When installing FreeIPA on Fedora (updates-testing), sometimes /usr/sbin/pkispawn -s CA fails with the following error (from /var/log/pki/pki-ca-spawn.20130830154223.log):
/usr/sbin/pkispawn -s CA
/var/log/pki/pki-ca-spawn.20130830154223.log
... 2013-08-30 15:43:54 pkispawn : INFO ... generating 'pki.deployment.security_databases' 2013-08-30 15:43:54 pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/password.conf' 2013-08-30 15:43:54 pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/pfile' 2013-08-30 15:43:54 pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/password.conf' 2013-08-30 15:43:54 pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/password.conf 2013-08-30 15:43:54 pkispawn : DEBUG ........... chown 497:497 /etc/pki/pki-tomcat/password.conf 2013-08-30 15:43:54 pkispawn : INFO ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile' 2013-08-30 15:43:54 pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/cert8.db' 2013-08-30 15:43:54 pkispawn : DEBUG ........... chmod 600 /etc/pki/pki-tomcat/alias/cert8.db 2013-08-30 15:43:54 pkispawn : DEBUG ........... chown 497:497 /etc/pki/pki-tomcat/alias/cert8.db 2013-08-30 15:43:54 pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/key3.db' 2013-08-30 15:43:54 pkispawn : DEBUG ........... chmod 600 /etc/pki/pki-tomcat/alias/key3.db 2013-08-30 15:43:54 pkispawn : DEBUG ........... chown 497:497 /etc/pki/pki-tomcat/alias/key3.db 2013-08-30 15:43:54 pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/secmod.db' 2013-08-30 15:43:54 pkispawn : DEBUG ........... chmod 600 /etc/pki/pki-tomcat/alias/secmod.db 2013-08-30 15:43:54 pkispawn : DEBUG ........... chown 497:497 /etc/pki/pki-tomcat/alias/secmod.db 2013-08-30 15:43:54 pkispawn : INFO ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it with '1024' random bytes 2013-08-30 15:43:54 pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/ca/noise 2013-08-30 15:43:54 pkispawn : DEBUG ........... chown 497:497 /etc/pki/pki-tomcat/ca/noise 2013-08-30 15:43:54 pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h 'internal' -n 'Server-Cert cert-pki-ca' -s 'cn=vm-194.idm.lab.eng.brq.redhat.com,o=2013-08-30 15:43:54' -m 0 -v 12 -c 'cn=vm-194.idm.lab.eng.brq.redhat.com,o=2013-08-30 15:43:54' -t 'CTu,CTu,CTu' -z /etc/pki/pki-tomcat/ca/noise -f /etc/pki/pki-tomcat/pfile -x > /dev/null 2>&1' 2013-08-30 15:43:55 pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise 2013-08-30 15:43:55 pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile 2013-08-30 15:43:55 pkispawn : INFO ... configuring 'pki.deployment.configuration' 2013-08-30 15:43:55 pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca 2013-08-30 15:43:55 pkispawn : DEBUG ........... chmod 755 /root/.dogtag/pki-tomcat/ca 2013-08-30 15:43:55 pkispawn : DEBUG ........... chown 0:0 /root/.dogtag/pki-tomcat/ca 2013-08-30 15:43:55 pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf' 2013-08-30 15:43:55 pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf' 2013-08-30 15:43:55 pkispawn : DEBUG ........... chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf 2013-08-30 15:43:55 pkispawn : DEBUG ........... chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf 2013-08-30 15:43:55 pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' 2013-08-30 15:43:55 pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' 2013-08-30 15:43:55 pkispawn : DEBUG ........... chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf 2013-08-30 15:43:55 pkispawn : DEBUG ........... chown 497:497 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf 2013-08-30 15:43:55 pkispawn : INFO ....... executing 'certutil -N -d /tmp/tmp-vKKcbA -f /root/.dogtag/pki-tomcat/ca/password.conf' 2013-08-30 15:43:55 pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service 2013-08-30 15:43:55 pkispawn : DEBUG ........... chown -h 497:497 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service 2013-08-30 15:43:55 pkispawn : INFO ....... executing 'systemctl start pki-tomcatd@pki-tomcat.service' 2013-08-30 15:43:55 pkispawn : DEBUG ....... Error Type: ProxyError 2013-08-30 15:43:55 pkispawn : DEBUG ....... Error Message: Cannot connect to proxy. Socket error: [Errno 111] Connection refused. 2013-08-30 15:43:55 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 374, in main rv = instance.spawn() File "/usr/lib/python2.7/site-packages/pki/deployment/configuration.py", line 98, in spawn status = util.instance.wait_for_startup(60) File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py", line 1023, in wait_for_startup status = self.get_instance_status() File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py", line 1007, in get_instance_status response = client.getStatus() File "/usr/lib/python2.7/site-packages/pki/system.py", line 91, in getStatus self.connection.subsystem + '/getStatus') File "/usr/lib/python2.7/site-packages/pki/client.py", line 54, in get headers=headers) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 347, in get return self.request('GET', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 335, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 438, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 292, in send timeout=timeout File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 459, in urlopen body=body, headers=headers) File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 314, in _make_request conn.request(method, url, **httplib_request_kw) File "/usr/lib64/python2.7/httplib.py", line 973, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1007, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/httplib.py", line 969, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 829, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 791, in send self.connect() File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 110, in connect raise ProxyError('Cannot connect to proxy. Socket error: %s.' % e)
I am uncertain what platform was used for this ticket?
This exact same stack trace was seen on Fedora 19 (jmagne@redhat.com) when attempting to install a TPS subsystem.
IIRC, development may have been using Fedora 18, so perhaps there is an issue with the version of 'python-urllib3' on Fedora 18 versus Fedora 19?
Additional information:
* Fedora 18: # rpm -q --whatprovides /usr/lib/python2.7/site-packages/urllib3/connectionpool.py python-urllib3-1.5-6.fc18.noarch * Fedora 19: # rpm -q --whatprovides /usr/lib/python2.7/site-packages/urllib3/connectionpool.py python-urllib3-1.7-3.fc19.noarch
Yes, this is Fedora 19. Sorry for the omission.
Downgrading the python-urllib3 resolved this issue for me.
# yum downgrade python-urllib3 python-requests -y
This actually downgrades to the very version in the F18:
---> Package python-requests.noarch 0:1.1.0-4.fc19 will be a downgrade ---> Package python-requests.noarch 0:1.2.3-5.fc19 will be erased ---> Package python-urllib3.noarch 0:1.5-6.fc19 will be a downgrade ---> Package python-urllib3.noarch 0:1.7-3.fc19 will be erased
To ssh://vakwetu@git.fedorahosted.org/git/pki.git 8f0218b..04b71d1 master -> master
To ssh://vakwetu@git.fedorahosted.org/git/pki.git ec05160..c017f30 DOGTAG_10_0_BRANCH -> DOGTAG_10_0_BRANCH
Metadata Update from @pviktori: - Issue assigned to vakwetu - Issue set to the milestone: 10.0.5
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1286
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.