On a rawhide VM: hostnamectl set-hostname ipa-primary.rharwood.local dnf install -y ipa-server{,-dns} ipa-server-install -N And it died with: Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/30]: configuring certificate server instance Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpksmpqaf2'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\n/usr/lib/python3.9/site-packages/urllib3/connection.py:377: SubjectAltNameWarning: Certificate for ipa-primary.rharwood.local has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)\n warnings.warn(\n') See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. CA configuration failed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information [root@localhost ~]#
Created attachment 1711397 [details] Tarball of /var/log
This seems related. Re-assigning to pki-core. SEVERE: Servlet.service() for servlet [Resteasy] in context with path [/ca] threw exception [javax/xml/bind/annotation/XmlElement] with root cause
This seems to be a duplicate of bug #1866570; closing. This should be fixed on F33. On rawhide, we're waiting for a compose + packages getting to mirrors. Fixed in Dogtag 10.9.2-2 patchset on Friday. *** This bug has been marked as a duplicate of bug 1866570 ***