Re: [Freeipa-users] Issues with new install - Configuration of CA failed
On 01/13/2015 09:06 PM, Megan . wrote: > I am having a very difficult time getting the ipa server installed on > our test server. > > > > CentOS release 6.6 (Final) > Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 > 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > > ipa-server-3.0.0-42.el6.centos.x86_64 > > > I tried to reinstall pki-selinux, reboot, relabel and that didn't help > yum reinstall pki-selinux > > I reviewed a number of threads and didn't seem to see my issue of > Request:java.net.ConnectException: Connection refused at step 2/20 > > https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html > > > > Any suggestions would be greatly appreciated. > > I used: ipa-server-install --no-ntp > > > Continue to configure the system with these values? [no]: yes > > > The following operations may take some minutes to complete. > > Please wait until the prompt is returned. > > > Configuring directory server for the CA (pkids): Estimated time 30 seconds > > [1/3]: creating directory server user > [2/3]: creating directory server instance > [3/3]: restarting directory server > > Done configuring directory server for the CA (pkids). > > Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds > [1/20]: creating certificate server user > [2/20]: configuring certificate server instance > > ipa : CRITICAL failed to configure ca instance Command > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname > test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w > -client_certdb_pwd -preop_pin MvLsuha0GPxvJSnYoL5u > -domain_name IPA -admin_user admin -admin_email root@localhost > -admin_ -agent_name ipa-ca-agent -agent_key_size 2048 > -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM > -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory > Manager -bind_ -base_dn o=ipaca -db_name ipaca > -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 > true -backup_pwd -subsystem_name pki-cad -token_name internal > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM > -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM > -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM > -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM > -external false -clone false' returned non-zero exit status 255 > > Configuration of CA failed > > > > > install log: > > > [root@test1-vm log]# cat ipaserver-install.log > 2015-01-13T19:47:59Z DEBUG Loading StateFile from > '/var/lib/ipa/sysrestore/sysrestore.state' > 2015-01-13T19:47:59Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2015-01-13T19:47:59Z DEBUG httpd is not configured > 2015-01-13T19:47:59Z DEBUG kadmin is not configured > 2015-01-13T19:47:59Z DEBUG dirsrv is not configured > 2015-01-13T19:47:59Z DEBUG pki-cad is not configured > 2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured > 2015-01-13T19:47:59Z DEBUG pkids is not configured > 2015-01-13T19:47:59Z DEBUG install is not configured > 2015-01-13T19:47:59Z DEBUG krb5kdc is not configured > 2015-01-13T19:47:59Z DEBUG ntpd is not configured > 2015-01-13T19:47:59Z DEBUG named is not configured > 2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured > 2015-01-13T19:47:59Z DEBUG filestore is tracking no files > 2015-01-13T19:47:59Z DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked > with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name': > None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, > 'subject': None, 'no_forwarders': False, 'persistent_search': True, > 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': > False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': > False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': > None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False, > 'forwarders': None, 'idstart': 184480, 'external_ca': False, > 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True, > 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug': > False, 'external_cert_file': None, 'uninstall': False} > 2015-01-13T19:47:59Z DEBUG missing options might be asked for > interactively later > > 2015-01-13T19:47:59Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2015-01-13T19:47:59Z DEBUG Loading StateFile from > '/var/lib/ipa/sysrestore/sysrestore.state' > 2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS > 2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration: > wildcard NameVirtualHosts and _default_ servers: > _default_:8443 test1
[Freeipa-users] Issues with new install - Configuration of CA failed
I am having a very difficult time getting the ipa server installed on our test server. CentOS release 6.6 (Final) Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux ipa-server-3.0.0-42.el6.centos.x86_64 I tried to reinstall pki-selinux, reboot, relabel and that didn't help yum reinstall pki-selinux I reviewed a number of threads and didn't seem to see my issue of Request:java.net.ConnectException: Connection refused at step 2/20 https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html Any suggestions would be greatly appreciated. I used: ipa-server-install --no-ntp Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring directory server for the CA (pkids): Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server Done configuring directory server for the CA (pkids). Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds [1/20]: creating certificate server user [2/20]: configuring certificate server instance ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w -client_certdb_pwd -preop_pin MvLsuha0GPxvJSnYoL5u -domain_name IPA -admin_user admin -admin_email root@localhost -admin_ -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_ -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false' returned non-zero exit status 255 Configuration of CA failed install log: [root@test1-vm log]# cat ipaserver-install.log 2015-01-13T19:47:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:47:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2015-01-13T19:47:59Z DEBUG httpd is not configured 2015-01-13T19:47:59Z DEBUG kadmin is not configured 2015-01-13T19:47:59Z DEBUG dirsrv is not configured 2015-01-13T19:47:59Z DEBUG pki-cad is not configured 2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured 2015-01-13T19:47:59Z DEBUG pkids is not configured 2015-01-13T19:47:59Z DEBUG install is not configured 2015-01-13T19:47:59Z DEBUG krb5kdc is not configured 2015-01-13T19:47:59Z DEBUG ntpd is not configured 2015-01-13T19:47:59Z DEBUG named is not configured 2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured 2015-01-13T19:47:59Z DEBUG filestore is tracking no files 2015-01-13T19:47:59Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name': None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, 'subject': None, 'no_forwarders': False, 'persistent_search': True, 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False, 'forwarders': None, 'idstart': 184480, 'external_ca': False, 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True, 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug': False, 'external_cert_file': None, 'uninstall': False} 2015-01-13T19:47:59Z DEBUG missing options might be asked for interactively later 2015-01-13T19:47:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2015-01-13T19:47:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: _default_:8443 test1-vm.example.com (/etc/httpd/conf.d/nss.conf:84) 2015-01-13T19:47:59Z DEBUG stderr=Syntax OK 2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com is a primary hostname for localhost 2015-01-13T19:48:02Z DEBUG Primary hostname for localhost: test1-vm.example.com 2015