On 11.12.2020 14.58, iulian roman via FreeIPA-users wrote:
Hi Timo,Thanks for the update. I have tried with new package versions (there is a dependency as well on libjboss-annotations-1.2-api-java which needs to be installed from freeipa staging ppa) , but the installation fails in the same step (it fails to configure/start the CA): 2020-12-11T12:49:09Z DEBUG stderr=pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255! pkispawn : ERROR ........... server did not start after 60s pkispawn : ERROR ....... server failed to restart 2020-12-11T12:49:09Z CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp9GMIPC'] returned non-zero exit status 1: u"pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR ........... server did not start after 60s\npkispawn : ERROR ....... server failed to restart\n") 2020-12-11T12:49:09Z CRITICAL See the installation logs and the following files/directories for more information: 2020-12-11T12:49:09Z CRITICAL /var/log/pki/pki-tomcat 2020-12-11T12:49:09Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 603, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 589, in run_step method() File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 696, in __spawn_instance pki_pin) File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py", line 167, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py", line 415, in handle_setup_error raise RuntimeError("%s configuration failed." % self.subsystem) RuntimeError: CA configuration failed. 2020-12-11T12:49:09Z DEBUG [error] RuntimeError: CA configuration failed. 2020-12-11T12:49:09Z DEBUG Removing /root/.dogtag/pki-tomcat/ca Any idea how that can be fixed ?
I guess you got hit by the openjdk8 update as well, so downgrade it by running 'apt install openjdk-8-jre-headless=8u162-b12-1' and then try again.
I've managed to get the server working on 20.04 (without bind9) but updating java breaks it there too, and while bumping libjss to current v4.6.x branch should help it only fails the setup later (requesting RA cert).
And the breakage with current packages in Debian unstable is probably caused by making Dogtag 10.10 to essentially require system-wide crypto-policies which aren't used on Debian...
-- t _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
