Re: [Freeipa-users] Issues with new install - Configuration of CA failed
On 01/13/2015 09:06 PM, Megan . wrote:
> I am having a very difficult time getting the ipa server installed on
> our test server.
>
>
>
> CentOS release 6.6 (Final)
> Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
> 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
> ipa-server-3.0.0-42.el6.centos.x86_64
>
>
> I tried to reinstall pki-selinux, reboot, relabel and that didn't help
> yum reinstall pki-selinux
>
> I reviewed a number of threads and didn't seem to see my issue of
> Request:java.net.ConnectException: Connection refused at step 2/20
>
> https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html
>
>
>
> Any suggestions would be greatly appreciated.
>
> I used: ipa-server-install --no-ntp
>
>
> Continue to configure the system with these values? [no]: yes
>
>
> The following operations may take some minutes to complete.
>
> Please wait until the prompt is returned.
>
>
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
>
> [1/3]: creating directory server user
> [2/3]: creating directory server instance
> [3/3]: restarting directory server
>
> Done configuring directory server for the CA (pkids).
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
> [1/20]: creating certificate server user
> [2/20]: configuring certificate server instance
>
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w
> -client_certdb_pwd -preop_pin MvLsuha0GPxvJSnYoL5u
> -domain_name IPA -admin_user admin -admin_email root@localhost
> -admin_ -agent_name ipa-ca-agent -agent_key_size 2048
> -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM
> -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory
> Manager -bind_ -base_dn o=ipaca -db_name ipaca
> -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
> true -backup_pwd -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
> -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
> -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
> -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
> -external false -clone false' returned non-zero exit status 255
>
> Configuration of CA failed
>
>
>
>
> install log:
>
>
> [root@test1-vm log]# cat ipaserver-install.log
> 2015-01-13T19:47:59Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:47:59Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-01-13T19:47:59Z DEBUG httpd is not configured
> 2015-01-13T19:47:59Z DEBUG kadmin is not configured
> 2015-01-13T19:47:59Z DEBUG dirsrv is not configured
> 2015-01-13T19:47:59Z DEBUG pki-cad is not configured
> 2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured
> 2015-01-13T19:47:59Z DEBUG pkids is not configured
> 2015-01-13T19:47:59Z DEBUG install is not configured
> 2015-01-13T19:47:59Z DEBUG krb5kdc is not configured
> 2015-01-13T19:47:59Z DEBUG ntpd is not configured
> 2015-01-13T19:47:59Z DEBUG named is not configured
> 2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured
> 2015-01-13T19:47:59Z DEBUG filestore is tracking no files
> 2015-01-13T19:47:59Z DEBUG Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked
> with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name':
> None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False,
> 'subject': None, 'no_forwarders': False, 'persistent_search': True,
> 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow':
> False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended':
> False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file':
> None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False,
> 'forwarders': None, 'idstart': 184480, 'external_ca': False,
> 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True,
> 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug':
> False, 'external_cert_file': None, 'uninstall': False}
> 2015-01-13T19:47:59Z DEBUG missing options might be asked for
> interactively later
>
> 2015-01-13T19:47:59Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-01-13T19:47:59Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
> 2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration:
> wildcard NameVirtualHosts and _default_ servers:
> _default_:8443 test1
[Freeipa-users] Issues with new install - Configuration of CA failed
I am having a very difficult time getting the ipa server installed on
our test server.
CentOS release 6.6 (Final)
Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ipa-server-3.0.0-42.el6.centos.x86_64
I tried to reinstall pki-selinux, reboot, relabel and that didn't help
yum reinstall pki-selinux
I reviewed a number of threads and didn't seem to see my issue of
Request:java.net.ConnectException: Connection refused at step 2/20
https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html
Any suggestions would be greatly appreciated.
I used: ipa-server-install --no-ntp
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w
-client_certdb_pwd -preop_pin MvLsuha0GPxvJSnYoL5u
-domain_name IPA -admin_user admin -admin_email root@localhost
-admin_ -agent_name ipa-ca-agent -agent_key_size 2048
-agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM
-ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory
Manager -bind_ -base_dn o=ipaca -db_name ipaca
-key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
true -backup_pwd -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false' returned non-zero exit status 255
Configuration of CA failed
install log:
[root@test1-vm log]# cat ipaserver-install.log
2015-01-13T19:47:59Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:47:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2015-01-13T19:47:59Z DEBUG httpd is not configured
2015-01-13T19:47:59Z DEBUG kadmin is not configured
2015-01-13T19:47:59Z DEBUG dirsrv is not configured
2015-01-13T19:47:59Z DEBUG pki-cad is not configured
2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured
2015-01-13T19:47:59Z DEBUG pkids is not configured
2015-01-13T19:47:59Z DEBUG install is not configured
2015-01-13T19:47:59Z DEBUG krb5kdc is not configured
2015-01-13T19:47:59Z DEBUG ntpd is not configured
2015-01-13T19:47:59Z DEBUG named is not configured
2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured
2015-01-13T19:47:59Z DEBUG filestore is tracking no files
2015-01-13T19:47:59Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked
with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name':
None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False,
'subject': None, 'no_forwarders': False, 'persistent_search': True,
'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow':
False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended':
False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file':
None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False,
'forwarders': None, 'idstart': 184480, 'external_ca': False,
'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True,
'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug':
False, 'external_cert_file': None, 'uninstall': False}
2015-01-13T19:47:59Z DEBUG missing options might be asked for
interactively later
2015-01-13T19:47:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2015-01-13T19:47:59Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:8443 test1-vm.example.com (/etc/httpd/conf.d/nss.conf:84)
2015-01-13T19:47:59Z DEBUG stderr=Syntax OK
2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com is a primary
hostname for localhost
2015-01-13T19:48:02Z DEBUG Primary hostname for localhost: test1-vm.example.com
2015
