Bug 676051 - IPA installation failing - Fails to create CA instance
Summary: IPA installation failing - Fails to create CA instance
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pki-core
Version: 6.1
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: ---
Assignee: Matthew Harmsen
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 676182
TreeView+ depends on / blocked
 
Reported: 2011-02-08 17:56 UTC by Jenny Severance
Modified: 2015-01-04 23:46 UTC (History)
5 users (show)

Fixed In Version: pki-core-9.0.3-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 676182 (view as bug list)
Environment:
Last Closed: 2011-05-19 13:44:00 UTC
Target Upstream Version:

Attachments (Terms of Use)
Additional runtime requirements (1.82 KB, patch)
2011-02-10 02:39 UTC, Matthew Harmsen 		jmagne: review+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:0627 0 normal SHIPPED_LIVE new package: pki-core 2011-05-18 17:56:00 UTC

Description Jenny Severance 2011-02-08 17:56:18 UTC 
Description of problem:


<snip>

2011-02-08 12:29:09,274 DEBUG [2/17]: creating pki-ca instance
2011-02-08 12:29:09,411 INFO args=/usr/bin/pkicreate -pki_instance_root /var/lib -pki_instance_name pki-ca -subsystem_type ca -agent_secure_port 9443 -ee_secure_port 9444 -admin_secure_port 9445 -ee_secure_client_auth_port 9446 -unsecure_port 9180 -tomcat_server_port 9701 -redirect conf=/etc/pki-ca -redirect logs=/var/log/pki-ca
2011-02-08 12:29:09,411 INFO stdout=PKI instance creation Utility ...

Capturing installation information in /var/log/pki-ca-install.log

2011-02-08 12:29:09,411 INFO stderr=[error] could not find jar: apache-commons-lang.jar or jakarta-commons-lang.jar

2011-02-08 12:29:09,413 DEBUG Command '/usr/bin/pkicreate -pki_instance_root /var/lib -pki_instance_name pki-ca -subsystem_type ca -agent_secure_port 9443 -ee_secure_port 9444 -admin_secure_port 9445 -ee_secure_client_auth_port 9446 -unsecure_port 9180 -tomcat_server_port 9701 -redirect conf=/etc/pki-ca -redirect logs=/var/log/pki-ca' returned non-zero exit status 255
File "/usr/sbin/ipa-server-install", line 943, in <module>
sys.exit(main())

File "/usr/sbin/ipa-server-install", line 743, in main
subject_base=options.subject)

File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 466, in configure_instance
self.start_creation("Configuring certificate server", 360)

File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 281, in start_creation
method()

File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 486, in create_instance
ipautil.run(args)

File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 154, in run
raise CalledProcessError(p.returncode, args)

</snip> 


Version-Release number of selected component (if applicable):
ipa-server-2.0.0-9.2011020802git7be1275.el6

How reproducible:
always

Steps to Reproduce:
1. yum install ipa-server
2. ipa-server-install --setup-dns --forwarder=ip_of_forwarder --hostname=server_hostanem -r $RELM -n $DOMAIN -p $ADMINPW -P $ADMINPW -a $ADMINPW -U
3.
  
Actual results:
see description

Expected results:
successful installation

Additional info:
Comment 1 Rob Crittenden 2011-02-08 18:06:06 UTC 
These missing dependencies are the responsibility of the cert system, re-assigning.
Comment 2 John Dennis 2011-02-08 19:17:39 UTC 
I'm guessing this is a dependency problem in one of the spec files. 
Probably due to the fact jakarata-commons-* was renamed in F14 and above 
to apache-commons-*. RHEL 6 does not have the newer apache-commons-* 
package names, it still uses the older jakarta-commons-* package names.

FWIW, pkicreate was updated to handle the jar rename, see bug 665388. Patch was already committed to trunk.

I think the only thing we need to do is update the dependency in the spec file to account for the difference between RHEL 6 and Fedora.
Comment 3 Matthew Harmsen 2011-02-10 02:39:27 UTC 
Created attachment 477946 [details]
Additional runtime requirements

RHEL differs from later Fedora platforms in the name of their runtime
requirements
Comment 4 Matthew Harmsen 2011-02-10 02:54:57 UTC 
IPA_v2_RHEL_6_1_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M       dogtag/common/pki-common.spec
M       specs/pki-core.spec

# svn commit
Sending        dogtag/common/pki-common.spec
Sending        specs/pki-core.spec
Transmitting file data ..
Committed revision 1837.
Comment 9 Jenny Severance 2011-02-28 20:33:53 UTC 
Verified - version: ipa-server-2.0.0-13.el6.x86_64

Directory Server PKI-CA Instance

[root@hp-dl180g6-01 ~]# ps -ef | grep slapd
pkisrv    7899     1  0 15:31 ?        00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid

[root@hp-dl180g6-01 ~]# kinit admin
Password for admin.BOS.REDHAT.COM: 
[root@hp-dl180g6-01 ~]# ipa user-find
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  Account disabled: False
  Member of groups: admins
----------------------------
Number of entries returned 1
Comment 10 errata-xmlrpc 2011-05-19 13:44:00 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0627.html
Note You need to log in before you can comment on or make changes to this bug.