Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Endi Sukma Dewata edew...@redhat.com hat am 1. April 2015 um 23:56
geschrieben:
On 4/1/2015 4:29 PM, Markus Roth wrote:
Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie:
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote:
On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
...
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3
minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
...
I uninstalled the ipa server completely several times and installed
it again.
But it always stops at the same step with the setup.
Can anybody help?
Based on the IPA install log alone it looks like the DS is already
started, and the Dogtag is already started too in step [3/27]. It's the
restart on step [8/27] that is failing.
We will need to see the Dogtag debug log in order to know if Dogtag is
indeed failing to restart or the installer for some reason cannot
connect to Dogtag.
Hi Markus,
Based on the logs that you sent me, the Dogtag took a really long time
to start:
INFORMATION: Server startup in 739700 ms
More than half of that time was spent starting the CA subsystem alone:
INFORMATION: Deployment of configuration descriptor /etc/pki
/pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms
The whole (failed) IPA installation took about 38 minutes. Is this correct?
It's possible the system was running out of entropy. You might want to
install haveged or rngd. See:
http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-ent
ropy-for-cloud-servers-using-haveged
However, the system seems to be running very slowly in general. How
powerful is this machine?
Hi Endi
the system is a banana pi system. Seems that this ARM CPU based system isn't
suitable for FreeIPA
The installation might still succeed if IPA doesn't have the 300s time
limit. If you want to try, you probably can specify a larger
startup_timeout in ~/.ipa/default.conf, or change the code in
ipaplatform/redhat/services.py to wait indefinitely, and see what
happens. I don't know if it will be usable though.
--
Endi S. Dewata
Yersterday I did the installation of freeipa on my banana Pi with modifying the
source file ipalib/constants.py:('startup_timeout', 300). I changed it to
900 s. And the setup process was successful! The start of the CA had a duration
of 630s! But after the installation freeipa is usable on the banana Pi.
Thanks to Endi for help.
Markus Roth--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On Wed, Apr 8, 2015 at 7:57 AM, Markus Roth mar...@die5roths.de wrote:
Yersterday I did the installation of freeipa on my banana Pi with
modifying the source file ipalib/constants.py:('startup_timeout', 300).
I changed it to 900 s. And the setup process was successful! The start of
the CA had a duration of 630s! But after the installation freeipa is usable
on the banana Pi.
Thanks to Endi for help.
this is really cooll :-) Thanks for sharing,
If only one could get a small ssd on it starting up would be much faster.
--
Groeten,
natxo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Martin Kosek mko...@redhat.com hat am 8. April 2015 um 10:59 geschrieben:
On 04/08/2015 07:57 AM, Markus Roth wrote:
Endi Sukma Dewata edew...@redhat.com hat am 1. April 2015 um 23:56
geschrieben:
On 4/1/2015 4:29 PM, Markus Roth wrote:
Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie:
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote:
On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
...
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3
minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
...
I uninstalled the ipa server completely several times and installed
it again.
But it always stops at the same step with the setup.
Can anybody help?
Based on the IPA install log alone it looks like the DS is already
started, and the Dogtag is already started too in step [3/27]. It's the
restart on step [8/27] that is failing.
We will need to see the Dogtag debug log in order to know if Dogtag is
indeed failing to restart or the installer for some reason cannot
connect to Dogtag.
Hi Markus,
Based on the logs that you sent me, the Dogtag took a really long time
to start:
INFORMATION: Server startup in 739700 ms
More than half of that time was spent starting the CA subsystem alone:
INFORMATION: Deployment of configuration descriptor /etc/pki
/pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms
The whole (failed) IPA installation took about 38 minutes. Is this
correct?
It's possible the system was running out of entropy. You might want to
install haveged or rngd. See:
http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-ent
ropy-for-cloud-servers-using-haveged
However, the system seems to be running very slowly in general. How
powerful is this machine?
Hi Endi
the system is a banana pi system. Seems that this ARM CPU based system
isn't
suitable for FreeIPA
The installation might still succeed if IPA doesn't have the 300s time
limit. If you want to try, you probably can specify a larger
startup_timeout in ~/.ipa/default.conf, or change the code in
ipaplatform/redhat/services.py to wait indefinitely, and see what
happens. I don't know if it will be usable though.
