Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1018804
Description of problem: Do an uninstall and re-install of ipa server and it looks like it's hanging on the re-install at: 2013-10-11T17:06:47Z DEBUG [8/22]: importing CA chain to RA certificate database Version-Release number of selected component (if applicable): ipa-server-3.3.2-2.el7.x86_64. How reproducible: always Steps to Reproduce: 1. Install ipa server 2. uninstall 3. reinstall Actual results: reinstall hangs Expected results: reinstall successfully Additional info: # ps -ef|grep ipa-server-install root 12209 4969 0 15:51 pts/0 00:00:00 grep --color=auto ipa-server-install root 15046 18725 0 13:05 ? 00:00:03 /usr/bin/python -E /usr/sbin/ipa-server-install --setup-dns --no-forwarder -p Secret123 -P Secret123 -a Secret123 -r TESTRELM.COM -n testrelm.com --ip-address=10.16.98.182 --hostname=ipaqa64vma.testrelm.com -U # date Fri Oct 11 15:54:54 EDT 2013 # tail /var/log/ipaserver-install.log 2013-10-11T17:06:46Z DEBUG The httpd proxy is not installed, skipping wait for CA 2013-10-11T17:06:46Z DEBUG duration: 4 seconds 2013-10-11T17:06:46Z DEBUG [7/22]: creating RA agent certificate database 2013-10-11T17:06:46Z DEBUG Starting external process 2013-10-11T17:06:46Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -N 2013-10-11T17:06:47Z DEBUG Process finished, return code=0 2013-10-11T17:06:47Z DEBUG stdout= 2013-10-11T17:06:47Z DEBUG stderr= 2013-10-11T17:06:47Z DEBUG duration: 0 seconds 2013-10-11T17:06:47Z DEBUG [8/22]: importing CA chain to RA certificate database >From the previous ipaserver-uninstall.log, this was the only thing that stood out: Uninstalling CA from /var/lib/pki/pki-tomcat. Uninstallation complete. 2013-10-11T17:04:24Z DEBUG stderr=pkidestroy : WARNING ....... this 'CA' entry will NOT be deleted fr om security domain 'IPA'! pkidestroy : WARNING ....... security domain 'IPA' may be offline or unreachable! pkidestroy : ERROR ....... subprocess.CalledProcessError: Command '/usr/bin/sslget -n 'subsystemCe rt cert-pki-ca' -p '588648796016' -d '/etc/pki/pki-tomcat/alias' -e 'name="/var/lib/pki/pki-tomcat"&typ e=CA&list=caList&host=ipaqa64vma.testrelm.com&sport=443&ncsport=8443&adminsport =8443&agentsport=8443&op eration=remove' -v -r '/ca/agent/ca/updateDomainXML' ipaqa64vma.testrelm.com:443 2>&1' returned non-zer o exit status 6! # strace -p 15046 Process 15046 attached recvfrom(5,
attachment freeipa-mkosek-431-installer-should-always-wait-until-ca-starts-up.patch
Patch freeipa-mkosek-431-installer-should-always-wait-until-ca-starts-up.patch sent for review
Critical issue in 3.3.x, autotriaging.
master: dd3295a[[BR]] ipa-3-3: 122d5ce
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)
Login to comment on this ticket.