[Freeipa] [Bug 1765616] Re: tomcat more or less broken -- java compat issues

Tue, 08 May 2018 10:02:15 -0700 

** Summary changed:

- freeipa server install fails -  RuntimeError: CA configuration failed.
+ tomcat more or less broken -- java compat issues

** No longer affects: freeipa (Ubuntu Bionic)

** No longer affects: freeipa (Ubuntu)

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1765616

Title:
  tomcat more or less broken -- java compat issues

Status in tomcat8 package in Ubuntu:
  Fix Released
Status in tomcat8 source package in Bionic:
  Confirmed
Status in tomcat8 package in Debian:
  New

Bug description:
  [Impact]

  The issue occurs while installing IPA server. More specifically whist
  configuring pki-tomcatd. The following error is produced.

  Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
        [1/28]: configuring certificate server instance
      ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA 
instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', 
'/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn    : ERROR    
....... subprocess.CalledProcessError:  Command '['sysctl', 
'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn    
: ERROR    ........... server did not start after 60s\npkispawn    : ERROR    
....... server failed to restart\n")
      ipaserver.install.dogtaginstance: CRITICAL See the installation logs and 
the following files/directories for more information:
      ipaserver.install.dogtaginstance: CRITICAL   /var/log/pki/pki-tomcat
        [error] RuntimeError: CA configuration failed.
      ipapython.admintool: ERROR    CA configuration failed.
      ipapython.admintool: ERROR    The ipa-server-install command failed. See 
/var/log/ipaserver-install.log for more information

  The cause for this is that tomcat8 is built with JDK9 and is not
  compatible with instances that have to use JRE8 for other reasons.

  [Test Case]

  Install freeipa-server, run ipa-server-install.

  [Regression Potential]

  The fix is a fairly big patch for tomcat8 to modify the code so that
  it runs with JRE8. It passes the upstream test suite though, when run
  with JRE8 though tomcat itself was built with the default JDK.

  [Other info]

  Patch will be sent upstream too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~freeipa
Post to     : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

Reply via email to