Bug 1892515
| Summary: | IPA server installation fails | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Ivan Garcia <igarcia> |
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED DUPLICATE | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.2 | CC: | abokovoy, rcritten, tscherf |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-29 06:41:34 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
No proxy environment variables or other process listening on 443 or 8443 were found during install time. *** This bug has been marked as a duplicate of bug 1892216 *** |
Description of problem: idm installation fails on RHEL 8.2. Recently there was an update and it broke (maybe?) the installer. Version-Release number of selected component (if applicable): ipa-common-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch python3-ipaclient-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f.noarch python3-libipa_hbac-2.2.3-20.el8.x86_64 sssd-ipa-2.2.3-20.el8.x86_64 ipa-server-common-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch python3-iniparse-0.4-31.el8.noarch ipa-client-common-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch libipa_hbac-2.2.3-20.el8.x86_64 ipa-healthcheck-core-0.4-4.module+el8.2.0+5489+95477d9f.noarch python3-ipalib-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch python3-ipaserver-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch ipa-server-4.8.4-7.module+el8.2.0+6046+aaa49f96.x86_64 ipa-server-dns-4.8.4-7.module+el8.2.0+6046+aaa49f96.noarch redhat-logos-ipa-81.1-1.el8.noarch ipa-client-4.8.4-7.module+el8.2.0+6046+aaa49f96.x86_64 How reproducible: Install IPA server via ipa-server-install --mkhomedir --setup-dns on RHEL 8.2 Steps to Reproduce: 1. dnf module enable idm:DL1 2. dnf module install idm:DL1/{server, dns} 3. ipa-server-install --mkhomedir --setup-dns Actual results: Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpm805vppc'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\nERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)\n File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main\n scriptlet.spawn(deployer)\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 836, in spawn\n request_timeout=status_request_timeout,\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 911, in wait_for_startup\n raise Exception(\'Server unreachable due to SSL error: %s\' % reason) from exc\n\n') See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. CA configuration failed. Expected results: IPA server, dns and CA installed successfully. Additional info: 2020-10-29T01:56:24Z DEBUG Starting external process 2020-10-29T01:56:24Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpm805vppc'] 2020-10-29T01:57:28Z DEBUG Process finished, return code=1 2020-10-29T01:57:28Z DEBUG stdout=Installation log: /var/log/pki/pki-ca-spawn.20201029015625.log Loading deployment configuration from /tmp/tmpm805vppc. WARNING: The 'pki_ssl_server_token' in [CA] has been deprecated. Use 'pki_sslserver_token' instead. Installing CA into /var/lib/pki/pki-tomcat. Installation failed: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897) 2020-10-29T01:57:28Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. ERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897) File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main scriptlet.spawn(deployer) File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 836, in spawn request_timeout=status_request_timeout, File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 911, in wait_for_startup raise Exception('Server unreachable due to SSL error: %s' % reason) from exc 2020-10-29T01:57:28Z CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpm805vppc'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\nERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)\n File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main\n scriptlet.spawn(deployer)\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 836, in spawn\n request_timeout=status_request_timeout,\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 911, in wait_for_startup\n raise Exception(\'Server unreachable due to SSL error: %s\' % reason) from exc\n\n') 2020-10-29T01:57:28Z CRITICAL See the installation logs and the following files/directories for more information: 2020-10-29T01:57:28Z CRITICAL /var/log/pki/pki-tomcat 2020-10-29T01:57:28Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 188, in spawn_instance ipautil.run(args, nolog=nolog_list) File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 598, in run p.returncode, arg_string, output_log, error_log ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpm805vppc'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\nERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)\n File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main\n scriptlet.spawn(deployer)\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 836, in spawn\n request_timeout=status_request_timeout,\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 911, in wait_for_startup\n raise Exception(\'Server unreachable due to SSL error: %s\' % reason) from exc\n\n') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 603, in start_creation run_step(full_msg, method) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 589, in run_step method() File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 596, in __spawn_instance nolog_list=nolog_list File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 190, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 423, in handle_setup_error raise RuntimeError("%s configuration failed." % self.subsystem) RuntimeError: CA configuration failed. 2020-10-29T01:57:28Z DEBUG [error] RuntimeError: CA configuration failed. 2020-10-29T01:57:28Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2020-10-29T01:57:28Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 340, in run return cfgr.run() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line 564, in main master_install(self) File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 276, in decorated func(installer) File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 891, in install ca.install_step_0(False, None, options, custodia=custodia) File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 355, in install_step_0 pki_config_override=options.pki_config_override, File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 480, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 603, in start_creation run_step(full_msg, method) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 589, in run_step method() File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 596, in __spawn_instance nolog_list=nolog_list File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 190, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 423, in handle_setup_error raise RuntimeError("%s configuration failed." % self.subsystem) 2020-10-29T01:57:28Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. 2020-10-29T01:57:28Z ERROR CA configuration failed. 2020-10-29T01:57:28Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information