mbasti-rh commented on a pull request
"""
On replica:
```
[root@vm-058-017 ~]# ipa-ca-install
Directory Manager (existing master) password:
Run connection check to master
Connection check OK
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
[1/25]: creating certificate server user
[2/25]: creating certificate server db
[3/25]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 2 seconds elapsed
Update succeeded
[4/25]: creating installation admin user
[5/25]: setting up certificate server
[6/25]: stopping instance to update CS.cfg
[7/25]: backing up CS.cfg
[8/25]: disabling nonces
[9/25]: set up CRL publishing
[10/25]: enable PKIX certificate path discovery and validation
[11/25]: set up client auth to db
[12/25]: destroying installation admin user
[13/25]: Ensure lightweight CAs container exists
[14/25]: Configure lightweight CA key retrieval
[15/25]: starting instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the
Dogtag instance.See the installation log for details.
[16/25]: importing CA chain to RA certificate database
[error] RuntimeError: Unable to retrieve CA chain: request failed with HTTP
status 500
```
```
2016-08-26T12:41:39Z DEBUG The CA status is: check interrupted due to error:
Retrieving CA status failed with status 500
2016-08-26T12:41:39Z DEBUG Waiting for CA to start...
2016-08-26T12:41:40Z DEBUG request POST
http://vm-058-017.abc.idm.lab.eng.brq.redhat.com:8080/ca/admin/ca/getStatus
2016-08-26T12:41:40Z DEBUG request body ''
2016-08-26T12:41:40Z DEBUG response status 500
2016-08-26T12:41:40Z DEBUG response headers {'content-length': '2351',
'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close',
'date': 'Fri, 26 Aug 2016 12:41:40 GMT', 'content-type': 'te
xt/html;charset=utf-8'}
2016-08-26T12:41:40Z DEBUG response body 'Apache Tomcat/8.0.32 - Error reportH1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:
#525D76;font-size:22px;} H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;
} BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P
{font-family:Tahoma,Arial,sans-serif;background:wh
ite;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line
{height: 1px; background-color: #525D76; border: none;}
HTTP Status 500 - Subsystem unavailabletype Exception reportmessage
Subsystem unavailabledescription The server encountered
an internal error that prevented it from fulfilling this requ
est.exceptionjavax.ws.rs.ServiceUnavailableException:
Subsystem
unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:138)\n\torg.apache.catalina.au
thenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)\n\torg.apache.catalina.valves.AbstractAccessLogValve.invoke(Abstra
ctAccessLogValve.java:616)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)\n\torg.apa
che.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)\n\torg.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)\n\torg.apache.tomcat.util.net.NioEn
dpoint$SocketProcessor.run(NioEndpoint.java:1456)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
617)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:745)\nnote
The full stack trace of the root cause is available in
the Apache Tomcat/8.0.32 logs.Apache
Tomcat/8.0.32'
2016-08-26T12:41:40Z DEBUG The CA status is: check interrupted due to error:
Retrieving CA status failed with status 500
2016-08-26T12:41:40Z DEBUG Waiting for CA to start...
2016-08-26T12:41:41Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 194, in start_instance
self.start('pki-tomcat')
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
345, in start
self.service.start(instance_name, capture_output=capture_output, wait=wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
218, in start
self.wait_until_running()
File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
212, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
```
Debug
