On 04/08/2015 07:57 AM, Markus Roth wrote: > >> Endi Sukma Dewata <edew...@redhat.com> hat am 1. April 2015 um 23:56 >> geschrieben: >> >> >> On 4/1/2015 4:29 PM, Markus Roth wrote: >>> Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie: >>>> On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote: >>>>>>> On 03/31/2015 01:54 PM, Markus Roth wrote: >>>>>>>> Hi all, >>>>>>>> >>>>>>>> I want setup freeipa 4.1.3 on a fresh installed fedora 21. >>>>> >>>>>>>> The ipa-server-install shows the following output: >>>>> ... >>>>> >>>>>>>> Done configuring directory server (dirsrv). >>>>>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 >>>>>>>> minutes 30 >>>>>>>> seconds >>>>>>>> >>>>>>>> [1/27]: creating certificate server user >>>>>>>> [2/27]: configuring certificate server instance >>>>>>>> [3/27]: stopping certificate server instance to update CS.cfg >>>>>>>> [4/27]: backing up CS.cfg >>>>>>>> [5/27]: disabling nonces >>>>>>>> [6/27]: set up CRL publishing >>>>>>>> [7/27]: enable PKIX certificate path discovery and validation >>>>>>>> [8/27]: starting certificate server instance >>>>>>>> [error] RuntimeError: CA did not start in 300.0s >>>>>>>> >>>>>>>> CA did not start in 300.0s >>>>>>>> >>>>>>>> The ipa server install log shows this: >>>>>>>> >>>>>>>> 2015-03-31T17:39:35Z DEBUG The CA status is: check interrupted >>>>>>>> 2015-03-31T17:39:35Z DEBUG Waiting for CA to start... >>>>> >>>>> ... >>>>> >>>>>>>> I uninstalled the ipa server completely several times and installed >>>>>>>> it again. >>>>>>>> But it always stops at the same step with the setup. >>>>>>>> >>>>>>>> Can anybody help? >>>>> >>>>> Based on the IPA install log alone it looks like the DS is already >>>>> started, and the Dogtag is already started too in step [3/27]. It's the >>>>> restart on step [8/27] that is failing. >>>>> >>>>> We will need to see the Dogtag debug log in order to know if Dogtag is >>>>> indeed failing to restart or the installer for some reason cannot >>>>> connect to Dogtag. >>>> >>>> Hi Markus, >>>> >>>> Based on the logs that you sent me, the Dogtag took a really long time >>>> to start: >>>> >>>> INFORMATION: Server startup in 739700 ms >>>> >>>> More than half of that time was spent starting the CA subsystem alone: >>>> >>>> INFORMATION: Deployment of configuration descriptor /etc/pki >>>> /pki-tomcat/Catalina/localhost/ca.xml has finished in 393,390 ms >>>> >>>> The whole (failed) IPA installation took about 38 minutes. Is this correct? >>>> >>>> It's possible the system was running out of entropy. You might want to >>>> install haveged or rngd. See: >>>> http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ >>>> https://www.digitalocean.com/community/tutorials/how-to-setup-additional-ent >>>> ropy-for-cloud-servers-using-haveged >>>> >>>> However, the system seems to be running very slowly in general. How >>>> powerful is this machine? >>> >>> Hi Endi >>> >>> the system is a banana pi system. Seems that this ARM CPU based system isn't >>> suitable for FreeIPA.... >> >> The installation might still succeed if IPA doesn't have the 300s time >> limit. If you want to try, you probably can specify a larger >> startup_timeout in ~/.ipa/default.conf, or change the code in >> ipaplatform/redhat/services.py to wait indefinitely, and see what >> happens. I don't know if it will be usable though. >> >> -- >> Endi S. Dewata >> > > Yersterday I did the installation of freeipa on my banana Pi with modifying > the > source file ipalib/constants.py: ('startup_timeout', 300). I changed it to > 900 s. And the setup process was successful! The start of the CA had a > duration > of 630s! But after the installation freeipa is usable on the banana Pi. > > Thanks to Endi for help.
That's cool! Do you think that your experience from making it work could form a nice HOWTO article on http://www.freeipa.org/page/HowTos ? Maybe it would help others who would want to follow your example on FreeIPA at *Pi devices :-) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project