Issue #2589: ipa-server-install fails when /etc/pki/pki-tomcat already exists - dogtagpki

dogtagpki

#2589 ipa-server-install fails when /etc/pki/pki-tomcat already exists

Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by jpazdziora.

When /etc/pki/pki-tomcat already exists, running ipa-server-install fails.

Steps to Reproduce:

1. yum install -y ipa-server
2. mkdir /etc/pki/pki-tomcat
3. ipa-server-install -r EXAMPLE.TEST -n example.test -p Secret123 -a Secret123
-U

Actual results:

  [37/47]: adding entries for topology management
  [38/47]: initializing group membership
  [39/47]: adding master entry
  [40/47]: initializing domain level
  [41/47]: configuring Posix uid/gid generation
  [42/47]: adding replication acis
  [43/47]: enabling compatibility plugin
  [44/47]: activating sidgen plugin
  [45/47]: activating extdom plugin
  [46/47]: tuning directory server
  [47/47]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
  [1/31]: creating certificate server user
  [2/31]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA
instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpdoJ4Dm' returned
non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs
and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    CA configuration
failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install
command failed. See /var/log/ipaserver-install.log for more information

The /var/log/ipaserver-install.log ends with

2017-01-03T13:25:15Z DEBUG Starting external process
2017-01-03T13:25:15Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpdoJ4Dm
2017-01-03T13:25:16Z DEBUG Process finished, return code=1
2017-01-03T13:25:16Z DEBUG stdout=Log file:
/var/log/pki/pki-ca-spawn.20170103082515.log
Loading deployment configuration from /tmp/tmpdoJ4Dm.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.

Installation failed: Directory '/etc/pki/pki-tomcat' already exists!


2017-01-03T13:25:16Z DEBUG stderr=pkispawn    : ERROR    ....... Directory
'/etc/pki/pki-tomcat' already exists!

2017-01-03T13:25:16Z CRITICAL Failed to configure CA instance: Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpdoJ4Dm' returned non-zero exit status 1
2017-01-03T13:25:16Z CRITICAL See the installation logs and the following
files/directories for more information:
2017-01-03T13:25:16Z CRITICAL   /var/log/pki/pki-tomcat
2017-01-03T13:25:16Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
590, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 420, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.

2017-01-03T13:25:16Z DEBUG   [error] RuntimeError: CA configuration failed.
2017-01-03T13:25:16Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318,
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310,
in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332,
in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372,
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362,
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359,
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586,
in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372,
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449,
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446,
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362,
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359,
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63,
in _install
    for nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1357, in main
    install(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 267, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 773, in install
    ca.install_step_0(False, None, options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 161, in
install_step_0
    ca_signing_algorithm=options.ca_signing_algorithm)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
437, in configure_instance
    self.start_creation(runtime=210)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
590, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 420, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)

2017-01-03T13:25:16Z DEBUG The ipa-server-install command failed, exception:
RuntimeError: CA configuration failed.
2017-01-03T13:25:16Z ERROR CA configuration failed.
2017-01-03T13:25:16Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information

Expected results:

No error.

Additional info:

This issue causes problem especially in containerized environments when we
might want that directory bind-mounted or symlinked to some volume.

Filing against ipa even if pki* might be the ultimate component, since we
likely want to keep this as dependency for future ipa-server-docker work.

Metadata Update from @jpazdziora:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
- Issue set to the milestone: 10.4 (was: 0.0 NEEDS_TRIAGE)

7 years ago

mharmsen commented 6 years ago

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

Metadata Update from @mharmsen:
- Issue set to the milestone: FUTURE (was: 10.4)

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: FUTURE)

6 years ago

Metadata Update from @mharmsen:
- Custom field lowhangingfruit adjusted to vakwetu: X

6 years ago

mharmsen commented 6 years ago

[20171025] - Offline Triage ==> 10.6

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.6 (was: 10.5)

6 years ago

cheimes commented 6 years ago

2018-02-21 21:53:52 pkispawn    : ERROR    ....... Directory '/etc/pki/pki-tomcat' already exists!
2018-02-21 21:53:52 pkispawn    : DEBUG    ....... Error Type: Exception
2018-02-21 21:53:52 pkispawn    : DEBUG    ....... Error Message: Directory '/etc/pki/pki-tomcat' already exists!
2018-02-21 21:53:52 pkispawn    : DEBUG    .......   File "/usr/sbin/pkispawn", line 533, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/instance_layout.py", line 57, in spawn
    ignore_cb=file_ignore_callback_src_server)
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 1402, in copy
    log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name)

Metadata Update from @mharmsen:
- Issue assigned to edewata
- Issue set to the milestone: 10.5 (was: 10.6)

5 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2709

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

edewata

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.5

lowhangingfruit

vakwetu: X

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1409806

type

defect

version

keywords

None

estimate

None

feature

origin

IPA

proposedpriority

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

component

General

proposedmilestone

dogtagpki

Source Code

#2589 ipa-server-install fails when /etc/pki/pki-tomcat already exists Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by jpazdziora.

Metadata

#2589 ipa-server-install fails when /etc/pki/pki-tomcat already exists

Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by jpazdziora.