Bug 1168127
| Summary: | IPA install failing with pki-core build - 10.1.2-6.el7 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Kaleem <ksiddiqu> | ||||
| Component: | pki-core | Assignee: | Matthew Harmsen <mharmsen> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Asha Akkiangady <aakkiang> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 7.1 | CC: | jcholast, jgalipea, jpazdziora, lmiksik, mkosek, nkinder, nsoman, ovasik, pviktori | ||||
| Target Milestone: | rc | Keywords: | Regression, Reopened, TestBlocker | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-03-26 11:53:37 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 1165351 *** IPA server install is now successful with build pki-ca-10.1.2-7.el7.noarch [root@dhcp207-1 ~]# rpm -q ipa-server pki-ca ipa-server-4.1.0-10.el7.x86_64 pki-ca-10.1.2-7.el7.noarch [root@dhcp207-1 ~]# [root@dhcp207-1 ~]# ipa-server-install --setup-dns --forwarder=10.65.201.89 --hostname=`hostname` -r TESTRELM.TEST -n testrelm.test -p xxxxxxxx -P xxxxxxxx -a xxxxxxxx -U ... Configuring NTP daemon (ntpd) [1/4]: stopping ntpd .. [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user ... .... [38/38]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user .. [27/27]: Configure HTTP to proxy connections Done configuring certificate server (pki-tomcatd). Configuring directory server (dirsrv): Estimated time 10 seconds [1/3]: configuring ssl for ds instance .. [3/3]: adding CA certificate entry Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds [1/10]: adding sasl mappings to the directory ... [10/10]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Configuring the web interface (httpd): Estimated time 1 minute [1/15]: setting mod_nss port to 443 ... [15/15]: configuring httpd to start on boot Done configuring the web interface (httpd). Applying LDAP updates Restarting Directory server to apply updates [1/2]: stopping directory server [2/2]: starting directory server Done. Restarting the directory server Restarting the KDC Restarting the certificate server Configuring DNS (named) [1/12]: generating rndc key file ... [12/12]: changing resolv.conf to point to ourselves Done configuring DNS (named). Restarting named Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files Restarting the web server ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password |
Created attachment 961536 [details] snippets from log files Description of problem: IPA Server install failing with latest pki-core build, 10.1.2-6.el7. Following seen in pki service status. Nov 26 13:53:58 dhcp207-1.testrelm.test pkidaemon[21572]: WARNING: Attempting to change symbolic link '/var/lib/pki/pki-tomcat/common/lib/jss4.jar' to point to target '/jss4.jar' INSTEAD of current target '/usr/lib/java/jss4.jar'! Nov 26 13:53:58 dhcp207-1.testrelm.test pkidaemon[21572]: INFO: Removed '/var/lib/pki/pki-tomcat/common/lib/jss4.jar' -> '/usr/lib/java/jss4.jar'! Nov 26 13:53:58 dhcp207-1.testrelm.test pkidaemon[21572]: INFO: Attempting to create '/var/lib/pki/pki-tomcat/common/lib/jss4.jar' -> '/jss4.jar' . . . Nov 26 13:53:58 dhcp207-1.testrelm.test pkidaemon[21572]: ERROR: Failed making '/var/lib/pki/pki-tomcat/common/lib/jss4.jar' -> '/jss4.jar' since target '/jss4.jar' does NOT exist! Version-Release number of selected component (if applicable): pki-core-10.1.2-6.el7 How reproducible: Always Steps to Reproduce: 1.Install IPA server with pki-core build 10.1.2-6.el7 Actual results: IPA install fails while configuring CA instance Expected results: IPA install should be successful. Additional info: Please find the attached file for snippets from log files.