On 16.03.2017 01:34, Fraser Tweedale wrote: > On Wed, Mar 15, 2017 at 06:32:42PM -0400, Chris Dagdigian wrote: >> Any tips for diving into this a bit more to troubleshoot? >> >> For the 1st time I'm setting up an ipa-server 4.4 replica with CA features >> enabled but the replica install seems to hang forever here: >> >> ... >> ... >> ... >> Done configuring directory server (dirsrv). >> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 >> seconds >> [1/27]: creating certificate server user >> [2/27]: configuring certificate server instance >> [3/27]: stopping certificate server instance to update CS.cfg >> [4/27]: backing up CS.cfg >> [5/27]: disabling nonces >> [6/27]: set up CRL publishing >> [7/27]: enable PKIX certificate path discovery and validation >> [8/27]: starting certificate server instance >> >> < no output after this > >> >> >> The replica-install.log file ends here: >> >> ... >> ... >> ... >> 2017-03-15T22:16:05Z DEBUG Starting external process >> 2017-03-15T22:16:05Z DEBUG args=/bin/systemctl is-active >> pki-tomcatd@pki-tomcat.service >> 2017-03-15T22:16:05Z DEBUG Process finished, return code=0 >> 2017-03-15T22:16:05Z DEBUG stdout=active >> >> 2017-03-15T22:16:05Z DEBUG stderr= >> 2017-03-15T22:16:05Z DEBUG wait_for_open_ports: localhost [8080, 8443] >> timeout 300 >> 2017-03-15T22:16:06Z DEBUG Waiting until the CA is running >> 2017-03-15T22:16:06Z DEBUG request POST >> http://deawilidmp001.XXX.org:8080/ca/admin/ca/getStatus >> 2017-03-15T22:16:06Z DEBUG request body '' >> >> >> >> >> I've confirmed that SELINUX is disabled, there is no firewall and the AWS >> Security Groups are allowing TCP:8080 and TCP:8443 to the replica instance. >> The systemctl command also verifies that >> pki-tomcatd@pki-tomcat.service is "active" as well. >> >> >> Any tips for debugging further? >> > Could you please provide the /var/log/pki/pki-tomcat/ca/debug log > file? > > Thanks, > Fraser >
Could it be this? https://pagure.io/freeipa/issue/6766
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project