Am Freitag, den 08.01.2016, 13:25 +0100 schrieb Martin Babinsky: > On 01/08/2016 01:06 PM, Markus Roth wrote: > > Hi all, > > > > I tried to install freeipa server (freeipa-server.armv7hl > > 4.2.3-1.1.fc23), but the installation failed. > > > > ----------------------------------------------------- > > Configuring NTP daemon (ntpd) > > [1/4]: stopping ntpd > > [2/4]: writing configuration > > [3/4]: configuring ntpd to start on boot > > [4/4]: starting ntpd > > Done configuring NTP daemon (ntpd). > > Configuring directory server (dirsrv). Estimated time: 1 minute > > [1/43]: creating directory server user > > [2/43]: creating directory server instance > > [3/43]: adding default schema > > [4/43]: enabling memberof plugin > > [5/43]: enabling winsync plugin > > [6/43]: configuring replication version plugin > > [7/43]: enabling IPA enrollment plugin > > [8/43]: enabling ldapi > > [9/43]: configuring uniqueness plugin > > [10/43]: configuring uuid plugin > > [11/43]: configuring modrdn plugin > > [12/43]: configuring DNS plugin > > [13/43]: enabling entryUSN plugin > > [14/43]: configuring lockout plugin > > [15/43]: creating indices > > [16/43]: enabling referential integrity plugin > > [17/43]: configuring certmap.conf > > [18/43]: configure autobind for root > > [19/43]: configure new location for managed entries > > [20/43]: configure dirsrv ccache > > [21/43]: enable SASL mapping fallback > > [22/43]: restarting directory server > > [23/43]: adding default layout > > [24/43]: adding delegation layout > > [25/43]: creating container for managed entries > > [26/43]: configuring user private groups > > [27/43]: configuring netgroups from hostgroups > > [28/43]: creating default Sudo bind user > > [29/43]: creating default Auto Member layout > > [30/43]: adding range check plugin > > [31/43]: creating default HBAC rule allow_all > > [32/43]: creating default CA ACL rule > > [33/43]: adding entries for topology management > > [34/43]: initializing group membership > > [35/43]: adding master entry > > [36/43]: initializing domain level > > [37/43]: configuring Posix uid/gid generation > > [38/43]: adding replication acis > > [39/43]: enabling compatibility plugin > > [40/43]: activating sidgen plugin > > [41/43]: activating extdom plugin > > [42/43]: tuning directory server > > [43/43]: configuring directory to start on boot > > Done configuring directory server (dirsrv). > > Configuring certificate server (pki-tomcatd). Estimated time: 3 > > minutes > > 30 seconds > > [1/25]: creating certificate server user > > [2/25]: configuring certificate server instance > > [3/25]: stopping certificate server instance to update CS.cfg > > [4/25]: backing up CS.cfg > > [5/25]: disabling nonces > > [6/25]: set up CRL publishing > > [7/25]: enable PKIX certificate path discovery and validation > > [8/25]: starting certificate server instance > > [9/25]: creating RA agent certificate database > > [10/25]: importing CA chain to RA certificate database > > [11/25]: fixing RA database permissions > > [12/25]: setting up signing cert profile > > [13/25]: setting audit signing renewal to 2 years > > [14/25]: restarting certificate server > > [15/25]: requesting RA certificate from CA > > [16/25]: issuing RA agent certificate > > [17/25]: adding RA agent as a trusted user > > [18/25]: authorizing RA to modify profiles > > [19/25]: configure certmonger for renewals > > [20/25]: configure certificate renewals > > [21/25]: configure RA certificate renewal > > [22/25]: configure Server-Cert certificate renewal > > [23/25]: Configure HTTP to proxy connections > > [24/25]: restarting certificate server > > [25/25]: Importing IPA certificate profiles > > Done configuring certificate server (pki-tomcatd). > > Configuring directory server (dirsrv). Estimated time: 10 seconds > > [1/3]: configuring ssl for ds instance > > [error] RuntimeError: Certificate issuance failed > > ipa.ipapython.install.cli.install_tool(Server): > > ERROR Certificate > > issuance failed > > > > ----------------------------------------------- > > > > The last messages in the log file (/var/log/ipaserver-install.log): > > > > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > > line > > 637, in __enable_ssl > > self.nickname, self.fqdn, cadb) > > File "/usr/lib/python2.7/site- > > packages/ipaserver/install/certs.py", > > line 337, in create_server_cert > > cdb.issue_server_cert(self.certreq_fname, self.certder_fname) > > File "/usr/lib/python2.7/site- > > packages/ipaserver/install/certs.py", > > line 419, in issue_server_cert > > raise RuntimeError("Certificate issuance failed") > > > > 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, > > exception: RuntimeError: Certificate issuance failed > > 2016-01-08T09:33:47Z ERROR Certificate issuance failed > > > > any ideas about this error? > > > > Markus > > > > > > Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I > > can not be sure without seeing installation log > (/var/log/ipaserver-install.log). > > As a workaround, you can try to re-run the installation in verbose > mode > using '-v' option and see if it succeeds. Be prepared for a lot of > garbage spouted on the output, though. > Hi Martin,
did an setup with fedora 22 and freeipa-server.armv7hl 4.1.4-4.fc22 The setup completed successfully. The only change I did was, change the startup_timeout variable to 900 in /usr/lib/python2.7/site- packages/ipalib/constants.py, because the hardware (banana pi) isn't fast enough for the certification generation process. So it must be an bug in freeipa-server.armv7hl 4.2.3-1.1.fc23. Regards, Markus -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project