Bug 2076633

Summary: ipa-server-install fails with 'RuntimeError: CA configuration failed'
Product: Red Hat Enterprise Linux 9 Reporter: Varun Mylaraiah <mvarun>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED DUPLICATE QA Contact: PKI QE <bugzilla-pkiqe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.1CC: edewata, frenaud, jpazdziora, pvlasin, rcritten, rjeffman, tscherf
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-25 15:29:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Varun Mylaraiah 2022-04-19 14:16:27 UTC 
Description of problem:
 ipa-server-install fails with 'RuntimeError: CA configuration failed'

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install IPA server 


Actual results: Install fails at CA configuration

Done configuring Kerberos KDC (krb5kdc).
2022-04-19T13:38:03+0000 Configuring kadmin
2022-04-19T13:38:03+0000   [1/2]: starting kadmin 
2022-04-19T13:38:03+0000   [2/2]: configuring kadmin to start on boot
2022-04-19T13:38:03+0000 Done configuring kadmin.
2022-04-19T13:38:03+0000 Configuring ipa-custodia
2022-04-19T13:38:03+0000   [1/5]: Making sure custodia container exists
2022-04-19T13:38:03+0000   [2/5]: Generating ipa-custodia config file
2022-04-19T13:38:03+0000   [3/5]: Generating ipa-custodia keys
2022-04-19T13:38:03+0000   [4/5]: starting ipa-custodia 
2022-04-19T13:38:03+0000   [5/5]: configuring ipa-custodia to start on boot
2022-04-19T13:38:03+0000 Done configuring ipa-custodia.
2022-04-19T13:38:03+0000 Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
2022-04-19T13:38:03+0000   [1/29]: configuring certificate server instance
2022-04-19T13:38:03+0000   [error] RuntimeError: CA configuration failed.
2022-04-19T13:38:03+0000 
2022-04-19T13:38:03+0000 STDERR: Checking DNS domain testrealm.test., please wait ...
2022-04-19T13:38:03+0000 Checking DNS domain 201.0.10.in-addr.arpa., please wait ...
2022-04-19T13:38:03+0000 DNS zone 201.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['infoblox-trust01.intranet.prod.int.rdu2.redhat.com.', 'infoblox-trust01.intranet.prod.int.phx2.redhat.com.', 'ns02.intranet.prod.int.phx2.redhat.com.', 'ns01.intranet.prod.int.phx2.redhat.com.']
2022-04-19T13:38:03+0000 Synchronizing time
2022-04-19T13:38:03+0000 No SRV records of NTP servers found and no NTP server or pool address was provided.
2022-04-19T13:38:03+0000 Attempting to sync time with chronyc.
2022-04-19T13:38:03+0000 Process chronyc waitsync failed to sync time!
2022-04-19T13:38:03+0000 Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
2022-04-19T13:38:03+0000 Validate installation settings ...
2022-04-19T13:38:03+0000 Create file system structures ...
2022-04-19T13:38:03+0000 Perform SELinux labeling ...
2022-04-19T13:38:03+0000 Create database backend: dc=testrealm,dc=test ...
2022-04-19T13:38:03+0000 Perform post-installation tasks ...
2022-04-19T13:38:03+0000 Failed to configure CA instance
2022-04-19T13:38:03+0000 See the installation logs and the following files/directories for more information:
2022-04-19T13:38:03+0000   /var/log/pki/pki-tomcat
2022-04-19T13:38:03+0000 CA configuration failed.
2022-04-19T13:38:03+0000 The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Expected results: IPA install should be successful.
Comment 4 Rob Crittenden 2022-04-19 14:47:28 UTC 
Please provide the CA spawn and debug logs.
Comment 7 Rob Crittenden 2022-04-20 13:13:58 UTC 
I can reproduce this as well. Re-assigning to the pki team for investigation.
Comment 11 Endi Sukma Dewata 2022-04-25 15:29:25 UTC 
Hi, I think this is the same issue reported in bug #2077764
(i.e. same stack trace) which was caused by an incomplete
update of PKI packages in RHEL 9.1 (bug #2075154), so I'll
mark this as a duplicate.

The update should be complete now so please try again. Feel
free to reopen if it's still a problem. Thanks!

*** This bug has been marked as a duplicate of bug 2075154 ***