43]: enabling IPA enrollment plugin
   [8/43]: enabling ldapi
   [9/43]: configuring uniqueness plugin
   [10/43]: configuring uuid plugin
   [11/43]: configuring modrdn plugin
   [12/43]: configuring DNS plugin
   [13/43]: enabling entryUSN plugin
   [14/43]: configuring lockout plugin
   [15/43]: creating indices
   [16/43]: enabling referential integrity plugin
   [17/43]: configuring certmap.conf
   [18/43]: configure autobind for root
   [19/43]: configure new location for managed entries
   [20/43]: configure dirsrv ccache
   [21/43]: enable SASL mapping fallback
   [22/43]: restarting directory server
   [23/43]: adding default layout
   [24/43]: adding delegation layout
   [25/43]: creating container for managed entries
   [26/43]: configuring user private groups
   [27/43]: configuring netgroups from hostgroups
   [28/43]: creating default Sudo bind user
   [29/43]: creating default Auto Member layout
   [30/43]: adding range check plugin
   [31/43]: creating default HBAC rule allow_all
   [32/43]: creating default CA ACL rule
   [33/43]: adding entries for topology management
   [34/43]: initializing group membership
   [35/43]: adding master entry
   [36/43]: initializing domain level
   [37/43]: configuring Posix uid/gid generation
   [38/43]: adding replication acis
   [39/43]: enabling compatibility plugin
   [40/43]: activating sidgen plugin
   [41/43]: activating extdom plugin
   [42/43]: tuning directory server
   [43/43]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
30 seconds
   [1/25]: creating certificate server user
   [2/25]: configuring certificate server instance
   [3/25]: stopping certificate server instance to update CS.cfg
   [4/25]: backing up CS.cfg
   [5/25]: disabling nonces
   [6/25]: set up CRL publishing
   [7/25]: enable PKIX certificate path discovery and validation
   [8/25]: starting certificate server instance
   [9/25]: creating RA agent certificate database
   [10/25]: importing CA chain to RA certificate database
   [11/25]: fixing RA database permissions
   [12/25]: setting up signing cert profile
   [13/25]: setting audit signing renewal to 2 years
   [14/25]: restarting certificate server
   [15/25]: requesting RA certificate from CA
   [16/25]: issuing RA agent certificate
   [17/25]: adding RA agent as a trusted user
   [18/25]: authorizing RA to modify profiles
   [19/25]: configure certmonger for renewals
   [20/25]: configure certificate renewals
   [21/25]: configure RA certificate renewal
   [22/25]: configure Server-Cert certificate renewal
   [23/25]: Configure HTTP to proxy connections
   [24/25]: restarting certificate server
   [25/25]: Importing IPA certificate profiles
Done configuring certificate server (pki-tomcatd).
Configuring directory server (dirsrv). Estimated time: 10 seconds
   [1/3]: configuring ssl for ds instance
   [error] RuntimeError: Certificate issuance failed
ipa.ipapython.install.cli.install_tool(Server): ERROR    Certificate
issuance failed


The last messages in the log file (/var/log/ipaserver-install.log):

"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
637, in __enable_ssl
     self.nickname, self.fqdn, cadb)
   File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py",
line 337, in create_server_cert
     cdb.issue_server_cert(self.certreq_fname, self.certder_fname)
   File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py",
line 419, in issue_server_cert
     raise RuntimeError("Certificate issuance failed")

2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed,
exception: RuntimeError: Certificate issuance failed
2016-01-08T09:33:47Z ERROR Certificate issuance failed

any ideas about this error?


Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I can not be sure without seeing installation log (/var/log/ipaserver-install.log).

As a workaround, you can try to re-run the installation in verbose mode using '-v' option and see if it succeeds. Be prepared for a lot of garbage spouted on the output, though.

Martin^3 Babinsky

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to