Re: [Freeipa-users] ipa-replica-install fails at CA setup
Qing Chang wrote:
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service was available at all at installation stage.
I think we'd need to see the full ipareplica-install.log.
You might also want to see if a ns-slapd process is running and check
/var/log/dirsrv/slapd-REALM/errors for anything interesting.
rob
Thanks,
Qing
On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang tmp...@gmail.com
mailto:tmp...@gmail.com wrote:
CentOS7.1 with IPA server 4.1.
ipa-replica-install --setup-ca --setup-dns ... fails with this
error message:
-
[2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned
non-zero exit status 1
[error] RuntimeError: Configuration of CA failed
-
ipareplica-install.log shows this:
-
2015-04-29T13:40:11Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-04-29T13:40:11Z DEBUG Starting external process
2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpaUGoKX'
2015-04-29T13:40:51Z DEBUG Process finished, return code=1
2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration
from /tmp/tmpaUGoKX.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed.
2015-04-29T13:40:51Z DEBUG stderr=pkispawn: ERROR...
Exception from Java Configuration Servlet: Error in populating
database: Could not connect to LDAP server host mrip
a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to
connect to server ldap://mripa2.mr.ric:389 (91)
2015-04-29T13:40:51Z CRITICAL failed to configure ca instance
Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX''
returned non-zero exit status 1
2015-04-29T13:40:51Z DEBUG Traceback (most recent call last):
File
/usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line 382, in start_creation
run_step(full_msg, method)
File
/usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line 372, in run_step
method()
File
/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 673, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
RuntimeError: Configuration of CA failed
-
I hope this is enough information.
Thanks in advance,
Qing Chang
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails at CA setup
ipareplica-install is big, folowing starts at around step 34/35 for
directory server config (see
red lines), and then CA steup sopped at second step. Relaevnt logs in error
and access are
attched too. It appears at the time when CA setup eed access to dirsrv, it
was down?
- ipareplica-install log -
2015-04-29T13:40:03Z DEBUG Final value after applying updates
2015-04-29T13:40:03Z DEBUG dn: cn=groups,cn=Schema
Compatibility,cn=plugins,cn=config
2015-04-29T13:40:03Z DEBUG schema-compat-entry-attribute:
2015-04-29T13:40:03Z DEBUG objectclass=posixGroup
2015-04-29T13:40:03Z DEBUG gidNumber=%{gidNumber}
2015-04-29T13:40:03Z DEBUG memberUid=%{memberUid}
2015-04-29T13:40:03Z DEBUG memberUid=%deref_r(member,uid)
2015-04-29T13:40:03Z DEBUG
%ifeq(ipauniqueid,%{ipauniqueid},objectclass=ipaOverrideTarget,)
2015-04-29T13:40:03Z DEBUG
%ifeq(ipauniqueid,%{ipauniqueid},ipaanchoruuid=:IPA:mr.ric:%{ipauniqueid},)
2015-04-29T13:40:03Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
2015-04-29T13:40:03Z DEBUG
%ifeq(ipaanchoruuid,%{ipaanchoruuid},objectclass=ipaOverrideTarget,)
2015-04-29T13:40:03Z DEBUG cn:
2015-04-29T13:40:03Z DEBUG groups
2015-04-29T13:40:03Z DEBUG objectClass:
2015-04-29T13:40:03Z DEBUG top
2015-04-29T13:40:03Z DEBUG extensibleObject
2015-04-29T13:40:03Z DEBUG schema-compat-search-filter:
2015-04-29T13:40:03Z DEBUG objectclass=posixGroup
2015-04-29T13:40:03Z DEBUG schema-compat-container-rdn:
2015-04-29T13:40:03Z DEBUG cn=groups
2015-04-29T13:40:03Z DEBUG schema-compat-entry-rdn:
2015-04-29T13:40:03Z DEBUG cn=%{cn}
2015-04-29T13:40:03Z DEBUG schema-compat-search-base:
2015-04-29T13:40:03Z DEBUG cn=groups, cn=accounts, dc=mr,dc=ric
2015-04-29T13:40:03Z DEBUG schema-compat-container-group:
2015-04-29T13:40:03Z DEBUG cn=compat, dc=mr,dc=ric
2015-04-29T13:40:03Z DEBUG duration: 1 seconds
2015-04-29T13:40:03Z DEBUG [34/35]: tuning directory server
2015-04-29T13:40:04Z DEBUG Starting external process
2015-04-29T13:40:04Z DEBUG args='/usr/sbin/selinuxenabled'
2015-04-29T13:40:04Z DEBUG Process finished, return code=0
2015-04-29T13:40:04Z DEBUG stdout=
2015-04-29T13:40:04Z DEBUG stderr=
2015-04-29T13:40:04Z DEBUG Starting external process
2015-04-29T13:40:04Z DEBUG args='/sbin/restorecon'
'/etc/sysconfig/dirsrv.systemd'
2015-04-29T13:40:04Z DEBUG Process finished, return code=0
2015-04-29T13:40:04Z DEBUG stdout=
2015-04-29T13:40:04Z DEBUG stderr=
2015-04-29T13:40:04Z DEBUG Starting external process
2015-04-29T13:40:04Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
2015-04-29T13:40:04Z DEBUG Process finished, return code=0
2015-04-29T13:40:04Z DEBUG stdout=
2015-04-29T13:40:04Z DEBUG stderr=
2015-04-29T13:40:04Z DEBUG Starting external process
2015-04-29T13:40:04Z DEBUG args='/bin/systemctl' 'restart'
'dirsrv@MR-RIC.service'
2015-04-29T13:40:06Z DEBUG Process finished, return code=0
2015-04-29T13:40:06Z DEBUG stdout=
2015-04-29T13:40:06Z DEBUG stderr=
2015-04-29T13:40:06Z DEBUG Starting external process
2015-04-29T13:40:06Z DEBUG args='/bin/systemctl' 'is-active'
