Created attachment 737184 [details] ipaserver-install.log Description of problem: ipa-server-install --setup-dns fails with error 2013-04-18T12:33:09Z INFO The ipa-server-install command failed, exception: IOError: [Errno 2] No such file or directory: '/root/.pki/pki-tomcat/ca_admin_cert.p12' Version-Release number of selected component (if applicable): freeipa-client-3.2.0-0.2.beta1.fc19.x86_64 freeipa-admintools-3.2.0-0.2.beta1.fc19.x86_64 freeipa-server-3.2.0-0.2.beta1.fc19.x86_64 freeipa-server-selinux-3.2.0-0.2.beta1.fc19.x86_64 freeipa-python-3.2.0-0.2.beta1.fc19.x86_64 pki-ca-10.0.1-2.1.fc19.noarch pki-base-10.0.1-2.1.fc19.noarch pki-tools-10.0.1-2.1.fc19.x86_64 krb5-pkinit-1.11.2-2.fc19.x86_64 pki-server-10.0.1-2.1.fc19.noarch dogtag-pki-server-theme-10.0.0-2.fc19.noarch How reproducible: Install freeipa from updates-testing repo 1. yum install freeipa-server --enablerepo=updates-testing 2. Issue ipa-server-install Actual results: Traceback (innermost last): File "/usr/lib/python2.7/site-packages/pki/deployment/configuration.jy", line 110, in ? File "/usr/lib/python2.7/site-packages/pki/deployment/configuration.jy", line 107, in main File "/usr/lib/python2.7/site-packages/pki/deployment/pkijython.py", line 531, in configure_pki_data at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:523) at org.jboss.resteasy.client.core.BaseClientResponse.createResponseFailure(BaseClientResponse.java:514) at org.jboss.resteasy.client.core.BaseClientResponse.checkFailureStatus(BaseClientResponse.java:508) at org.jboss.resteasy.client.core.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:38) at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:120) at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:88) at com.sun.proxy.$Proxy20.configure(Unknown Source) at com.netscape.certsrv.system.SystemConfigClient.configure(SystemConfigClient.java:50) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) org.jboss.resteasy.client.ClientResponseFailure: org.jboss.resteasy.client.ClientResponseFailure: Error status 404 Not Found returned 2013-04-18T12:33:09Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 613, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1022, in main dm_password, subject_base=options.subject) File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 617, in configure_instance self.start_creation(runtime=210) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 362, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 746, in __spawn_instance "/root/ca-agent.p12") File "/usr/lib64/python2.7/shutil.py", line 301, in move copy2(src, real_dst) File "/usr/lib64/python2.7/shutil.py", line 130, in copy2 copyfile(src, dst) File "/usr/lib64/python2.7/shutil.py", line 82, in copyfile with open(src, 'rb') as fsrc: 2013-04-18T12:33:09Z INFO The ipa-server-install command failed, exception: IOError: [Errno 2] No such file or directory: '/root/.pki/pki-tomcat/ca_admin_cert.p12' Expected results: ipa should be configured successfully Additional info:
I found out that this issue is due to Dogtag (or tomcat) requiring 'java-atk-wrapper.jar' which is now in a separate package 'java-atk-wrapper'. There should be dependency to it from either Dogtag or tomcat side. Moving the bug to Dogtag.
From catalina.out: INFO: Deploying web application directory /var/lib/pki/pki-tomcat/webapps/ROOT Apr 18, 2013 10:26:21 AM org.apache.tomcat.util.scan.StandardJarScanner scan WARNING: Failed to scan [file:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/lib/ext/java-atk-wrapper.jar] from classloader hierarchy java.io.FileNotFoundException: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/lib/ext/java-atk-wrapper.jar (No such file or directory) at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.<init>(ZipFile.java:214) at java.util.zip.ZipFile.<init>(ZipFile.java:144) at java.util.jar.JarFile.<init>(JarFile.java:153) at java.util.jar.JarFile.<init>(JarFile.java:90) at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) ... Apr 18, 2013 10:26:21 AM org.apache.catalina.startup.ContextConfig processServletContainerInitializers SEVERE: Failed to process JAR found at URL [jar:file:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/lib/ext/java-atk-wrapper.jar!/] for ServletContainerInitializers for context with name [] Apr 18, 2013 10:26:22 AM org.apache.catalina.startup.ContextConfig configureStart SEVERE: Marking this application unavailable due to previous error(s) Apr 18, 2013 10:26:22 AM org.apache.catalina.startup.TldConfig tldScanJar WARNING: Failed to process JAR [jar:file:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/lib/ext/java-atk-wrapper.jar!/] for TLD files java.io.FileNotFoundException: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/lib/ext/java-atk-wrapper.jar (No such file or directory)
Created attachment 737329 [details] Java traceback in catalina.out
I'm also seeing the main IOError on Fedora 18 but, I've got java-atk-wrapper installed. And I'm not seeing the same backtrace. Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/20]: creating certificate server user [2/20]: configuring certificate server instance Unexpected error - see /var/log/ipaserver-install.log for details: IOError: [Errno 2] No such file or directory: '/root/.pki/pki-tomcat/ca_admin_cert.p12' Now, I did notice here: ./pki/pki-ca-spawn.20130502125939.log Thare are a few references to /root/.dogtag/pki-tomcat/ca_admin_cert.p12 with .dogtag instead of .pki. And I see that referenced here: /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py Could that be related to the cause of the problem I'm seeing?
Scott, yours is a different issue. In pki-core the agent file changed directories by default. See upstream ticket https://fedorahosted.org/freeipa/ticket/3599
Ok, and I did try adding a link from /root/.dogtag to /root/.pki and it worked. So, I've got a workaround for now. Thanks, Scott
# Configure the IPA server yum install --assumeyes bind bind-dyndb-ldap freeipa-server authconfig --enablemkhomedir --update # Red Hat Bug 921707 mkdir -p /root/.pki/pki-tomcat # Red Hat Bug 953413 ln --symbolic \\ --target-directory /root/.pki/pki-tomcat \\ /root/.dogtag/pki-tomcat/ca_admin_cert.p12 # Red Hat Bug 953413 ipa-server-install .... Is there a Red Hat bug report specific to FreeIPA server 3.1.3-5 for tracking the implementation of FreeIPA ticket 3599 that I should reference instead of this one?
This is known to affect F18/3.1.x but there is no F-18-specific BZ at this time. We will backport the fix to the 3.1 branch upstream.
Ticket 3599 was resolved upstream, we will discuss releasing FreeIPA for F18 with this fix included.
Verified correction for Fedora 18 in 3.1.4-1
Ok, thanks for the test!
This message is a notice that Fedora 19 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 19. It is Fedora's policy to close all bug reports from releases that are no longer maintained. Approximately 4 (four) weeks from now this bug will be closed as EOL if it remains open with a Fedora 'version' of '19'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 19 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Has this been fixed on Fedora 19 where the reporter saw it? Should this have ERRATA or CURRENTRELEASE resolution?
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.