[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
** Changed in: tomcat8 (Debian) Status: Unknown => New -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed. Status in freeipa package in Ubuntu: Invalid Status in tomcat8 package in Ubuntu: In Progress Status in freeipa source package in Bionic: Invalid Status in tomcat8 source package in Bionic: Confirmed Status in tomcat8 package in Debian: New Bug description: [Impact] The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information The cause for this is that tomcat8 is built with JDK9 and is not compatible with instances that have to use JRE8 for other reasons. [Test Case] Install freeipa-server, run ipa-server-install. [Regression Potential] The fix is a fairly big patch for tomcat8 to modify the code so that it runs with JRE8. It passes the upstream test suite though, when run with JRE8 though tomcat itself was built with the default JDK. [Other info] Patch will be sent upstream too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1765616/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
I've uploaded a new tomcat8 (8.5.30-1ubuntu1.2) to ppa:freeipa/ppa https://launchpad.net/~freeipa/+archive/ubuntu/ppa -1ubuntu1.1 has an incomplete patch and doesn't work properly ** Changed in: tomcat8 (Ubuntu Bionic) Importance: Undecided => Critical ** Bug watch added: Debian Bug tracker #895866 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895866 ** Also affects: tomcat8 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895866 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed. Status in freeipa package in Ubuntu: Invalid Status in tomcat8 package in Ubuntu: In Progress Status in freeipa source package in Bionic: Invalid Status in tomcat8 source package in Bionic: Confirmed Status in tomcat8 package in Debian: Unknown Bug description: [Impact] The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information The cause for this is that tomcat8 is built with JDK9 and is not compatible with instances that have to use JRE8 for other reasons. [Test Case] Install freeipa-server, run ipa-server-install. [Regression Potential] The fix is a fairly big patch for tomcat8 to modify the code so that it runs with JRE8. It passes the upstream test suite though, when run with JRE8 though tomcat itself was built with the default JDK. [Other info] Patch will be sent upstream too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1765616/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
** Description changed: - DESCRIPTION + [Impact] The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes - [1/28]: configuring certificate server instance - ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") - ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: - ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat - [error] RuntimeError: CA configuration failed. - ipapython.admintool: ERRORCA configuration failed. - ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information + [1/28]: configuring certificate server instance + ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") + ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: + ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat + [error] RuntimeError: CA configuration failed. + ipapython.admintool: ERRORCA configuration failed. + ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information - ISSUES APPEARS TO BE THE SAME AS THAT FOUND IN: + The cause for this is that tomcat8 is built with JDK9 and is not + compatible with instances that have to use JRE8 for other reasons. - https://pagure.io/dogtagpki/issue/2973 - https://pagure.io/freeipa/issue/7464 + [Test Case] - SYSTEM INFORMATION: + Install freeipa-server, run ipa-server-install. - $ lsb_release -a - No LSB modules are available. - Distributor ID: Ubuntu - Description: Ubuntu Bionic Beaver (development branch) - Release: 18.04 - Codename: bionic + [Regression Potential] - $ sudo dpkg -l | grep freeipa - ii freeipa-client 4.7.0~pre1+git20180411-2ubuntu1 amd64FreeIPA centralized identity framework -- client - ii freeipa-common 4.7.0~pre1+git20180411-2ubuntu1 all FreeIPA centralized identity framework -- common files - ii freeipa-server 4.7.0~pre1+git20180411-2ubuntu1 amd64FreeIPA centralized identity framework -- server - ii freeipa-server-dns 4.7.0~pre1+git20180411-2ubuntu1 all FreeIPA centralized identity framework -- IPA DNS integration + The fix is a fairly big patch for tomcat8 to modify the code so that it + runs with JRE8. It passes the upstream test suite though, when run with + JRE8 though tomcat itself was built with the default JDK. - $ sudo dpkg -l | grep dogtag - ii dogtag-pki 10.6.0-1ubuntu1 all Dogtag Public Key Infrastructure (PKI) Suite - ii dogtag-pki-console-theme 10.6.0-1ubuntu1 all Certificate System - PKI Console User Interface - ii dogtag-pki-server-theme 10.6.0-1ubuntu1 all Certificate System - PKI Server User Interface + [Other info] - TO REPRODUCE: - - 1. install freeipa-server and freeipa-server-dns - 2. the following installation options (note I have changed confidential details). - - sudo ipa-server-install -r EXAMPLE.COM -n example.com -a XXX -p - XXX --mkhomedir --hostname=example.domain.com --ca-signing- - algorithm=SHA512withRSA --subject="OU=Office of Funny Walks,O=Monty - Python,L=London,ST=Greater London,C=UK" --unattended --no-ntp - - RESULTS - - 1. The above error is produced. - 2. the pkispawn logs show it waiting for the server and timing out. - -2018-04-20 05:30:19 pkispawn: INFO ... executing '/etc/init.d/pki-tomcatd start pki-tomcat' - 2018-04-20 05:30:26 pkispawn: INFO ... checking https://example.com:8443/ca - 2018-04-20 05:30:27 pkispawn: INFO
[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: tomcat8 (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed. Status in freeipa package in Ubuntu: Invalid Status in tomcat8 package in Ubuntu: In Progress Status in freeipa source package in Bionic: Invalid Status in tomcat8 source package in Bionic: Confirmed Bug description: [Impact] The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information The cause for this is that tomcat8 is built with JDK9 and is not compatible with instances that have to use JRE8 for other reasons. [Test Case] Install freeipa-server, run ipa-server-install. [Regression Potential] The fix is a fairly big patch for tomcat8 to modify the code so that it runs with JRE8. It passes the upstream test suite though, when run with JRE8 though tomcat itself was built with the default JDK. [Other info] Patch will be sent upstream too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1765616/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: freeipa (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed. Status in freeipa package in Ubuntu: Invalid Status in tomcat8 package in Ubuntu: In Progress Status in freeipa source package in Bionic: Invalid Status in tomcat8 source package in Bionic: Confirmed Bug description: [Impact] The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information The cause for this is that tomcat8 is built with JDK9 and is not compatible with instances that have to use JRE8 for other reasons. [Test Case] Install freeipa-server, run ipa-server-install. [Regression Potential] The fix is a fairly big patch for tomcat8 to modify the code so that it runs with JRE8. It passes the upstream test suite though, when run with JRE8 though tomcat itself was built with the default JDK. [Other info] Patch will be sent upstream too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1765616/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1768865] Re: freeipa server installation fails on Bionic due to tomcat conflict
*** This bug is a duplicate of bug 1765616 *** https://bugs.launchpad.net/bugs/1765616 ** This bug has been marked a duplicate of bug 1765616 freeipa server install fails - RuntimeError: CA configuration failed. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1768865 Title: freeipa server installation fails on Bionic due to tomcat conflict Status in freeipa package in Ubuntu: New Bug description: Installing freeipa server fails at configuring certificate server (pki-tomcatd). ... Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpGu_KPq'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 300s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Looking more closely in /var/log/pki/pki-tomcat/catalina.out there are a bunch of java.io.FileNotFoundException root@usrv1:~# grep java.io.FileNotFoundException /var/log/pki/pki-tomcat/catalina.out java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) This have been discussed on the FreeIPA users list, and the conclusion was: "If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with the current release of FreeIPA. We have been working on FreeIPA 4.7 for about a half a year now and only recently dogtag got support for tomcat 8.5. There are still bits and pieces which being fixed in dogtag to support FreeIPA 4.7. I guess currently you aren't going to get any luck with Ubuntu/Debian builds." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1768865/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
** Changed in: freeipa (Ubuntu Bionic) Status: Confirmed => Invalid -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed. Status in freeipa package in Ubuntu: Invalid Status in tomcat8 package in Ubuntu: In Progress Status in freeipa source package in Bionic: Invalid Status in tomcat8 source package in Bionic: Confirmed Bug description: [Impact] The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information The cause for this is that tomcat8 is built with JDK9 and is not compatible with instances that have to use JRE8 for other reasons. [Test Case] Install freeipa-server, run ipa-server-install. [Regression Potential] The fix is a fairly big patch for tomcat8 to modify the code so that it runs with JRE8. It passes the upstream test suite though, when run with JRE8 though tomcat itself was built with the default JDK. [Other info] Patch will be sent upstream too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1765616/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.
