Same issue here. Adding haveged reduced the error count, but still failed with 2 processors and 2gb. 3 processors and 3gb failed with a network error
[24/28]: migrating certificate profiles to LDAP [error] NetworkError: cannot connect to 'https://directory1.ri.mamabosso.com:8443/ca/rest/account/logout': [Errno 104] Connection reset by peer ipapython.admintool: ERROR cannot connect to 'https://XXXXXXXXXXXXXXXXXX.com:8443/ca/rest/account/logout': [Errno 104] Connection reset by peer ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information 4gb and 4 processors: CPU usage 100$ after 10/28 was printed. (requesting RA cert..) Usage at 100% through step 21 (restarting cert server), and.. 24 migrating cert profiles...(where it failed before)... 55% cpu usage.. 37%... 43%... 64%... 87%... 73%... and failed again: [24/28]: migrating certificate profiles to LDAP [error] NetworkError: cannot connect to 'https://directory1.ri.mamabosso.com:8443/ca/rest/account/logout': [Errno 111] Connection refused ipapython.admintool: ERROR cannot connect to 'https://XXXXXXXXXXXXXXX.com:8443/ca/rest/account/logout': [Errno 111] Connection refused ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information from the log: 2018-06-21T15:49:02Z DEBUG request POST https://directory1.ri.mamabosso.com:8443/ca/rest/profiles/raw 2018-06-21T15:49:02Z DEBUG request body "desc=This certificate profile is for ... 2018-06-21T15:49:02Z DEBUG httplib request failed: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/ipapython/dogtag.py", line 220, in _httplib_request conn.request(method, uri, body=request_body, headers=headers) File "/usr/lib/python2.7/httplib.py", line 1042, in request self._send_request(method, url, body, headers) File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request self.endheaders(body) File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders self._send_output(message_body) File "/usr/lib/python2.7/httplib.py", line 882, in _send_output self.send(msg) File "/usr/lib/python2.7/httplib.py", line 844, in send self.connect() File "/usr/lib/python2.7/httplib.py", line 1263, in connect server_hostname=server_hostname) File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket _context=self) File "/usr/lib/python2.7/ssl.py", line 617, in __init__ self.do_handshake() File "/usr/lib/python2.7/ssl.py", line 846, in do_handshake self._sslobj.do_handshake() error: [Errno 104] Connection reset by peer 2018-06-21T15:49:02Z DEBUG request GET https://directory1.ri.mamabosso.com:8443/ca/rest/account/logout 2018-06-21T15:49:02Z DEBUG request body '' 2018-06-21T15:49:02Z DEBUG httplib request failed: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/ipapython/dogtag.py", line 220, in _httplib_request conn.request(method, uri, body=request_body, headers=headers) File "/usr/lib/python2.7/httplib.py", line 1042, in request self._send_request(method, url, body, headers) File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request self.endheaders(body) File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders self._send_output(message_body) File "/usr/lib/python2.7/httplib.py", line 882, in _send_output self.send(msg) File "/usr/lib/python2.7/httplib.py", line 844, in send self.connect() File "/usr/lib/python2.7/httplib.py", line 1255, in connect HTTPConnection.connect(self) File "/usr/lib/python2.7/httplib.py", line 821, in connect self.timeout, self.source_address) File "/usr/lib/python2.7/socket.py", line 575, in create_connection raise err error: [Errno 111] Connection refused 2018-06-21T15:49:02Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step method() File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 1790, in migrate_profiles_to_ldap _create_dogtag_profile(profile_id, profile_data, overwrite=False) File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 1823, in _create_dogtag_profile profile_id) File "/usr/lib/python2.7/dist-packages/ipaserver/plugins/dogtag.py", line 1312, in __exit__ method='GET' File "/usr/lib/python2.7/dist-packages/ipapython/dogtag.py", line 167, in https_request method=method, headers=headers) File "/usr/lib/python2.7/dist-packages/ipapython/dogtag.py", line 229, in _httplib_request raise NetworkError(uri=uri, error=str(e)) NetworkError: cannot connect to 'https://directory1.ri.mamabosso.com:8443/ca/rest/account/logout': [Errno 111] Connection refused 2018-06-21T15:49:02Z DEBUG [error] NetworkError: cannot connect to 'https://directory1.ri.mamabosso.com:8443/ca/rest/account/logout': [Errno 111] Connection refused 2018-06-21T15:49:02Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in execute return_value = self.run() File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 364, in run return self.execute() File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 389, in execute for rval in self._executor(): File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 658, in _configure next(executor) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/__init__.py", line 581, in main master_install(self) File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 252, in decorated func(installer) File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 838, in install ca.install_step_0(False, None, options) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ca.py", line 326, in install_step_0 use_ldaps=standalone) File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 473, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step method() File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 1790, in migrate_profiles_to_ldap _create_dogtag_profile(profile_id, profile_data, overwrite=False) File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 1823, in _create_dogtag_profile profile_id) File "/usr/lib/python2.7/dist-packages/ipaserver/plugins/dogtag.py", line 1312, in __exit__ method='GET' File "/usr/lib/python2.7/dist-packages/ipapython/dogtag.py", line 167, in https_request method=method, headers=headers) File "/usr/lib/python2.7/dist-packages/ipapython/dogtag.py", line 229, in _httplib_request raise NetworkError(uri=uri, error=str(e)) 2018-06-21T15:49:02Z DEBUG The ipa-server-install command failed,... -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1627371 Title: Timing problems with FreeIPA installation Status in dogtag-pki package in Ubuntu: Confirmed Status in freeipa package in Ubuntu: Confirmed Bug description: While installing FreeIPA I came accross two situations that turned out to be timing problems. In both cases, the installation procedure was attempting to access the certificate server immediately after a restart, and the server was not listening. The first one is at step 10 of "Configuring certificate server (pki_tomcatd)": [10/28]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused ipa.ipapython.install.cli.install_tool(Server): ERROR Unable to retrieve CA chain: [Errno 111] Connection refused The second is at step 25: [25/28]: migrating certificate profiles to LDAP [error] NetworkError: cannot connect to 'https://server.name:8443/ca/rest/account/login': Could not connect to server.name using any address: (PR_ADDRESS_NOT_SUPPORTED_ERROR) Network address type not supported. My solution was to add a delay at the top of the functions for those steps. def __import_ca_chain(self): + ##====================== + # Add wait time to allow certificate server to start up + # + time.sleep(10) chain = self.__get_ca_chain() ... def migrate_profiles_to_ldap(): """Migrate profiles from filesystem to LDAP. This must be run *after* switching to the LDAPProfileSubsystem and restarting the CA. The profile might already exist, e.g. if a replica was already upgraded, so this case is ignored. """ + ##====================== + # Add wait time to allow certificate server to start up + # + time.sleep(20) ensure_ldap_profiles_container() It might be necessary to adjust the sleep time. These bugs are intermittent and they may not appear at all. In my case, one KVM machine had no problems whatsoever while another had problems at the "migrate profiles ..." step. Both problems showed up on one Raspberry Pi. There were also time differences between runs. So, one needs to be _very_ patient. This is all on Ubuntu Xenial. freeipa-server 4.3.1-0ubuntu1. The RaspberryPi is a pi 2B To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/1627371/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp