On 03.05.2018 13:07, Kees Bakker via FreeIPA-users wrote: > Hey, > > Trying to do a test installation of a FreeIPA server on Ubuntu 18.04. > It fails setting up the certificate server (pki-tomcatd). > > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes > [1/28]: configuring certificate server instance > ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: > CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', > '/tmp/tmp5ejwx5'] returned non-zero exit status 1: u"pkispawn : ERROR > ....... subprocess.CalledProcessError: Command '['sysctl', > 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn > : ERROR ........... server did not start after 60s\npkispawn : ERROR > ....... server failed to restart\n") > ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the > following files/directories for more information: > ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat > [error] RuntimeError: CA configuration failed. > ipapython.admintool: ERROR CA configuration failed. > ipapython.admintool: ERROR The ipa-server-install command failed. See > /var/log/ipaserver-install.log for more information > > The failing command is: sysctl crypto.fips_enabled -bn > On my system there is no /proc/sys/crypto.
That's not the error you're looking for. Ubuntu has dogtag-pki 10.6.0 which supports Tomcat 8.5, so that's not the issue either. Problem is that the default java version is now essentially Java10 (will be 11 later this year), and the latest upload of tomcat8 a week before release was then built with this new default instead of JDK8 as the old package which then made it incompatible with dogtag... So I had to create a 4600 line diff for tomcat to still support JRE8 runtime which Dogtag has to use, because it doesn't even build against anything newer.(#1) So, the big patch for tomcat8 didn't make it in the release, because Kubuntu (of all things..) has it in their image so it couldn't be pushed to the distro on the release day. Instead, the fixed tomcat8 is now sitting on the upload queue waiting for a brave SRU team member (not me) to review it and release to bionic-proposed, after which it can be tested for the bug... (#2) and I marked yours as a dupe of this. Note that ipa-dns-install is busted, named aborts on start for reasons that are still a mystery to me. #1 https://pagure.io/dogtagpki/issue/2982 #2 https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616 -- t _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