--
Endi S. Dewata
Yersterday I did the installation of freeipa on my banana Pi with modifying
the
source file ipalib/constants.py: ('startup_timeout', 300). I changed it to
900 s. And the setup process was successful! The start of the CA had a
duration
of 630s! But after the installation freeipa is usable on the banana Pi.
Thanks to Endi for help.
That's cool! Do you think that your experience from making it work could form
a
nice HOWTO article on
http://www.freeipa.org/page/HowTos
? Maybe it would help others who would want to follow your example on FreeIPA
at *Pi devices :-)
Of course, I can write this HowTo.--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On 04/08/2015 07:57 AM, Markus Roth wrote:
Endi Sukma Dewata edew...@redhat.com hat am 1. April 2015 um 23:56
geschrieben:
On 4/1/2015 4:29 PM, Markus Roth wrote:
Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie:
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote:
On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
...
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3
minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
...
I uninstalled the ipa server completely several times and installed
it again.
But it always stops at the same step with the setup.
Can anybody help?
Based on the IPA install log alone it looks like the DS is already
started, and the Dogtag is already started too in step [3/27]. It's the
restart on step [8/27] that is failing.
We will need to see the Dogtag debug log in order to know if Dogtag is
indeed failing to restart or the installer for some reason cannot
connect to Dogtag.
Hi Markus,
Based on the logs that you sent me, the Dogtag took a really long time
to start:
INFORMATION: Server startup in 739700 ms
More than half of that time was spent starting the CA subsystem alone:
INFORMATION: Deployment of configuration descriptor /etc/pki
/pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms
The whole (failed) IPA installation took about 38 minutes. Is this correct?
It's possible the system was running out of entropy. You might want to
install haveged or rngd. See:
http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-ent
ropy-for-cloud-servers-using-haveged
However, the system seems to be running very slowly in general. How
powerful is this machine?
Hi Endi
the system is a banana pi system. Seems that this ARM CPU based system isn't
suitable for FreeIPA
The installation might still succeed if IPA doesn't have the 300s time
limit. If you want to try, you probably can specify a larger
startup_timeout in ~/.ipa/default.conf, or change the code in
ipaplatform/redhat/services.py to wait indefinitely, and see what
happens. I don't know if it will be usable though.
--
Endi S. Dewata
Yersterday I did the installation of freeipa on my banana Pi with modifying
the
source file ipalib/constants.py:('startup_timeout', 300). I changed it to
900 s. And the setup process was successful! The start of the CA had a
duration
of 630s! But after the installation freeipa is usable on the banana Pi.
Thanks to Endi for help.
That's cool! Do you think that your experience from making it work could form a
nice HOWTO article on
http://www.freeipa.org/page/HowTos
? Maybe it would help others who would want to follow your example on FreeIPA
at *Pi devices :-)
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On 03/31/2015 07:58 PM, Dmitri Pal wrote:
On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py, line 642, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1183, in main
ca_signing_algorithm=options.ca_signing_algorithm)
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 520, in configure_instance
self.start_creation(runtime=210)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Markus
Not sure if this might be related, at least is a place where to look at..
https://bugzilla.redhat.com/show_bug.cgi?id=1196455
thanks
On 31/03/2015 10:54, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py, line 642, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1183, in main
ca_signing_algorithm=options.ca_signing_algorithm)
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 520, in configure_instance
self.start_creation(runtime=210)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
223, in
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
I had this error during my first installation. It turned out the problem
was that port 8443 was already used by another process.
Roberto
On 31 March 2015 at 19:54, Markus Roth mar...@die5roths.de wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in
300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py, line 642, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1183, in main
ca_signing_algorithm=options.ca_signing_algorithm)
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 520, in configure_instance
self.start_creation(runtime=210)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
229, in start
self.wait_until_running()
File
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Hmm, really? The port 8443 is already checked in FreeIPA 4.0.4 or later, based
on this ticket:
https://fedorahosted.org/freeipa/ticket/4564
If your installation crashed because port 8443 was occupied, the fix 4564 is
either incomplete or non-functional and we should fix it.
