hello all:
I am trying to install the freeipa-server(4.7.1) package on Debian9, which is
now failing, the failed message is pkispawn failed. The installation output is as follows,
after running apt install
freeipa-server. I want to know the effective way of installation freeipa-server
on debian. Can you provide the way of compile the freeipa project?
1. Debian9 system info.
Linux root 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1 (2019-04-12) x86_64 GNU/Linux
2. Freeipa-server deb info.
freeipa-admintools_4.7.1-3_amd64.deb freeipa-tests_4.7.1-3_all.deb
freeipa-client_4.7.1-3_amd64.deb pki-tools_10.6.8-2_amd64.deb
freeipa-common_4.7.1-3_all.deb python-ipaclient_4.7.1-3_all.deb
freeipa-server_4.7.1-3_amd64.deb python-ipalib_4.7.1-3_all.deb
freeipa-server-dns_4.7.1-3_all.deb python-ipaserver_4.7.1-3_all.deb
freeipa-server-trust-ad_4.7.1-3_amd64.deb python-ipatests_4.7.1-3_all.deb
3. The error log as follows.
ipa-server-install
2019-07-11T11:33:19Z DEBUG Starting external process
2019-07-11T11:33:19Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA',
'-f', '/tmp/tmpYHBX9A']
2019-07-11T11:34:20Z DEBUG Process finished, return code=1
2019-07-11T11:34:20Z DEBUG stdout=Starting pki-tomcatd (via systemctl):
pki-tomcatd.service.
Log file: /var/log/pki/pki-ca-spawn.20190711073319.log
Loading deployment configuration from /tmp/tmpYHBX9A.
WARNING: The 'pki_pin' in [CA] has been deprecated. Use
'pki_server_database_password' instead.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/dogtag/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed: server failed to restart
2019-07-11T11:34:20Z DEBUG stderr=pkispawn : ERROR Server did not start after 60s
configuration : ERROR Server failed to restart
2019-07-11T11:34:20Z CRITICAL Failed to configure CA instance: CalledProcessError(Command
['/usr/sbi
n/pkispawn', '-s', 'CA', '-f', '/tmp/tmpYHBX9A']
returned non-zero exit status 1: u'pkispawn :
ERROR Server did not start after 60s\nconfiguration : ERROR Server failed to
restart\n')
2019-07-11T11:34:20Z CRITICAL See the installation logs and the following
files/directories for more
information:
2019-07-11T11:34:20Z CRITICAL /var/log/pki/pki-tomcat
2019-07-11T11:34:20Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
605, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
591, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line
669, in __spawn_inst
ance
pki_pin)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 166, in spawn_in
stance
self.handle_setup_error(e)
[2019/7/12 16:01] wangyaliang (13985, Cloud):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/...
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 407, in handle_s
etup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
2019-07-11T11:34:20Z DEBUG [error] RuntimeError: CA configuration failed.
2019-07-11T11:34:20Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 17
9, in execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 347, in
run
return cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 360,
in run
return self.execute()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 386,
in execute
for rval in self._executor():
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 460,
in _handle_execute_ex
ception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in
run_generator_with_
yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in
run_generator_with_
yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 655,
in _configure
next(executor)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 460,
in _handle_execute_ex
ception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in
run_generator_with_
yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in
run_generator_with_
yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/__init__.py",
line 550, in main
master_install(self)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
line 253, in decorate
d
func(installer)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
line 842, in install
ca.install_step_0(False, None, options, custodia=custodia)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/ca.py", line 318, in
install_step_0
use_ldaps=standalone)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line
484, in configure_in
stance
self.start_creation(runtime=runtime)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
605, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
591, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line
669, in __spawn_inst
ance
pki_pin)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 166, in spawn_in
stance
self.handle_setup_error(e)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 407, in handle_s
etup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
2019-07-11T11:34:20Z DEBUG The ipa-server-install command failed, exception: RuntimeError:
CA config
uration failed.
2019-07-11T11:34:20Z ERROR CA configuration failed.
2019-07-11T11:34:20Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-install.log
for more information
4. Pkispawn error info.
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/ca/caAuditSigningCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/ca/caAuditSigningCert.profile
2019-07-08 03:58:07 pkispawn : INFO ....... cp -p
/usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/ca/caCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/ca/caCert.profile
2019-07-08 03:58:07 pkispawn : INFO ....... cp -p
/usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/ca/caOCSPCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/ca/caOCSPCert.profile
2019-07-08 03:58:07 pkispawn : INFO ....... cp -p
/usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/ca/serverCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/ca/serverCert.profile
2019-07-08 03:58:07 pkispawn : INFO ....... cp -p
/usr/share/pki/ca/conf/rsaSubsystemCert.profile
/etc/pki/pki-tomcat/ca/subsystemCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/ca/subsystemCert.profile
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/ca/subsystemCert.profile
2019-07-08 03:58:07 pkispawn : INFO ....... copying
'/usr/share/pki/ca/conf/proxy.conf' -->
'/etc/pki/pki-tomcat/ca/proxy.conf' with slot substitution
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/ca/proxy.conf
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/ca/proxy.conf
2019-07-08 03:58:07 pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/alias
/var/lib/pki/pki-tomcat/ca/alias
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown -h 111:117
/var/lib/pki/pki-tomcat/ca/alias
2019-07-08 03:58:07 pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/ca
/var/lib/pki/pki-tomcat/ca/conf
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown -h 111:117
/var/lib/pki/pki-tomcat/ca/conf
2019-07-08 03:58:07 pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat/ca
/var/lib/pki/pki-tomcat/ca/logs
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown -h 111:117
/var/lib/pki/pki-tomcat/ca/logs
2019-07-08 03:58:07 webapp : INFO Creating webapp
2019-07-08 03:58:07 pkispawn : INFO ....... mkdir -p
/var/lib/pki/pki-tomcat/ca/webapps
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 770
/var/lib/pki/pki-tomcat/ca/webapps
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/var/lib/pki/pki-tomcat/ca/webapps
2019-07-08 03:58:07 pkispawn : INFO ....... setting ownerships, permissions, and
acls on '/var/lib/pki/pki-tomcat/ca/webapps'
2019-07-08 03:58:07 nssdb : INFO Creating NSS database
2019-07-08 03:58:07 pki.server : INFO Loading instance: pki-tomcat
2019-07-08 03:58:07 pki.server : INFO Loading instance registry:
/etc/dogtag/tomcat/pki-tomcat/pki-tomcat
2019-07-08 03:58:07 pki.server : INFO Loading subsystem: ca
2019-07-08 03:58:07 pki.server : INFO Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg
2019-07-08 03:58:07 nssdb : INFO Creating password config:
/etc/pki/pki-tomcat/password.conf
2019-07-08 03:58:07 nssdb : INFO Creating password file:
/etc/pki/pki-tomcat/pfile
2019-07-08 03:58:07 pkispawn : INFO ....... modifying
'/etc/pki/pki-tomcat/password.conf'
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/etc/pki/pki-tomcat/password.conf
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/etc/pki/pki-tomcat/password.conf
2019-07-08 03:58:07 pkispawn : INFO ....... executing 'certutil -N -d
/etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile'
2019-07-08 03:58:07 pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile
2019-07-08 03:58:07 pki.server : INFO Getting signing cert info for ca from CS.cfg
2019-07-08 03:58:07 pki.server : INFO Getting ocsp_signing cert info for ca from
CS.cfg
2019-07-08 03:58:07 pki.server : INFO Getting sslserver cert info for ca from
CS.cfg
2019-07-08 03:58:07 pki.server : INFO Getting subsystem cert info for ca from
CS.cfg
2019-07-08 03:58:07 pki.server : INFO Getting audit_signing cert info for ca from
