[Freeipa-devel] ipa-server-install error

Wed, 28 May 2014 22:47:22 -0700 

Hi,

Can anyone decipher this log and help me understand what is broken and
how to fix it?

What is more peculiar is that I don't get the problem on an older
version of CentOS 6.5, but on the latest up to date version it breaks.
Note that I am using the latest versions of all the ipa-server
packages and dependencies.


The command I am using to install is:

/usr/sbin/ipa-server-install --hostname='ipa.example.com'
--domain='example.com' --realm='EXAMPLE.COM' --ds-password=`/bin/cat
'/var/lib/puppet/tmp/ipa/dm.password' | /bin/cat | /bin/cat |
/bin/cat` --admin-password=`/bin/cat
'/var/lib/puppet/tmp/ipa/admin.password' | /bin/cat | /bin/cat |
/bin/cat` --idstart=16777216 --no-ntp --unattended

Thanks,
James

2014-05-29T03:06:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2014-05-29T03:06:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2014-05-29T03:06:30Z DEBUG httpd is not configured
2014-05-29T03:06:30Z DEBUG kadmin is not configured
2014-05-29T03:06:30Z DEBUG dirsrv is not configured
2014-05-29T03:06:30Z DEBUG pki-cad is not configured
2014-05-29T03:06:30Z DEBUG pki-tomcatd is not configured
2014-05-29T03:06:30Z DEBUG pkids is not configured
2014-05-29T03:06:30Z DEBUG install is not configured
2014-05-29T03:06:30Z DEBUG krb5kdc is not configured
2014-05-29T03:06:30Z DEBUG ntpd is not configured
2014-05-29T03:06:30Z DEBUG named is not configured
2014-05-29T03:06:30Z DEBUG ipa_memcached is not configured
2014-05-29T03:06:30Z DEBUG filestore is tracking no files
2014-05-29T03:06:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2014-05-29T03:06:30Z DEBUG /usr/sbin/ipa-server-install was invoked with options: {'zone_refresh': 0, 'reverse_zone': None, 'realm_name': 'EXAMPLE.COM', 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, 'subject': None, 'no_forwarders': False, 'persistent_search': True, 'ui_redirect': True, 'domain_name': 'example.com', 'idmax': 0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': True, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False, 'forwarders': None, 'idstart': 16777216, 'external_ca': False, 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True, 'zonemgr': None, 'setup_dns': False, 'host_name': 'ipa.example.com', 'debug': False, 'external_cert_file': None, 'uninstall': False}
2014-05-29T03:06:30Z DEBUG missing options might be asked for interactively later

2014-05-29T03:06:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2014-05-29T03:06:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2014-05-29T03:06:30Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2014-05-29T03:06:30Z DEBUG stdout=VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:8443         ipa.example.com (/etc/httpd/conf.d/nss.conf:84)

2014-05-29T03:06:30Z DEBUG stderr=Syntax OK

2014-05-29T03:06:30Z DEBUG Check if ipa.example.com is a primary hostname for localhost
2014-05-29T03:06:30Z DEBUG Primary hostname for localhost: ipa.example.com
2014-05-29T03:06:30Z DEBUG Search DNS for ipa.example.com
2014-05-29T03:06:30Z DEBUG Check if ipa.example.com. is not a CNAME
2014-05-29T03:06:30Z DEBUG Check reverse address of 192.168.144.101
2014-05-29T03:06:30Z DEBUG Found reverse name: ipa.example.com
2014-05-29T03:06:30Z DEBUG will use host_name: ipa.example.com

2014-05-29T03:06:30Z DEBUG args=/sbin/ip -family inet -oneline address show
2014-05-29T03:06:30Z DEBUG stdout=1: lo    inet 127.0.0.1/8 scope host lo
2: eth0    inet 192.168.121.153/24 brd 192.168.121.255 scope global eth0
3: eth1    inet 192.168.145.3/24 brd 192.168.145.255 scope global eth1
4: eth2    inet 192.168.144.101/24 brd 192.168.144.255 scope global eth2

2014-05-29T03:06:30Z DEBUG stderr=
2014-05-29T03:06:30Z DEBUG will use dns_forwarders: ()

