The log file size is exceeding the upload limit here.

I am adding the snippets of the pki-ca-spawn log here for reference:
INFO ....... executing 'systemctl daemon-reload'

2014-07-14 14:12:07 pkispawn : INFO ....... executing 'systemctl start pki-tomcatd@pki-ipa.service'

2014-07-14 14:12:07 pkispawn : DEBUG ........... No connection - server may still be down

2014-07-14 14:12:07 pkispawn : DEBUG ........... No connection - exception thrown: HTTPSConnectionPool(host='idm-qe-01.lab.eng.rdu2.redhat.com', port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by <class 'socket.error'>: [Errno 111] Connection refused)

2014-07-14 14:12:11 pkispawn : DEBUG ........... <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>0</State><Type>CA</Type><Status>running</Status><Version>10.2.0-0.5.20140714T0343zgitcabfda3.fc20</Version></XMLResponse>

2014-07-14 14:12:12 pkispawn : INFO ....... constructing PKI configuration data.

2014-07-14 14:12:12 pkispawn : INFO

2014-07-14 14:12:37 pkispawn : DEBUG ....... saving CA idm-qe 01.lab.eng.rdu2.redhat.com 8443 Admin Certificate to file: '/opt/rhqa_pki/ca_admin.cert'

2014-07-14 14:12:37 pkispawn : INFO ....... AtoB /opt/rhqa_pki/ca_admin.cert /opt/rhqa_pki/ca_admin.cert.der

2014-07-14 14:12:37 pkispawn : INFO ....... certutil -A -d /opt/rhqa_pki/certs_db -n caadmincert -t u,u,u -i /opt/rhqa_pki/ca_admin.cert.der -f /opt/rhqa_pki/ca/password.conf

2014-07-14 14:12:37 pkispawn : INFO ....... pk12util -d /opt/rhqa_pki/certs_db -o /opt/rhqa_pki/caadmincert.p12 -n caadmincert -w /opt/rhqa_pki/ca/pkcs12_password.conf -k /opt/rhqa_pki/ca/password.conf

2014-07-14 14:12:37 pkispawn : INFO ... finalizing 'pki.server.deployment.scriptlets.finalization'

2014-07-14 14:12:37 pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-ipa/ca/deployment.cfg /var/log/pki/pki-ipa/ca/archive/spawn_deployment.cfg.20140714141205

2014-07-14 14:12:37 pkispawn : DEBUG ........... chmod 660 /var/log/pki/pki-ipa/ca/archive/spawn_deployment.cfg.20140714141205

2014-07-14 14:12:37 pkispawn : DEBUG ........... chown 17:17 /var/log/pki/pki-ipa/ca/archive/spawn_deployment.cfg.20140714141205

2014-07-14 14:12:37 pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-ipa/ca/manifest'

2014-07-14 14:12:37 pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-ipa/ca/manifest /var/log/pki/pki-ipa/ca/archive/spawn_manifest.20140714141205

2014-07-14 14:12:37 pkispawn : DEBUG ........... chmod 660 /var/log/pki/pki-ipa/ca/archive/spawn_manifest.20140714141205

2014-07-14 14:12:37 pkispawn : DEBUG ........... chown 17:17 /var/log/pki/pki-ipa/ca/archive/spawn_manifest.20140714141205

2014-07-14 14:12:37 pkispawn : INFO ....... executing 'systemctl daemon-reload'

2014-07-14 14:12:37 pkispawn : INFO ....... executing 'systemctl restart
pki-tomcatd@pki-ipa.service'

2014-07-14 14:12:38 pkispawn : ERROR ....... subprocess.CalledProcessError: Command
'['systemctl', 'restart', 'pki-tomcatd@pki-ipa.service']' returned non-zero exit status 1!

2014-07-14 14:12:38 pkispawn : DEBUG ....... Error Type: CalledProcessError

2014-07-14 14:12:38 pkispawn : DEBUG ....... Error Message: Command '['systemctl',
'restart', 'pki-tomcatd@pki-ipa.service']' returned non-zero exit status 1

2014-07-14 14:12:38 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 514, in main
rv = instance.spawn(deployer)

File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/finalization.py", line 72, in spawn
deployer.systemd.restart()

File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3416, in restart
subprocess.check_call(command)

File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
raise CalledProcessError(retcode, cmd)

These AVC denied messages shows up:

type=AVC msg=audit(1405378027.744:246): avc: denied { setfscreate } for pid=22609 comm="cp" scontext=system_u:system_r:pki_tomcat_t:s0 tcontext=system_u:system_r:pki_tomcat_t:s0 tclass=process
type=AVC msg=audit(1405378027.745:247): avc: denied { relabelfrom } for pid=22609 comm="cp" name="CS.cfg.bak.20140714184707" dev="dm-1" ino=266860 scontext=system_u:system_r:pki_tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=file
type=AVC msg=audit(1405378027.747:248): avc: denied { create } for pid=22610 comm="ln" name="CS.cfg.bak" scontext=system_u:system_r:pki_tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=lnk_file

There's a ticket for selinux-policy-targeted to fix this: https://bugzilla.redhat.com/show_bug.cgi?id=1117673

In the meantime, if it's possible to put SELinux into permissive mode, that will get
things moving again.

Since this ticket is dependent upon a change to the system SELinux policy; it still needs to be determined if a short-term work-around needs to be implemented (e. g. - performing a copy rather than a symlink).

Leaving this ticket in TRIAGE for now. However, if a work-around is required, then this ticket needs to be placed into the 10.2 (July) milestone; otherwise, it should be able to be closed as WORKSFORME.

Proposed CLOSE WORKSFORME. 07/21/2014 - Determined that we would leave this ticket opened in TRIAGE until such time as the SELinux issue is resolved at which time we will close this ticket as WORKSFORME.

Per CS/DS meeting of 08/04/2014: closed as INVALID since this is not a Dogtag bug.

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1635

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.