lejeczek wrote:
hi there,I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. more from log: 2016-05-25T12:38:31Z DEBUG [10/23]: importing CA chain to RA certificate database 2016-05-25T12:38:31Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1015, in __import_ca_chain chain = self.__get_ca_chain() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 997, in __get_ca_chain raise RuntimeError("Unable to retrieve CA chain: %s" % str(e)) RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused 2016-05-25T12:38:31Z DEBUG [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused 2016-05-25T12:38:31Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute what might be the problem?
It is failing getting the CA chain from dogtag. It uses port 8080 by default. I'd check your firewall and that the remote CA is up.
I'm surprised the port checker didn't discover this if it is a firewall issue and that would be a bug (either the port not being checked or not using the proxy).
rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
