The nss rpm dependency for ipa-server-4.6.5-11.el7.centos.3.x86_64.rpm is out of date. rpm -q ipa-server --requires returns nss >= 3.14.3-12.0 but yum deplist ip-server shows a new version of nss is required.
rpm -q ipa-server --requires
nss >= 3.14.3-12.0
yum deplist ip-server
dependency: libnss3.so()(64bit) provider: nss.x86_64 3.44.0-4.el7
If ipa-server is installed without updating nss, the command ipa-server-install fails with a timeout waiting for the CA to start. This is also detailed at https://access.redhat.com/solutions/4350171
ipa-server-install
umask 0022 && ipa-server-install --unattended --domain=my.domain --realm=MY.DOMAIN --idstart=5000 --setup-dns --forwarder=8.8.8.8 --auto-reverse --hostname=ipa.my.domain --ip-address=10.255.173.160 --ds-password='d1r3ct0ry=P@ssw0r!' --admin-password='ipA=@dm1n=P@ssw0r!'
Times out waiting of the the CA to start.
[28/29]: adding 'ipa' CA entry [29/29]: configuring certmonger renewal for lightweight CAs Done configuring certificate server (pki-tomcatd). Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [2/3]: adding CA certificate entry [3/3]: restarting directory server Done configuring directory server (dirsrv). ipapython.admintool: ERROR CA did not start in 300.0s ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
Installation completes.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed package freeipa-client is not installed ipa-server-4.6.5-11.el7.centos.3.x86_64 ipa-client-4.6.5-11.el7.centos.3.x86_64 389-ds-base-1.3.9.1-12.el7_7.x86_64 pki-ca-10.5.16-5.el7_7.noarch krb5-server-1.15.1-37.el7_7.2.x86_64 nss-3.36.0-7.1.el7_6.x86_64
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Thanks for the ticket. We don't maintain the CentOS tickets. Please report the issue on the CentOS bug tracker https://bugs.centos.org/.
Thanks. Submitted https://bugs.centos.org/view.php?id=16814
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1754902
Issue linked to Bugzilla: Bug 1754902
master: - 5ef2d71 freeipa.spec.in: unify spec files across upstream RHEL, and Fedora
ipa-4-9: - 4b56a4c freeipa.spec.in: unify spec files across upstream RHEL, and Fedora
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.