Ubuntu
freeipa package

free-ipa-server install fails

Bug #1698309 reported by Aaron Thomas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeipa (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

clean install ubuntu 16.04, kernel 4.4.0-79, running ipa-server-install after installing freeipa-server always fails. It successfully gets through all 46 previous steps, and fails on pki-tomcatd:

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
  [1/28]: creating certificate server user
  [2/28]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpIHv1S_' returned non-zero exit status 255
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

CA configuration failed. Something is certainly wrong when the software can't be installed on a newly installed ubuntu box.

Namely, the script seems to choke when trying to write out the config file:

2017-06-16T07:09:49Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpIHv1S_
2017-06-16T07:09:49Z DEBUG Process finished, return code=255
2017-06-16T07:09:49Z DEBUG stdout=ERROR: File '/etc/pki/default.cfg' is either missing or is NOT a regular file!

usage: pkispawn [-s <subsystem>] [-h] [-v] [-p <prefix>] [-f <file>]

PKI Instance Installation and Configuration

There's nowhere in the documentation, in the script, in the packages, anywhere, that says I should first create a /etc/pki/default.cfg file, nor what that file should contain (it appears the script is trying to generate that file itself but doesn't). A fix would be appreciated.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: freeipa-server 4.3.1-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-79.100-generic 4.4.67
Uname: Linux 4.4.0-79-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.6
Architecture: amd64
Date: Fri Jun 16 00:12:29 2017
InstallationDate: Installed on 2017-05-05 (41 days ago)
InstallationMedia: Ubuntu-Server 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.8)
ProcEnviron:
 TERM=xterm-color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: freeipa
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Aaron Thomas (athomas-work) wrote :
Revision history for this message
Aaron Thomas (athomas-work) wrote :

Note, this is a VM running on VMware. It was cloned from a template generated last month.

Revision history for this message
Aaron Thomas (athomas-work) wrote :

Also, if I touch /etc/pki/default.cfg, it still fails, because /etc/pki/pki.conf doesn't exist and isn't created by anything. If pki is supposed to be configured prior to installing ipa, as a stand alone server separate from ipa, having that documented might be a good idea. As it is it appears ipa needs to configure the service to manage it, and it doesn't appear to actually be doing that.

Revision history for this message
Aaron Thomas (athomas-work) wrote :

I wiped and did a reinstall. Looks like /etc/pki has contents this time, so it seems something wiped out the /etc/pki folder without replacing its contents.

I'll close this for now, until I run into the next issue.

Revision history for this message
Aaron Thomas (athomas-work) wrote :

no new info

Changed in freeipa (Ubuntu):
status: New → Incomplete
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.