+++ This bug was initially created as a clone of Bug #698796 +++ This issue is known to be observed in F15. # ipa-server-install -p secret123 -a secret123 ... Configuring certificate server: Estimated time 6 minutes [1/17]: creating certificate server user [2/17]: creating pki-ca instance [3/17]: restarting certificate server [4/17]: configuring certificate server instance [5/17]: restarting certificate server [6/17]: creating CA agent PKCS#12 file in /root [7/17]: creating RA agent certificate database [8/17]: importing CA chain to RA certificate database Unexpected error - see ipaserver-install.log for details: Unable to retrieve CA chain: request failed with HTTP status 500 From Ade: Basically, one of the things that the CA does on startup is read some configuration data in /etc/pki-ca/registry.cfg. The way the code is currently written, it reads in this data and then promptly overwrites this file the data it has just read. It actually does this multiple times - once for each plugin it reads in. During the IPA installation process, we end up starting up and shutting down the CA multiple times. In fact, one of these restarts is issued while the server is coming up - and in particular - while this file is being overwritten. The way tomcat code works, if the server is shut down while not completely up (ie. before the ports are available), then the server will call System.exit() immediately. This means that the registry.cfg file is left in an incomplete, corrupted state - and any subsequent restarts are incomplete. The simple code fix is simply not to rewrite this config file on startup. There is no reason to do so - as we are just rewriting the data we just read in. I have coded a fix that addresses this - and was able to configure IPA multiple times with no issue. --- Additional comment from dpal on 2011-04-21 16:01:11 EDT --- https://fedorahosted.org/freeipa/ticket/1186 --- Additional comment from dpal on 2011-04-21 16:01:47 EDT --- https://fedorahosted.org/freeipa/ticket/1186 --- Additional comment from alee on 2011-04-21 16:26:26 EDT --- Created attachment 493983 [details] patch to fix --- Additional comment from jmagne on 2011-04-21 17:00:48 EDT --- Comment on attachment 493983 [details] patch to fix This fix looks pretty straightforward. It would be good to have awnuk to have a quick look in case he knows of any gotchas.
tip: [vakwetu@dhcp231-121 common]$ svn ci -m "Bugzilla Bug 698885 - Race conditions during IPA installation" Sending common/src/com/netscape/cmscore/registry/PluginRegistry.java Transmitting file data . Committed revision 1983.
I was able to successfully install FreeIPA with pki-core-9.0.7-1.fc15 installed. Everything seems to be working fine.
Bug is already verified as reported in the comment #4.
This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping