Bug 1868822

Summary: ipa-server-install failed: RuntimeError: CA configuration failed.
Product: [Fedora] Fedora Reporter: Robbie Harwood <rharwood>
Component: pki-coreAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, alee, ascheel, contribs, dmoluguw, edewata, ipa-maint, jcholast, jhrozek, jpazdziora, kwright, mharmsen, mhjacks, pvoborni, rcritten, ssorce, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-24 18:29:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Tarball of /var/log none

Description Robbie Harwood 2020-08-13 21:51:45 UTC 
On a rawhide VM:

hostnamectl set-hostname ipa-primary.rharwood.local
dnf install -y ipa-server{,-dns}
ipa-server-install -N

And it died with:

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/30]: configuring certificate server instance
Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpksmpqaf2'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\n/usr/lib/python3.9/site-packages/urllib3/connection.py:377: SubjectAltNameWarning: Certificate for ipa-primary.rharwood.local has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)\n  warnings.warn(\n')
See the installation logs and the following files/directories for more information:
  /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
CA configuration failed.
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
[root@localhost ~]#
Comment 1 Robbie Harwood 2020-08-13 21:53:09 UTC 
Created attachment 1711397 [details]
Tarball of /var/log
Comment 2 Rob Crittenden 2020-08-17 15:00:33 UTC 
This seems related. Re-assigning to pki-core.

SEVERE: Servlet.service() for servlet [Resteasy] in context with path [/ca] threw exception [javax/xml/bind/annotation/XmlElement] with root cause
Comment 3 Alex Scheel 2020-08-24 18:29:35 UTC 
This seems to be a duplicate of bug #1866570; closing. 

This should be fixed on F33. On rawhide, we're waiting for a compose + packages getting to mirrors.

Fixed in Dogtag 10.9.2-2 patchset on Friday.

*** This bug has been marked as a duplicate of bug 1866570 ***