[Freeipa-users] Failed installation
Rob Crittenden
rcritten at redhat.com
Wed Oct 17 19:17:43 UTC 2012
Bret Wortman wrote:
> Now it appears that whatever is supposed to be running on port 9445
> (looks like mindarray-ca) isn't running, and I'm not sure how it gets
> started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA
> test box I first set up, and it's running on the test box but not the
> new one. Where should I look next?
See if there are any SELinux denials: ausearch -m AVC
It looks like tomcat failed to start. The logs are in /var/log/pki-ca.
rob
>
> On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman
> <bret.wortman at damascusgrp.com <mailto:bret.wortman at damascusgrp.com>> wrote:
>
> Spot on. It was a fresh install of F17 and I neglected to # yum
> update first. I've done so, rebooted, and am trying again with
> better results.
>
>
> On Wed, Oct 17, 2012 at 1:45 PM, John Dennis <jdennis at redhat.com
> <mailto:jdennis at redhat.com>> wrote:
>
> On 10/17/2012 12:40 PM, Bret Wortman wrote:
>
> I recently tried installing freeipa on a new server, but
> ipa-server-install had problems around this point:
>
> Configuring certificate server: Estimated time 3 minutes 30
> seconds
> [1/18]: creating certificate server user
> [2/18]: creating pki-ca instance
> [3/18]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> fs1.wedgeofli.me <http://fs1.wedgeofli.me>
> <http://fs1.wedgeofli.me> -cs_port 9445
>
> -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX
> -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user
> admin
> -admin_email root at localhost -admin_XXXXXXXX XXXXXXXX -agent_name
> ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
> -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME
> <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME>
> -ldap_host fs1.wedgeofli.me <http://fs1.wedgeofli.me>
> <http://fs1.wedgeofli.me> -ldap_port 7389
>
> -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX
> -base_dn o=ipaca
> -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
> SHA256withRSA
> -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad
> -token_name
> internal -ca_subsystem_cert_subject___name CN=CA
> Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> <http://WEDGEOFLI.ME> -ca_ocsp_cert_subject_name CN=OCSP
> Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> <http://WEDGEOFLI.ME>
> -ca_server_cert_subject_name CN=fs1.wedgeofli.me
> <http://fs1.wedgeofli.me>
> <http://fs1.wedgeofli.me>,O=WE__DGEOFLI.ME
> <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME>
> -ca_audit_signing_cert___subject_name CN=CA
> Audit,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> <http://WEDGEOFLI.ME> -ca_sign_cert_subject_name CN=Certificate
> Authority,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME>
> <http://WEDGEOFLI.ME> -external false -clone
>
> false' returned non-zero exit status 255
> Unexpected error - see ipaserver-install.log for details:
> Configuration of CA failed
> [root at fs1 ~]#
>
> The logfile revealed the following stack trace:
>
> ##############################__###############
> Attempting to connect to: fs1.wedgeofli.me:9445
> <http://fs1.wedgeofli.me:9445>
> <http://fs1.wedgeofli.me:9445>
>
> Exception in LoginPanel(): java.lang.NullPointerException
> ERROR: ConfigureCA: LoginPanel() failure
> ERROR: unable to create CA
>
> ##############################__##############################__###########
>
> 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send
> Request:java.net <http://java.net>.__ConnectException:
> Connection refused
> java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.__socketConnect(Native Method)
> at
> java.net
> <http://java.net>.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339)
> at
> java.net
> <http://java.net>.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200)
> at
> java.net
> <http://java.net>.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182)
> at
> java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391)
> at java.net.Socket.connect(__Socket.java:579)
> at java.net.Socket.connect(__Socket.java:528)
> at java.net.Socket.<init>(Socket.__java:425)
> at java.net.Socket.<init>(Socket.__java:241)
> at HTTPClient.sslConnect(__HTTPClient.java:326)
> at ConfigureCA.LoginPanel(__ConfigureCA.java:244)
> at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
> at ConfigureCA.main(ConfigureCA.__java:1672)
> java.lang.NullPointerException
> at ConfigureCA.LoginPanel(__ConfigureCA.java:245)
> at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157)
> at ConfigureCA.main(ConfigureCA.__java:1672)
>
> Now I seem to be stuck. I tried uninstalling the
> freeipa-server package
> with # yum remove freeipa-server and then reinstalled it the
> same way,
> but ipa-server-install won't run no matter what I attempt.
>
> Any thoughts? I'm pretty new to IPA.
>
>
> There is a good chance this is due to a version mismatch between
> the IPA packages and the dogtag packages. You didn't mention
> which OS you're using nor the versions of the relevant packages,
> that would have been helpful. In any event I would make sure all
> your packages are up to date.
>
>
> --
> John Dennis <jdennis at redhat.com <mailto:jdennis at redhat.com>>
>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
>
>
>
>
> --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>
>
>
> --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list