On 04/01/2015 01:38 PM, Roberto Cornacchia wrote:
I had this error during my first installation. It turned out the problem
was that port 8443 was already used by another process.
Roberto
On 31 March 2015 at 19:54, Markus Roth mar...@die5roths.de wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in
300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py, line 642, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1183, in main
ca_signing_algorithm=options.ca_signing_algorithm)
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 520, in configure_instance
self.start_creation(runtime=210)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Unfortunately I don't have the log anymore, as it was overwritten by the
following successful installation.
But the personal log I kept manually says (this was freeIPA 4.1.2):
...
Restarting the directory server
Restarting the KDC
Restarting the certificate server
CA did not start in 300.0s
It seems that Stash was already using port 8443.
Changed Stash configuration and (just to be sure) stopped both Jira and
Stash before attempting again
Ran
$ ipa-server-install --uninstall
and tried installation again.
Succeeded:
On 1 April 2015 at 16:17, Martin Kosek mko...@redhat.com wrote:
Hmm, really? The port 8443 is already checked in FreeIPA 4.0.4 or later,
based
on this ticket:
https://fedorahosted.org/freeipa/ticket/4564
If your installation crashed because port 8443 was occupied, the fix 4564
is
either incomplete or non-functional and we should fix it.
On 04/01/2015 01:38 PM, Roberto Cornacchia wrote:
I had this error during my first installation. It turned out the problem
was that port 8443 was already used by another process.
Roberto
On 31 March 2015 at 19:54, Markus Roth mar...@die5roths.de wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
372, in run_step
method()
File
/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File
/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
229, in start
self.wait_until_running()
File
/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py,
line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in
300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On 4/1/2015 2:29 AM, Martin Kosek wrote: On 03/31/2015 07:58 PM, Dmitri Pal wrote: On 03/31/2015 01:54 PM, Markus Roth wrote: Hi all, I want setup freeipa 4.1.3 on a fresh installed fedora 21. The ipa-server-install shows the following output: ... Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user [2/27]: configuring certificate server instance [3/27]: stopping certificate server instance to update CS.cfg [4/27]: backing up CS.cfg [5/27]: disabling nonces [6/27]: set up CRL publishing [7/27]: enable PKIX certificate path discovery and validation [8/27]: starting certificate server instance [error] RuntimeError: CA did not start in 300.0s CA did not start in 300.0s The ipa server install log shows this: 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted 2015-03-31T17:39:35Z DEBUG Waiting for CA to start... ... I uninstalled the ipa server completely several times and installed it again. But it always stops at the same step with the setup. Can anybody help? Markus. Please provide install logs, and look at directory server and PKI server logs created during the installation. It seems that Dogtag did not start. It usually does not start when the DS under it does not start. The logs would show that. DS does not start does because of different issues. Can bind to the port for example. So please review the logs and see what they reveal. This might help you with details http://www.freeipa.org/page/Troubleshooting +1. CCing Dogtag guys for reference. Based on the IPA install log alone it looks like the DS is already started, and the Dogtag is already started too in step [3/27]. It's the restart on step [8/27] that is failing. We will need to see the Dogtag debug log in order to know if Dogtag is indeed failing to restart or the installer for some reason cannot connect to Dogtag. -- Endi S. Dewata -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On 4/1/2015 4:29 PM, Markus Roth wrote: Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie: On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote: On 03/31/2015 01:54 PM, Markus Roth wrote: Hi all, I want setup freeipa 4.1.3 on a fresh installed fedora 21. The ipa-server-install shows the following output: ... Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user [2/27]: configuring certificate server instance [3/27]: stopping certificate server instance to update CS.cfg [4/27]: backing up CS.cfg [5/27]: disabling nonces [6/27]: set up CRL publishing [7/27]: enable PKIX certificate path discovery and validation [8/27]: starting certificate server instance [error] RuntimeError: CA did not start in 300.0s CA did not start in 300.0s The ipa server install log shows this: 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted 2015-03-31T17:39:35Z DEBUG Waiting for CA to start... ... I uninstalled the ipa server completely several times and installed it again. But it always stops at the same step with the setup. Can anybody help? Based on the IPA install log alone it looks like the DS is already started, and the Dogtag is already started too in step [3/27]. It's the restart on step [8/27] that is failing. We will need to see the Dogtag debug log in order to know if Dogtag is indeed failing to restart or the installer for some reason cannot connect to Dogtag. Hi Markus, Based on the logs that you sent me, the Dogtag took a really long time to start: INFORMATION: Server startup in 739700 ms More than half of that time was spent starting the CA subsystem alone: INFORMATION: Deployment of configuration descriptor /etc/pki /pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms The whole (failed) IPA installation took about 38 minutes. Is this correct? It's possible the system was running out of entropy. You might want to install haveged or rngd. See: http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ https://www.digitalocean.com/community/tutorials/how-to-setup-additional-ent ropy-for-cloud-servers-using-haveged However, the system seems to be running very slowly in general. How powerful is this machine? Hi Endi the system is a banana pi system. Seems that this ARM CPU based system isn't suitable for FreeIPA The installation might still succeed if IPA doesn't have the 300s time limit. If you want to try, you probably can specify a larger startup_timeout in ~/.ipa/default.conf, or change the code in ipaplatform/redhat/services.py to wait indefinitely, and see what happens. I don't know if it will be usable though. -- Endi S. Dewata -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Am Mittwoch, 1. April 2015, 16:56:51 schrieb Endi Sukma Dewata: On 4/1/2015 4:29 PM, Markus Roth wrote: Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie: On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote: On 03/31/2015 01:54 PM, Markus Roth wrote: Hi all, I want setup freeipa 4.1.3 on a fresh installed fedora 21. The ipa-server-install shows the following output: ... Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user [2/27]: configuring certificate server instance [3/27]: stopping certificate server instance to update CS.cfg [4/27]: backing up CS.cfg [5/27]: disabling nonces [6/27]: set up CRL publishing [7/27]: enable PKIX certificate path discovery and validation [8/27]: starting certificate server instance [error] RuntimeError: CA did not start in 300.0s CA did not start in 300.0s The ipa server install log shows this: 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted 2015-03-31T17:39:35Z DEBUG Waiting for CA to start... ... I uninstalled the ipa server completely several times and installed it again. But it always stops at the same step with the setup. Can anybody help? Based on the IPA install log alone it looks like the DS is already started, and the Dogtag is already started too in step [3/27]. It's the restart on step [8/27] that is failing. We will need to see the Dogtag debug log in order to know if Dogtag is indeed failing to restart or the installer for some reason cannot connect to Dogtag. Hi Markus, Based on the logs that you sent me, the Dogtag took a really long time to start: INFORMATION: Server startup in 739700 ms More than half of that time was spent starting the CA subsystem alone: INFORMATION: Deployment of configuration descriptor /etc/pki /pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms The whole (failed) IPA installation took about 38 minutes. Is this correct? It's possible the system was running out of entropy. You might want to install haveged or rngd. See: http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ https://www.digitalocean.com/community/tutorials/how-to-setup-additional- ent ropy-for-cloud-servers-using-haveged However, the system seems to be running very slowly in general. How powerful is this machine? Hi Endi the system is a banana pi system. Seems that this ARM CPU based system isn't suitable for FreeIPA The installation might still succeed if IPA doesn't have the 300s time limit. If you want to try, you probably can specify a larger startup_timeout in ~/.ipa/default.conf, or change the code in ipaplatform/redhat/services.py to wait indefinitely, and see what happens. I don't know if it will be usable though. I will try it in the next days. I'll give feedback if IPA is suitable as small server (four users). -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie: On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote: On 03/31/2015 01:54 PM, Markus Roth wrote: Hi all, I want setup freeipa 4.1.3 on a fresh installed fedora 21. The ipa-server-install shows the following output: ... Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user [2/27]: configuring certificate server instance [3/27]: stopping certificate server instance to update CS.cfg [4/27]: backing up CS.cfg [5/27]: disabling nonces [6/27]: set up CRL publishing [7/27]: enable PKIX certificate path discovery and validation [8/27]: starting certificate server instance [error] RuntimeError: CA did not start in 300.0s CA did not start in 300.0s The ipa server install log shows this: 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted 2015-03-31T17:39:35Z DEBUG Waiting for CA to start... ... I uninstalled the ipa server completely several times and installed it again. But it always stops at the same step with the setup. Can anybody help? Based on the IPA install log alone it looks like the DS is already started, and the Dogtag is already started too in step [3/27]. It's the restart on step [8/27] that is failing. We will need to see the Dogtag debug log in order to know if Dogtag is indeed failing to restart or the installer for some reason cannot connect to Dogtag. Hi Markus, Based on the logs that you sent me, the Dogtag took a really long time to start: INFORMATION: Server startup in 739700 ms More than half of that time was spent starting the CA subsystem alone: INFORMATION: Deployment of configuration descriptor /etc/pki /pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms The whole (failed) IPA installation took about 38 minutes. Is this correct? It's possible the system was running out of entropy. You might want to install haveged or rngd. See: http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ https://www.digitalocean.com/community/tutorials/how-to-setup-additional-ent ropy-for-cloud-servers-using-haveged However, the system seems to be running very slowly in general. How powerful is this machine? Hi Endi the system is a banana pi system. Seems that this ARM CPU based system isn't suitable for FreeIPA -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote: On 03/31/2015 01:54 PM, Markus Roth wrote: Hi all, I want setup freeipa 4.1.3 on a fresh installed fedora 21. The ipa-server-install shows the following output: ... Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user [2/27]: configuring certificate server instance [3/27]: stopping certificate server instance to update CS.cfg [4/27]: backing up CS.cfg [5/27]: disabling nonces [6/27]: set up CRL publishing [7/27]: enable PKIX certificate path discovery and validation [8/27]: starting certificate server instance [error] RuntimeError: CA did not start in 300.0s CA did not start in 300.0s The ipa server install log shows this: 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted 2015-03-31T17:39:35Z DEBUG Waiting for CA to start... ... I uninstalled the ipa server completely several times and installed it again. But it always stops at the same step with the setup. Can anybody help? Based on the IPA install log alone it looks like the DS is already started, and the Dogtag is already started too in step [3/27]. It's the restart on step [8/27] that is failing. We will need to see the Dogtag debug log in order to know if Dogtag is indeed failing to restart or the installer for some reason cannot connect to Dogtag. Hi Markus, Based on the logs that you sent me, the Dogtag took a really long time to start: INFORMATION: Server startup in 739700 ms More than half of that time was spent starting the CA subsystem alone: INFORMATION: Deployment of configuration descriptor /etc/pki /pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms The whole (failed) IPA installation took about 38 minutes. Is this correct? It's possible the system was running out of entropy. You might want to install haveged or rngd. See: http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged However, the system seems to be running very slowly in general. How powerful is this machine? -- Endi S. Dewata -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Setup of freeipa 4.1.3 failed
On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py, line 642, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1183, in main
ca_signing_algorithm=options.ca_signing_algorithm)
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 520, in configure_instance
self.start_creation(runtime=210)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
2015-03-31T17:39:36Z DEBUG The ipa-server-install command failed,
[Freeipa-users] Setup of freeipa 4.1.3 failed
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server instance
[3/27]: stopping certificate server instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path discovery and validation
[8/27]: starting certificate server instance
[error] RuntimeError: CA did not start in 300.0s
CA did not start in 300.0s
The ipa server install log shows this:
2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted
2015-03-31T17:39:35Z DEBUG Waiting for CA to start...
2015-03-31T17:39:36Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG [error] RuntimeError: CA did not start in 300.0s
2015-03-31T17:39:36Z DEBUG File /usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py, line 642, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1183, in main
ca_signing_algorithm=options.ca_signing_algorithm)
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 520, in configure_instance
self.start_creation(runtime=210)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 526, in __start
self.start()
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
279, in start
self.service.start(instance_name, capture_output=capture_output,
wait=wait)
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
229, in start
self.wait_until_running()
File /usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py, line
223, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
2015-03-31T17:39:36Z DEBUG The ipa-server-install command failed, exception:
RuntimeError: CA did not start in 300.0s
I uninstalled the ipa server completely several times and