'dirsrv@MR-RIC.service'
2015-04-29T13:40:06Z DEBUG Process finished, return code=0
2015-04-29T13:40:06Z DEBUG stdout=active
2015-04-29T13:40:06Z DEBUG stderr=
2015-04-29T13:40:06Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2015-04-29T13:40:10Z DEBUG Starting external process
2015-04-29T13:40:10Z DEBUG args='/bin/systemctl' 'is-active'
'dirsrv@MR-RIC.service'
2015-04-29T13:40:10Z DEBUG Process finished, return code=0
2015-04-29T13:40:10Z DEBUG stdout=active
2015-04-29T13:40:10Z DEBUG stderr=
2015-04-29T13:40:10Z DEBUG Starting external process
2015-04-29T13:40:10Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f'
'/tmp/tmpH_pfpG' '-H' 'ldap://mripa2.mr.ric:389' '-x' '-D' 'cn=Directory
Manager' '-y' '/tmp/tmpqvAwmY'
2015-04-29T13:40:10Z DEBUG Process finished, return code=0
2015-04-29T13:40:10Z DEBUG stdout=replace nsslapd-maxdescriptors:
8192
replace nsslapd-reservedescriptors:
64
modifying entry cn=config
modify complete
2015-04-29T13:40:10Z DEBUG stderr=ldap_initialize(
ldap://mripa2.mr.ric:389/??base )
2015-04-29T13:40:10Z DEBUG duration: 6 seconds
2015-04-29T13:40:10Z DEBUG [35/35]: configuring directory to start on boot
2015-04-29T13:40:10Z DEBUG Starting external process
2015-04-29T13:40:10Z DEBUG args='/bin/systemctl' 'is-enabled'
'dirsrv@MR-RIC.service'
2015-04-29T13:40:10Z DEBUG Process finished, return code=0
2015-04-29T13:40:10Z DEBUG stdout=enabled
2015-04-29T13:40:10Z DEBUG stderr=
2015-04-29T13:40:10Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-04-29T13:40:10Z DEBUG Starting external process
2015-04-29T13:40:10Z DEBUG args='/bin/systemctl' 'disable'
'dirsrv@MR-RIC.service'
2015-04-29T13:40:11Z DEBUG Process finished, return code=0
2015-04-29T13:40:11Z DEBUG stdout=
2015-04-29T13:40:11Z DEBUG stderr=rm
'/etc/systemd/system/dirsrv.target.wants/dirsrv@MR-RIC.service'
2015-04-29T13:40:11Z DEBUG duration: 0 seconds
[Freeipa-users] ipa-replica-install fails at CA setup
CentOS7.1 with IPA server 4.1.
ipa-replica-install --setup-ca --setup-dns ... fails with this error
message:
-
[2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero
exit status 1
[error] RuntimeError: Configuration of CA failed
-
ipareplica-install.log shows this:
-
2015-04-29T13:40:11Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-04-29T13:40:11Z DEBUG Starting external process
2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpaUGoKX'
2015-04-29T13:40:51Z DEBUG Process finished, return code=1
2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration from
/tmp/tmpaUGoKX.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed.
2015-04-29T13:40:51Z DEBUG stderr=pkispawn: ERROR... Exception
from Java Configuration Servlet: Error in populating database: Could not
connect to LDAP server host mrip
a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to connect to
server ldap://mripa2.mr.ric:389 (91)
2015-04-29T13:40:51Z CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero
exit status 1
2015-04-29T13:40:51Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line 382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line 372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 673, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
RuntimeError: Configuration of CA failed
-
I hope this is enough information.
Thanks in advance,
Qing Chang
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails at CA setup
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service was available at all at installation stage.
Thanks,
Qing
On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang tmp...@gmail.com wrote:
CentOS7.1 with IPA server 4.1.
ipa-replica-install --setup-ca --setup-dns ... fails with this error
message:
-
[2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero
exit status 1
[error] RuntimeError: Configuration of CA failed
-
ipareplica-install.log shows this:
-
2015-04-29T13:40:11Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-04-29T13:40:11Z DEBUG Starting external process
2015-04-29T13:40:11Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpaUGoKX'
2015-04-29T13:40:51Z DEBUG Process finished, return code=1
2015-04-29T13:40:51Z DEBUG stdout=Loading deployment configuration from
/tmp/tmpaUGoKX.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed.
2015-04-29T13:40:51Z DEBUG stderr=pkispawn: ERROR... Exception
from Java Configuration Servlet: Error in populating database: Could not
connect to LDAP server host mrip
a2.mr.ric port 389 Error netscape.ldap.LDAPException: failed to connect to
server ldap://mripa2.mr.ric:389 (91)
2015-04-29T13:40:51Z CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned non-zero
exit status 1
2015-04-29T13:40:51Z DEBUG Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line 382, in start_creation
run_step(full_msg, method)
File /usr/lib/python2.7/site-packages/ipaserver/install/service.py,
line 372, in run_step
method()
File /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py,
line 673, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
RuntimeError: Configuration of CA failed
-
I hope this is enough information.
Thanks in advance,
Qing Chang
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
