[Freeipa-users] Issues with new install - Configuration of CA failed
Martin Kosek
mkosek at redhat.com
Wed Jan 14 13:26:46 UTC 2015
On 01/13/2015 09:06 PM, Megan . wrote:
> I am having a very difficult time getting the ipa server installed on
> our test server.
>
>
>
> CentOS release 6.6 (Final)
> Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
> 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
> ipa-server-3.0.0-42.el6.centos.x86_64
>
>
> I tried to reinstall pki-selinux, reboot, relabel and that didn't help
> yum reinstall pki-selinux
>
> I reviewed a number of threads and didn't seem to see my issue of
> Request:java.net.ConnectException: Connection refused at step 2/20
>
> https://www.redhat.com/archives/freeipa-users/2014-April/msg00278.html
>
>
>
> Any suggestions would be greatly appreciated.
>
> I used: ipa-server-install --no-ntp
>
>
> Continue to configure the system with these values? [no]: yes
>
>
> The following operations may take some minutes to complete.
>
> Please wait until the prompt is returned.
>
>
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
>
> [1/3]: creating directory server user
> [2/3]: creating directory server instance
> [3/3]: restarting directory server
>
> Done configuring directory server for the CA (pkids).
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
> [1/20]: creating certificate server user
> [2/20]: configuring certificate server instance
>
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w
> -client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u
> -domain_name IPA -admin_user admin -admin_email root at localhost
> -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
> -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM
> -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory
> Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca
> -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
> true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
> -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
> -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
> -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
> -external false -clone false' returned non-zero exit status 255
>
> Configuration of CA failed
>
>
>
>
> install log:
>
>
> [root at test1-vm log]# cat ipaserver-install.log
> 2015-01-13T19:47:59Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:47:59Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-01-13T19:47:59Z DEBUG httpd is not configured
> 2015-01-13T19:47:59Z DEBUG kadmin is not configured
> 2015-01-13T19:47:59Z DEBUG dirsrv is not configured
> 2015-01-13T19:47:59Z DEBUG pki-cad is not configured
> 2015-01-13T19:47:59Z DEBUG pki-tomcatd is not configured
> 2015-01-13T19:47:59Z DEBUG pkids is not configured
> 2015-01-13T19:47:59Z DEBUG install is not configured
> 2015-01-13T19:47:59Z DEBUG krb5kdc is not configured
> 2015-01-13T19:47:59Z DEBUG ntpd is not configured
> 2015-01-13T19:47:59Z DEBUG named is not configured
> 2015-01-13T19:47:59Z DEBUG ipa_memcached is not configured
> 2015-01-13T19:47:59Z DEBUG filestore is tracking no files
> 2015-01-13T19:47:59Z DEBUG Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2015-01-13T19:47:59Z DEBUG /usr/sbin/ipa-server-install was invoked
> with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name':
> None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False,
> 'subject': None, 'no_forwarders': False, 'persistent_search': True,
> 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow':
> False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended':
> False, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file':
> None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False,
> 'forwarders': None, 'idstart': 1844800000, 'external_ca': False,
> 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True,
> 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug':
> False, 'external_cert_file': None, 'uninstall': False}
> 2015-01-13T19:47:59Z DEBUG missing options might be asked for
> interactively later
>
> 2015-01-13T19:47:59Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-01-13T19:47:59Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:47:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
> 2015-01-13T19:47:59Z DEBUG stdout=VirtualHost configuration:
> wildcard NameVirtualHosts and _default_ servers:
> _default_:8443 test1-vm.example.com (/etc/httpd/conf.d/nss.conf:84)
>
> 2015-01-13T19:47:59Z DEBUG stderr=Syntax OK
>
> 2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com is a primary
> hostname for localhost
> 2015-01-13T19:48:02Z DEBUG Primary hostname for localhost: test1-vm.example.com
> 2015-01-13T19:48:02Z DEBUG Search DNS for test1-vm.example.com
> 2015-01-13T19:48:02Z DEBUG Check if test1-vm.example.com. is not a CNAME
> 2015-01-13T19:48:02Z DEBUG Check reverse address of 123.12.12.166
> 2015-01-13T19:48:02Z DEBUG Found reverse name: test1-vm.example.com
> 2015-01-13T19:48:02Z DEBUG will use host_name: test1-vm.example.com
>
> 2015-01-13T19:48:03Z DEBUG read domain_name: example.com
>
> 2015-01-13T19:48:03Z DEBUG args=/sbin/ip -family inet -oneline address show
> 2015-01-13T19:48:03Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo
> 2: eth0 inet 123.12.12.166/25 brd 123.12.12.255 scope global eth0
>
> 2015-01-13T19:48:03Z DEBUG stderr=
> 2015-01-13T19:48:03Z DEBUG read realm_name: EXAMPLE.COM
>
> 2015-01-13T19:48:11Z DEBUG will use dns_forwarders: ()
>
> 2015-01-13T19:48:14Z DEBUG importing all plugin modules in
> '/usr/lib/python2.6/site-packages/ipalib/plugins'...
