Analysis of the issue is in BZ comment 5
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1196455
Description of problem: having errors while running RHEL 7.1 ipa-server-install after the CA restart this the error described in bz 1158410 - ipa-server-install failing with error message - CA did not start in 300.0s the error message returned by ipa-server-install in step 2015-02-26T00:11:02Z DEBUG [8/27]: starting certificate server instance ... 2015-02-26T00:16:07Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0s is confusing because the CA is perfectly up and running as per the previous step 3/26 until the begining of step8/27 2015-02-26T00:11:00Z DEBUG completed creating ca instance and manually reading the CA status works: openssl s_client -connect ipaserver1.example.com:8443 ... GET /ca/admin/ca/getStatus HTTP/1.0 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Content-Length: 167 Date: Thu, 26 Feb 2015 00:59:13 GMT Connection: close <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</St ate><Type>CA</Type><Status>running</Status><Version>10.1.2-7.el7</Version></XML Response>closed the CA is up and running, the problem is wait_for_open_ports in /usr/lib/python2.7/site-packages/ipapython/ipautil.py seem to fail using the TLS range and TLSv1.2 so the message " ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0s" is misleading, it is more like the script cold not connect to the CA, for some reason, and timed out. less /var/log/ipaserver-install.log ... 2015-02-26T00:11:02Z DEBUG [8/27]: starting certificate server instance 2015-02-26T00:11:02Z DEBUG Starting external process 2015-02-26T00:11:02Z DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd.target' 2015-02-26T00:11:02Z DEBUG Process finished, return code=0 2015-02-26T00:11:02Z DEBUG stdout= 2015-02-26T00:11:02Z DEBUG stderr= 2015-02-26T00:11:02Z DEBUG Starting external process 2015-02-26T00:11:02Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd.target' 2015-02-26T00:11:02Z DEBUG Process finished, return code=0 2015-02-26T00:11:02Z DEBUG stdout=active 2015-02-26T00:11:02Z DEBUG stderr= 2015-02-26T00:11:02Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2015-02-26T00:11:06Z DEBUG The httpd proxy is not installed, wait on local port 2015-02-26T00:11:06Z DEBUG Waiting until the CA is running 2015-02-26T00:11:06Z DEBUG request 'https://ipaserver1-example-com:8443/ca/admin/ca/getStatus' 2015-02-26T00:11:06Z DEBUG request body '' 2015-02-26T00:11:06Z DEBUG The CA status is: check interrupted 2015-02-26T00:11:06Z DEBUG Waiting for CA to start... and loop until failing: 2015-02-26T00:16:07Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0s (END) Version-Release number of selected component (if applicable): Red Hat Enterprise Linux Server release 7.1 (Maipo) Linux ipaserver1.example.com 3.10.0-229.el7.x86_64 #1 SMP Thu Jan 29 18:37:38 EST 2015 x86_64 x86_64 x86_64 GNU/Linux 389-ds-base-1.3.3.1-13.el7.x86_64 ipa-server-4.1.0-18.el7.x86_64 sssd-1.12.2-58.el7.x86_64 krb5-server-1.12.2-14.el7.x86_64 nss-3.16.2.3-5.el7.x86_64 nspr-4.10.6-3.el7.x86_64 pki-ca-10.1.2-7.el7.noarch bind-dyndb-ldap-6.0-2.el7.x86_64 httpd-2.4.6-31.el7.x86_64 jss-4.2.6-35.el7.x86_64 from http://download.devel.redhat.com/rel-eng/latest-RHEL-7/compose/Server/x86_64/os / on Wed Feb 25 17:15:10 PST 2015 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Isn't this duplicate of #4676? mbasti was investigating it originally.
This is not duplicate, IIUC here wrong domain name is used, in #4676 a right domain name was used.
It isn't duplicate. ipa-server-install uses the machine's old hostname for obtaining CA status. It obviously fails.
master:
Metadata Update from @pvoborni: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.