#3964 ipa-ca-install fails with CA not starting after 120 seconds.
Closed: Fixed None Opened 6 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1005446

Created attachment 795045
ipa ca install log file

Description of problem:
install is one master, and one replica

After the master is installed, attempting to run ipa-ca-install on replica

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
# On master:
1. /usr/sbin/ipa-server-install --setup-dns --forwarder=
--hostname=qe-blade-04.testrelm.com -r TESTRELM.COM -n testrelm.com -p
Secret123 -P Secret123 -a Secret123 -U
2. ipa-replica-prepare --ip-address= qe-blade-05.testrelm.com
3. copy gpg file to Replica
# On Replica
4. ipa-replica-install --setup-dns
5. ipa-ca-install -p Secret123 -w Secret123 --skip-conncheck --unattended

Actual results:
[root@qe-blade-05 ~]# ipa-ca-install -p Secret123 -w Secret123 --skip-conncheck
--unattended /tmp/replica-info-qe-blade-05.testrelm.com.gpg
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
  [1/18]: creating certificate server user
  [2/18]: configuring certificate server instance
  [3/18]: stopping certificate server instance to update CS.cfg
  [4/18]: disabling nonces
  [5/18]: set up CRL publishing
  [6/18]: starting certificate server instance

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

CA did not start in 120s

Expected results:

Additional info:

Got a clue what is the root cause when investigating it, assigning to myself.

Patch freeipa-mkosek-428-pki-installation-on-replica-failing-due-to-missing-p.patch sent for review

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)

3 years ago

Login to comment on this ticket.