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
> 2015-01-13T19:48:14Z DEBUG args=klist -V
> 2015-01-13T19:48:14Z DEBUG stdout=Kerberos 5 version 1.10.3
>
> 2015-01-13T19:48:14Z DEBUG stderr=
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
> 2015-01-13T19:48:14Z DEBUG importing all plugin modules in
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins'...
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/adtrust.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/baseupdate.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/dns.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py'
> 2015-01-13T19:48:14Z DEBUG importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py'
> 2015-01-13T19:48:15Z DEBUG ds group dirsrv exists
> 2015-01-13T19:48:15Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:48:15Z DEBUG Configuring directory server for the CA
> (pkids): Estimated time 30 seconds
> 2015-01-13T19:48:15Z DEBUG [1/3]: creating directory server user
> 2015-01-13T19:48:15Z DEBUG ds user pkisrv exists
> 2015-01-13T19:48:15Z DEBUG duration: 0 seconds
> 2015-01-13T19:48:15Z DEBUG [2/3]: creating directory server instance
> 2015-01-13T19:48:15Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:48:15Z DEBUG writing inf template
> 2015-01-13T19:48:15Z DEBUG
> [General]
> FullMachineName= test1-vm.example.com
> SuiteSpotUserID= pkisrv
> SuiteSpotGroup= dirsrv
> ServerRoot= /usr/lib64/dirsrv
> [slapd]
> ServerPort= 7389
> ServerIdentifier= PKI-IPA
> Suffix= dc=example,dc=com
> RootDN= cn=Directory Manager
> ConfigFile = /usr/share/pki/ca/conf/database.ldif
>
> 2015-01-13T19:48:15Z DEBUG calling setup-ds.pl
> 2015-01-13T19:48:31Z DEBUG args=/usr/sbin/setup-ds.pl --silent
> --logfile - -f /tmp/tmp33xewh
> 2015-01-13T19:48:31Z DEBUG stdout=[15/01/13:14:48:31] - [Setup] Info
> Your new DS instance 'PKI-IPA' was successfully created.
> Your new DS instance 'PKI-IPA' was successfully created.
> [15/01/13:14:48:31] - [Setup] Success Exiting . . .
> Log file is '-'
>
> Exiting . . .
> Log file is '-'
>
>
> 2015-01-13T19:48:31Z DEBUG stderr=
> 2015-01-13T19:48:31Z DEBUG completed creating ds instance
> 2015-01-13T19:48:31Z DEBUG duration: 15 seconds
> 2015-01-13T19:48:31Z DEBUG [3/3]: restarting directory server
> 2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv restart PKI-IPA
> 2015-01-13T19:48:34Z DEBUG stdout=Shutting down dirsrv:
> PKI-IPA... [ OK ]
> Starting dirsrv:
> PKI-IPA... [ OK ]
>
> 2015-01-13T19:48:34Z DEBUG stderr=
> 2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv status PKI-IPA
> 2015-01-13T19:48:34Z DEBUG stdout=dirsrv PKI-IPA (pid 2126) is running...
>
> 2015-01-13T19:48:34Z DEBUG stderr=
> 2015-01-13T19:48:34Z DEBUG wait_for_open_ports: localhost [7389] timeout 300
> 2015-01-13T19:48:34Z DEBUG args=/sbin/service dirsrv status PKI-IPA
> 2015-01-13T19:48:34Z DEBUG stdout=dirsrv PKI-IPA (pid 2126) is running...