2014-05-29T03:06:30Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
2014-05-29T03:06:30Z DEBUG args=klist -V
2014-05-29T03:06:30Z DEBUG stdout=Kerberos 5 version 1.10.3

2014-05-29T03:06:30Z DEBUG stderr=
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
2014-05-29T03:06:30Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/install/plugins'...
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/adtrust.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/baseupdate.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/dns.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py'
2014-05-29T03:06:30Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py'
2014-05-29T03:06:31Z DEBUG args=/usr/sbin/groupadd -r dirsrv
2014-05-29T03:06:31Z DEBUG stdout=
2014-05-29T03:06:31Z DEBUG stderr=
2014-05-29T03:06:31Z DEBUG done adding DS group
2014-05-29T03:06:31Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2014-05-29T03:06:31Z DEBUG Configuring directory server for the CA (pkids): Estimated time 30 seconds
2014-05-29T03:06:31Z DEBUG   [1/3]: creating directory server user
2014-05-29T03:06:31Z DEBUG adding ds user pkisrv
2014-05-29T03:06:31Z DEBUG args=/usr/sbin/useradd -g dirsrv -c PKI DS System User -d /var/lib/dirsrv -s /sbin/nologin -M -r pkisrv
2014-05-29T03:06:31Z DEBUG stdout=
2014-05-29T03:06:31Z DEBUG stderr=
2014-05-29T03:06:31Z DEBUG done adding user
2014-05-29T03:06:31Z DEBUG   duration: 0 seconds
2014-05-29T03:06:31Z DEBUG   [2/3]: creating directory server instance
2014-05-29T03:06:31Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2014-05-29T03:06:31Z DEBUG writing inf template
2014-05-29T03:06:31Z DEBUG 
[General]
FullMachineName=   ipa.example.com
SuiteSpotUserID=   pkisrv
SuiteSpotGroup=    dirsrv
ServerRoot=    /usr/lib64/dirsrv
[slapd]
ServerPort=   7389
ServerIdentifier=   PKI-IPA
Suffix=   dc=example,dc=com
RootDN=   cn=Directory Manager
ConfigFile = /usr/share/pki/ca/conf/database.ldif

2014-05-29T03:06:31Z DEBUG calling setup-ds.pl
2014-05-29T03:07:04Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpdhAfO4
2014-05-29T03:07:05Z DEBUG stdout=[14/05/28:23:07:04] - [Setup] Info Your new DS instance 'PKI-IPA' was successfully created.
Your new DS instance 'PKI-IPA' was successfully created.
[14/05/28:23:07:04] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'


2014-05-29T03:07:05Z DEBUG stderr=
2014-05-29T03:07:05Z DEBUG completed creating ds instance
2014-05-29T03:07:05Z DEBUG   duration: 33 seconds
2014-05-29T03:07:05Z DEBUG   [3/3]: restarting directory server
2014-05-29T03:07:08Z DEBUG args=/sbin/service dirsrv restart PKI-IPA
2014-05-29T03:07:08Z DEBUG stdout=Shutting down dirsrv: 
    PKI-IPA...[  OK  ]
Starting dirsrv: 
    PKI-IPA...[  OK  ]

2014-05-29T03:07:08Z DEBUG stderr=
2014-05-29T03:07:08Z DEBUG args=/sbin/service dirsrv status PKI-IPA
2014-05-29T03:07:08Z DEBUG stdout=dirsrv PKI-IPA (pid 4417) is running...

2014-05-29T03:07:08Z DEBUG stderr=
2014-05-29T03:07:08Z DEBUG wait_for_open_ports: localhost [7389] timeout 120
2014-05-29T03:07:08Z DEBUG args=/sbin/service dirsrv status PKI-IPA
2014-05-29T03:07:08Z DEBUG stdout=dirsrv PKI-IPA (pid 4417) is running...

2014-05-29T03:07:08Z DEBUG stderr=
2014-05-29T03:07:08Z DEBUG   duration: 3 seconds
2014-05-29T03:07:08Z DEBUG Done configuring directory server for the CA (pkids).
2014-05-29T03:07:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2014-05-29T03:07:08Z DEBUG Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
2014-05-29T03:07:08Z DEBUG   [1/21]: creating certificate server user
2014-05-29T03:07:08Z DEBUG adding ca user pkiuser
2014-05-29T03:07:09Z DEBUG args=/usr/sbin/useradd -c CA System User -d /var/lib -s /sbin/nologin -M -r pkiuser
2014-05-29T03:07:09Z DEBUG stdout=
2014-05-29T03:07:09Z DEBUG stderr=
2014-05-29T03:07:09Z DEBUG done adding user
2014-05-29T03:07:09Z DEBUG   duration: 0 seconds
2014-05-29T03:07:09Z DEBUG   [2/21]: creating pki-ca instance
2014-05-29T03:07:15Z DEBUG args=/usr/bin/pkicreate -pki_instance_root /var/lib -pki_instance_name pki-ca -subsystem_type ca -agent_secure_port 9443 -ee_secure_port 9444 -admin_secure_port 9445 -ee_secure_client_auth_port 9446 -unsecure_port 9180 -tomcat_server_port 9701 -redirect conf=/etc/pki-ca -redirect logs=/var/log/pki-ca -enable_proxy
2014-05-29T03:07:15Z DEBUG stdout=PKI instance creation Utility ...

Capturing installation information in /var/log/pki-ca-install.log

PKI instance creation completed ...

Installation information recorded in /var/log/pki-ca-install.log.
Before proceeding with the configuration, make sure 
the firewall settings of this machine permit proper 
access to this subsystem. 

Please start the configuration by accessing:

https://ipa.example.com:9445/ca/admin/console/config/login?pin=ZseKHBVVmHCzKea8V2PH

After configuration, the server can be operated by the command:

    /sbin/service pki-cad restart pki-ca


2014-05-29T03:07:15Z DEBUG stderr=[error] FAILED run_command("/sbin/service pki-cad restart pki-ca"), exit status=1 output="Stopping pki-ca: [  OK  ]
/usr/bin/runcon: invalid context: unconfined_u:system_r:pki_ca_script_t:s0: Invalid argument"

2014-05-29T03:07:15Z DEBUG   duration: 5 seconds
2014-05-29T03:07:15Z DEBUG   [3/21]: configuring certificate server instance
2014-05-29T03:07:15Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipa.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-C0AQqF -client_certdb_pwd XXXXXXXX -preop_pin ZseKHBVVmHCzKea8V2PH -domain_name IPA -admin_user admin -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host ipa.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=ipa.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false
2014-05-29T03:07:15Z DEBUG stdout=libpath=/usr/lib64
#######################################################################
CRYPTO INIT WITH CERTDB:/tmp/tmp-C0AQqF
tokenpwd:XXXXXXXX
#############################################
Attempting to connect to: ipa.example.com:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA

#######################################################################

2014-05-29T03:07:15Z DEBUG stderr=Exception: Unable to Send Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:579)
	at java.net.Socket.connect(Socket.java:528)
	at java.net.Socket.<init>(Socket.java:425)
	at java.net.Socket.<init>(Socket.java:241)
	at HTTPClient.sslConnect(HTTPClient.java:326)
	at ConfigureCA.LoginPanel(ConfigureCA.java:244)
	at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
	at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
	at ConfigureCA.LoginPanel(ConfigureCA.java:245)
	at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
	at ConfigureCA.main(ConfigureCA.java:1672)

2014-05-29T03:07:15Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipa.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-C0AQqF -client_certdb_pwd XXXXXXXX -preop_pin ZseKHBVVmHCzKea8V2PH -domain_name IPA -admin_user admin -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host ipa.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=ipa.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false' returned non-zero exit status 255
2014-05-29T03:07:15Z INFO   File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 942, in main
    subject_base=options.subject)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 617, in configure_instance
    self.start_creation(runtime=210)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 358, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 879, in __configure_instance
    raise RuntimeError('Configuration of CA failed')

2014-05-29T03:07:15Z INFO The ipa-server-install command failed, exception: RuntimeError: Configuration of CA failed

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to