CS.cfg
2019-07-08 03:58:07 pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 755
/root/.dogtag/pki-tomcat/ca
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 0:0
/root/.dogtag/pki-tomcat/ca
2019-07-08 03:58:07 nssdb : INFO Creating password file:
/root/.dogtag/pki-tomcat/ca/password.conf
2019-07-08 03:58:07 pkispawn : INFO ....... modifying
'/root/.dogtag/pki-tomcat/ca/password.conf'
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/root/.dogtag/pki-tomcat/ca/password.conf
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 0:0
/root/.dogtag/pki-tomcat/ca/password.conf
2019-07-08 03:58:07 pkispawn : INFO ....... generating
'/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
2019-07-08 03:58:07 pkispawn : INFO ....... modifying
'/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 660
/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 111:117
/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
2019-07-08 03:58:07 pkispawn : INFO ....... mkdir -p
/root/.dogtag/pki-tomcat/ca/alias
2019-07-08 03:58:07 pkispawn : DEBUG ........... chmod 770
/root/.dogtag/pki-tomcat/ca/alias
2019-07-08 03:58:07 pkispawn : DEBUG ........... chown 0:0
/root/.dogtag/pki-tomcat/ca/alias
2019-07-08 03:58:07 pkispawn : INFO ....... executing 'certutil -N -d
/root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf'
2019-07-08 03:58:07 selinux : INFO SELinux disabled
2019-07-08 03:58:07 keygen : INFO Generating keys
2019-07-08 03:58:07 pki.server : INFO Loading instance: pki-tomcat
2019-07-08 03:58:07 pki.server : INFO Loading instance registry:
/etc/dogtag/tomcat/pki-tomcat/pki-tomcat
2019-07-08 03:58:07 pki.server : INFO Loading password config:
/etc/pki/pki-tomcat/password.conf
2019-07-08 03:58:07 pki.server : INFO Loading subsystem: ca
2019-07-08 03:58:07 pki.server : INFO Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg
2019-07-08 03:58:07 pki.server : INFO Getting signing cert info for ca from CS.cfg
2019-07-08 03:58:07 pki.server : INFO Getting signing cert info for ca from NSS
database
2019-07-08 03:58:07 pki.nssdb : DEBUG Command: certutil -L -d
/var/lib/pki/pki-tomcat/alias -f /tmp/tmpQ8ZCeb/password.txt -n caSigningCert cert-pki-ca
-a
2019-07-08 03:58:07 keygen : INFO Generating ca_signing CSR in /root/ipa.csr
2019-07-08 03:58:07 pki.nssdb : DEBUG Command: openssl rand -out
/tmp/tmpv1RVD7/noise.bin 2048
2019-07-08 03:58:07 pki.nssdb : DEBUG Command: certutil -R -d
/var/lib/pki/pki-tomcat/alias -f /tmp/tmpv1RVD7/password.txt -s CN=Certificate
Authority,O=EXAMPLE.COM -o /tmp/tmpv1RVD7/request.bin -z /tmp/tmpv1RVD7/noise.bin -k rsa
-g 2048 -Z SHA256 --keyUsage
certSigning,crlSigning,critical,digitalSignature,nonRepudiation -2
2019-07-08 03:58:07 pkispawn : DEBUG ....... Error Type: CalledProcessError
2019-07-08 03:58:07 pkispawn : DEBUG ....... Error Message: Command
'['BtoA', '/tmp/tmpv1RVD7/request.bin',
'/tmp/tmpv1RVD7/request.b64']' returned non-zero exit status 1
2019-07-08 03:58:07 pkispawn : DEBUG ....... File
"/usr/lib/python2.7/dist-packages/pki/server/pkispawn.py", line 546, in main
scriptlet.spawn(deployer)
File
"/usr/lib/python2.7/dist-packages/pki/server/deployment/scriptlets/keygen.py",
line 468, in spawn
self.generate_system_cert_requests(deployer, subsystem)
File
"/usr/lib/python2.7/dist-packages/pki/server/deployment/scriptlets/keygen.py",
line 433, in generate_system_cert_requests
self.generate_ca_signing_csr(deployer, subsystem)
File
"/usr/lib/python2.7/dist-packages/pki/server/deployment/scriptlets/keygen.py",
line 176, in generate_ca_signing_csr
generic_exts=generic_exts
File
"/usr/lib/python2.7/dist-packages/pki/server/deployment/scriptlets/keygen.py",
line 113, in generate_csr
generic_exts=generic_exts)
File "/usr/lib/python2.7/dist-packages/pki/nssdb.py", line 613, in
create_request
'BtoA', binary_request_file, b64_request_file])
File "/usr/lib/python2.7/subprocess.py", line 190, in check_call
raise CalledProcessError(retcode, cmd)
Thanks.