>
> 2015-01-13T19:48:34Z DEBUG stderr=
> 2015-01-13T19:48:34Z DEBUG duration: 3 seconds
> 2015-01-13T19:48:34Z DEBUG Done configuring directory server for the CA (pkids).
> 2015-01-13T19:48:34Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-01-13T19:48:34Z DEBUG Configuring certificate server (pki-cad):
> Estimated time 3 minutes 30 seconds
> 2015-01-13T19:48:34Z DEBUG [1/20]: creating certificate server user
> 2015-01-13T19:48:34Z DEBUG ca user pkiuser exists
> 2015-01-13T19:48:34Z DEBUG duration: 0 seconds
> 2015-01-13T19:48:34Z DEBUG [2/20]: configuring certificate server instance
> 2015-01-13T19:48:37Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent
> ConfigureCA -cs_hostname test1-vm.example.com -cs_port 9445
> -client_certdb_dir /tmp/tmp-WQ28_w -client_certdb_pwd XXXXXXXX
> -preop_pin MvLsuha0GPxvJSnYoL5u -domain_name IPA -admin_user admin
> -admin_email root at localhost -admin_XXXXXXXX XXXXXXXX -agent_name
> ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
> -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host
> test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory Manager
> -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
> -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
> XXXXXXXX -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
> -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
> -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
> -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
> -external false -clone false
> 2015-01-13T19:48:37Z DEBUG stdout=libpath=/usr/lib64
> #######################################################################
> CRYPTO INIT WITH CERTDB:/tmp/tmp-WQ28_w
> tokenpwd:XXXXXXXX
> #############################################
> Attempting to connect to: test1-vm.example.com:9445
> Exception in LoginPanel(): java.lang.NullPointerException
> ERROR: ConfigureCA: LoginPanel() failure
> ERROR: unable to create CA
>
> #######################################################################
>
> 2015-01-13T19:48:37Z DEBUG stderr=Exception: Unable to Send
> Request:java.net.ConnectException: Connection refused
> java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
> at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
> at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:579)
> at java.net.Socket.connect(Socket.java:528)
> at java.net.Socket.<init>(Socket.java:425)
> at java.net.Socket.<init>(Socket.java:241)
> at HTTPClient.sslConnect(HTTPClient.java:326)
> at ConfigureCA.LoginPanel(ConfigureCA.java:244)
> at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
> at ConfigureCA.main(ConfigureCA.java:1672)
> java.lang.NullPointerException
> at ConfigureCA.LoginPanel(ConfigureCA.java:245)
> at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
> at ConfigureCA.main(ConfigureCA.java:1672)
>
> 2015-01-13T19:48:37Z CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> test1-vm.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-WQ28_w
> -client_certdb_pwd XXXXXXXX -preop_pin MvLsuha0GPxvJSnYoL5u
> -domain_name IPA -admin_user admin -admin_email root at localhost
> -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
> -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM
> -ldap_host test1-vm.example.com -ldap_port 7389 -bind_dn cn=Directory
> Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca
> -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
> true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
> -ca_server_cert_subject_name CN=test1-vm.example.com,O=EXAMPLE.COM
> -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
> -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
> -external false -clone false' returned non-zero exit status 255
> 2015-01-13T19:48:37Z INFO File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
> line 614, in run_script
> return_value = main_function()
>
> File "/usr/sbin/ipa-server-install", line 942, in main
> subject_base=options.subject)
>
> File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
> line 626, in configure_instance
> self.start_creation(runtime=210)
>
> File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
> line 358, in start_creation
> method()
>
> File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
> line 888, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
>
> 2015-01-13T19:48:37Z INFO The ipa-server-install command failed,
> exception: RuntimeError: Configuration of CA failed
> [root at test1-vm log]#
>
Judging based on the "Connection Refused" error, can it be by any chance
https://fedorahosted.org/freeipa/ticket/4564
? Apache already running before ipa-server-install was known to cause CA
installation breakage.
Martin
More information about the Freeipa-users
mailing list