Bumping priority, this breaks more than just freeipa/dogtag. I've uploaded a new version to bionic a week ago which adds support for JRE8, but the patch is big and not yet upstream. ** Changed in: tomcat8 (Ubuntu) Importance: Undecided => Critical ** Changed in: tomcat8 (Ubuntu) Status: New => In Progress ** Changed in: tomcat8 (Ubuntu) Assignee: (unassigned) => Timo Aaltonen (tjaalton) ** Also affects: freeipa (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: tomcat8 (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed. Status in freeipa package in Ubuntu: Invalid Status in tomcat8 package in Ubuntu: In Progress Status in freeipa source package in Bionic: Confirmed Status in tomcat8 source package in Bionic: Confirmed Bug description: DESCRIPTION The issue occurs while installing IPA server. More specifically whist configuring pki-tomcatd. The following error is produced. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpEHq9Ex'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 60s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information ISSUES APPEARS TO BE THE SAME AS THAT FOUND IN: https://pagure.io/dogtagpki/issue/2973 https://pagure.io/freeipa/issue/7464 SYSTEM INFORMATION: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic $ sudo dpkg -l | grep freeipa ii freeipa-client 4.7.0~pre1+git20180411-2ubuntu1 amd64FreeIPA centralized identity framework -- client ii freeipa-common 4.7.0~pre1+git20180411-2ubuntu1 all FreeIPA centralized identity framework -- common files ii freeipa-server 4.7.0~pre1+git20180411-2ubuntu1 amd64FreeIPA centralized identity framework -- server ii freeipa-server-dns 4.7.0~pre1+git20180411-2ubuntu1 all FreeIPA centralized identity framework -- IPA DNS integration $ sudo dpkg -l | grep dogtag ii dogtag-pki 10.6.0-1ubuntu1 all Dogtag Public Key Infrastructure (PKI) Suite ii dogtag-pki-console-theme 10.6.0-1ubuntu1 all Certificate System - PKI Console User Interface ii dogtag-pki-server-theme 10.6.0-1ubuntu1 all Certificate System - PKI Server User Interface TO REPRODUCE: 1. install freeipa-server and freeipa-server-dns 2. the following installation options (note I have changed confidential details). sudo ipa-server-install -r EXAMPLE.COM -n example.com -a XXX -p XXX --mkhomedir --hostname=example.domain.com --ca-signing- algorithm=SHA512withRSA --subject="OU=Office of Funny Walks,O=Monty Python,L=London,ST=Greater London,C=UK" --unattended --no-ntp RESULTS 1. The above error is produced. 2. the pkispawn logs show it waiting for the server and timing out. 2018-04-20 05:30:19 pkispawn: INFO ... executing '/etc/init.d/pki-tomcatd start pki-tomcat' 2018-04-20 05:30:26 pkispawn: INFO ... checking https://example.com:8443/ca 2018-04-20 05:30:27 pkispawn: INFO ... waiting for server to start (1s) 2018-04-20 05:30:28 pkispawn: INFO ... waiting for server to start (2s) 2018-04-20 05:30:29 pkispawn: INFO ... waiting for server to start (3s) 2018-04-20 05:30:30 pkispawn: INFO ... waiting for server to start (4s) 2018-04-20 05:30:31 pkispawn: INFO ... waiting for server to start (5s) ... 2018-04-20 05:31:22
[Freeipa] [Bug 1768865] Re: freeipa server installation fails on Bionic due to tomcat conflict
** Tags added: bionic -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1768865 Title: freeipa server installation fails on Bionic due to tomcat conflict Status in freeipa package in Ubuntu: New Bug description: Installing freeipa server fails at configuring certificate server (pki-tomcatd). ... Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpGu_KPq'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 300s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Looking more closely in /var/log/pki/pki-tomcat/catalina.out there are a bunch of java.io.FileNotFoundException root@usrv1:~# grep java.io.FileNotFoundException /var/log/pki/pki-tomcat/catalina.out java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) This have been discussed on the FreeIPA users list, and the conclusion was: "If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with the current release of FreeIPA. We have been working on FreeIPA 4.7 for about a half a year now and only recently dogtag got support for tomcat 8.5. There are still bits and pieces which being fixed in dogtag to support FreeIPA 4.7. I guess currently you aren't going to get any luck with Ubuntu/Debian builds." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1768865/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1768865] [NEW] freeipa server installation fails on Bionic due to tomcat conflict
Public bug reported: Installing freeipa server fails at configuring certificate server (pki- tomcatd). ... Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpGu_KPq'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 300s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Looking more closely in /var/log/pki/pki-tomcat/catalina.out there are a bunch of java.io.FileNotFoundException root@usrv1:~# grep java.io.FileNotFoundException /var/log/pki/pki-tomcat/catalina.out java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) This have been discussed on the FreeIPA users list, and the conclusion was: "If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with the current release of FreeIPA. We have been working on FreeIPA 4.7 for about a half a year now and only recently dogtag got support for tomcat 8.5. There are still bits and pieces which being fixed in dogtag to support FreeIPA 4.7. I guess currently you aren't going to get any luck with Ubuntu/Debian builds." ** Affects: freeipa (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1768865 Title: freeipa server installation fails on Bionic due to tomcat conflict Status in freeipa package in Ubuntu: New Bug description: Installing freeipa server fails at configuring certificate server (pki-tomcatd). ... Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpGu_KPq'] returned non-zero exit status 1: u"pkispawn: ERROR ... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR... server did not start after 300s\npkispawn: ERROR ... server failed to restart\n") ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information: ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipapython.admintool: ERRORCA configuration failed. ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Looking more closely in /var/log/pki/pki-tomcat/catalina.out there are a bunch of java.io.FileNotFoundException root@usrv1:~# grep java.io.FileNotFoundException /var/log/pki/pki-tomcat/catalina.out java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory) java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory) This have been discussed on the FreeIPA users list, and the conclusion was: "If
