dan.finkelst...@high5games.com wrote:
Hi Sebastian,

Unfortunately, that doesn't seem to be it and reinstalling the replica
with —setup-ca failed again with the same errors. I've included relevant
sections of the logs.

/var/log/ipareplica-install.log:

016-06-02T10:43:16Z DEBUG Starting external process

2016-06-02T10:43:16Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpl8RqSM'

2016-06-02T10:43:16Z DEBUG Process finished, return code=1

2016-06-02T10:43:16Z DEBUG stdout=Log file:
/var/log/pki/pki-ca-spawn.20160602064316.log

Loading deployment configuration from /tmp/tmpl8RqSM.

2016-06-02T10:43:16Z DEBUG stderr=Traceback (most recent call last):

   File "/usr/sbin/pkispawn", line 717, in <module>

     main(sys.argv)

   File "/usr/sbin/pkispawn", line 523, in main

     parser.compose_pki_master_dictionary()

   File
"/usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.py",
line 573, in compose_pki_master_dictionary

     instance.load()

   File "/usr/lib/python2.7/site-packages/pki/server/__init__.py", line
454, in load

     subsystem.load()

   File "/usr/lib/python2.7/site-packages/pki/server/__init__.py", line
118, in load

     lines = open(self.cs_conf).read().splitlines()

IOError: [Errno 2] No such file or directory:
'/var/lib/pki/pki-tomcat/ca/conf/CS.cfg'

2016-06-02T10:43:16Z CRITICAL Failed to configure CA instance: Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpl8RqSM'' returned non-zero
exit status 1

2016-06-02T10:43:16Z CRITICAL See the installation logs and the
following files/directories for more information:

2016-06-02T10:43:16Z CRITICAL   /var/log/pki-ca-install.log

2016-06-02T10:43:16Z CRITICAL   /var/log/pki/pki-tomcat

2016-06-02T10:43:16Z DEBUG Traceback (most recent call last):

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 418, in start_creation

     run_step(full_msg, method)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 408, in run_step

     method()

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
620, in __spawn_instance

     DogtagInstance.spawn_instance(self, cfg_file)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 201, in spawn_instance

     self.handle_setup_error(e)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 465, in handle_setup_error

     raise RuntimeError("%s configuration failed." % self.subsystem)

RuntimeError: CA configuration failed.

2016-06-02T10:43:16Z DEBUG   [error] RuntimeError: CA configuration failed.

2016-06-02T10:43:16Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
execute

     return_value = self.run()

   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
line 311, in run

     cfgr.run()

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 281, in run

     self.execute()

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 303, in execute

     for nothing in self._executor():

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 343, in __runner

     self._handle_exception(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 365, in _handle_exception

     util.raise_exc_info(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 333, in __runner

     step()

   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 87, in run_generator_with_yield_from

     raise_exc_info(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 65, in run_generator_with_yield_from

     value = gen.send(prev_value)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 524, in _configure

     executor.next()

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 343, in __runner

     self._handle_exception(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 421, in _handle_exception

     self.__parent._handle_exception(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 365, in _handle_exception

     util.raise_exc_info(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 418, in _handle_exception

     super(ComponentBase, self)._handle_exception(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 365, in _handle_exception

     util.raise_exc_info(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 333, in __runner

     step()

   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 87, in run_generator_with_yield_from

     raise_exc_info(exc_info)

   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 65, in run_generator_with_yield_from

     value = gen.send(prev_value)

   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install

     for nothing in self._installer(self.parent):

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 879, in main

     install(self)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 295, in decorated

     func(installer)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 584, in install

     ca.install(False, config, options)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
106, in install

     install_step_0(standalone, replica_config, options)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
130, in install_step_0

     ra_p12=getattr(options, 'ra_p12', None))

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1543, in install_replica_ca

     subject_base=config.subject_base)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
486, in configure_instance

     self.start_creation(runtime=210)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 418, in start_creation

     run_step(full_msg, method)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 408, in run_step

     method()

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
620, in __spawn_instance

     DogtagInstance.spawn_instance(self, cfg_file)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 201, in spawn_instance

     self.handle_setup_error(e)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 465, in handle_setup_error

     raise RuntimeError("%s configuration failed." % self.subsystem)

2016-06-02T10:43:16Z DEBUG The ipa-replica-install command failed,
exception: RuntimeError: CA configuration failed.

2016-06-02T10:43:16Z ERROR CA configuration failed.

Of note, there is no /var/log/pki-ca-install.log file nor (as the error
above shows) is there /var/lib/pki/pki-tomcat/ca/conf/CS.cfg.

Best regards,

Dan

cid:image001.jpg@01D1BC9A.CBB33580 <http://www.high5games.com/>

*Daniel Alex Finkelstein*| Senior Dev Ops Engineer

dan.finkelst...@h5g.com <mailto:dan.finkelst...@h5g.com>| 212.604.3447

One World Trade Center, New York, NY 10007

www.high5games.com <http://www.high5games.com/>

Play High 5 Casino <https://apps.facebook.com/highfivecasino/>and Shake
the Sky <https://apps.facebook.com/shakethesky/>

Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter
<https://twitter.com/High5Games>, YouTube
<http://www.youtube.com/High5Games>, Linkedin
<http://www.linkedin.com/company/1072533?trk=tyah>

//

/This message and any attachments may contain confidential or privileged
information and are only for the use of the intended recipient of this
message. If you are not the intended recipient, please notify the sender
by return email, and delete or destroy this and all copies of this
message and all attachments. Any unauthorized disclosure, use,
distribution, or reproduction of this message or any attachments is
prohibited and may be unlawful./

*From: *Sebastian Schäfer <sebastian.schae...@dlr.de>
*Date: *Thursday, June 2, 2016 at 02:59
*To: *"freeipa-users@redhat.com" <freeipa-users@redhat.com>, Daniel
Finkestein <dan.finkelst...@high5games.com>
*Subject: *Re: [Freeipa-users] FreeIPA 4.2.0 on CentOS 7.2 as replica of
FreeIPA 3.0.0 on CentOS 6.8; cannot install CA components as replica,
cannot promote to master

Hi Dan,

I had a similar problem when updating my FreeIPA. In my case it turned

out that the certificates that get bundled with the replica preparation

file were expired. This is due to the /root/cacert.p12 file not being

updated during the preparation process until FreeIPA 3.2.2

The file can be recreated with the commands from step 2 of

http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

If that does not solve the problem, it would be good to see (part of)

the actual logfiles of your replica installation attempt.

Best regards

--

Sebastian Schäfer, M. A.

-------------------------------

Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)

Institute of Space Operations and Astronaut Training

Microgravity User Support Center (MUSC)

Linder Höhe | 51147 Köln

Telefon 02203 601-30 01 | Telefax: 02203 61471 |
sebastian.schae...@dlr.de <mailto:sebastian.schae...@dlr.de>

www.DLR.de

On 06/01/2016 06:45 PM, dan.finkelst...@high5games.com
<mailto:dan.finkelst...@high5games.com> wrote:

    Hi folks,

    As the subject suggests, we're converting from FreeIPA 3.0.0 on CentOS 6

    to 4.2.0 on CentOS 7. The way we're doing it is to create FreeIPA

    replicas in CentOS 7 and then hope to promote one of them to the CA

    master. I'm running into two problems:

    The first is that when we create a replica in FreeIPA 4.2.0 with the

    —setup-ca option, that portion fails. Here's a snippet of the output:

    Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes

    30 seconds

        [1/23]: creating certificate server user

        [2/23]: configuring certificate server instance

    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to

    configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'

    '/tmp/tmpqPeYOW'' returned non-zero exit status 1

    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the

    installation logs and the following files/directories for more
    information:

    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL

    /var/log/pki-ca-install.log

    ipa.ipaserver.install.cainstance.CAInstance: CRITICAL

    /var/log/pki/pki-tomcat

        [error] RuntimeError: CA configuration failed.

    Your system may be partly configured.

    Run /usr/sbin/ipa-server-install --uninstall to clean up.





You need to find the CA logs. All IPA gets is "the install failed" and no details why. Lok in /var/log/pki/pki-tomcat for the relevant logs.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to