IPA Replica installation failed with "The ipa-replica-install command failed, exception: RuntimeError: CA did not start in 300.0s 2022-09-02T18:42:36Z ERROR CA did not start in 300.0s"
Hi Team,
i have tried installation for multiple times but i faced same issue
=======================
Replica Installation:
[root@dirpav01 ~]# ipa-replica-install -n ipa.subdomain.com --hostname=dirpav01.ipa.subdomain.com --server=aaa01.ipa.subdomain.com --realm=IPA.SUBDOMAIN.COM -P admin -w Adm@onm0# --no-host-dns --setup-ca --setup-dns --mkhomedir --auto-reverse --no-forwarders
Configuring client side components
Client hostname: dirpav01.ipa.subdomain.com
Realm: IPA.SUBDOMAIN.COM
DNS Domain: ipa.subdomain.com
IPA Server: aaa01.ipa.subdomain.com
BaseDN: dc=ipa,dc=subdomain,dc=com
Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=IPA.SUBDOMAIN.COM
Issuer: CN=Certificate Authority,O=IPA.SUBDOMAIN.COM
Valid From: 2018-04-12 14:15:30
Valid Until: 2038-04-12 14:15:30
Enrolled in IPA realm IPA.SUBDOMAIN.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm IPA.SUBDOMAIN.COM
trying https://aaa01.ipa.subdomain.com/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://aaa01.ipa.subdomain.com/ipa/json'
trying https://aaa01.ipa.subdomain.com/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://aaa01.ipa.subdomain.com/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://aaa01.ipa.subdomain.com/ipa/session/json'
Systemwide CA database updated.
DNS query for dirpav01.ipa.subdomain.com. A failed: The DNS operation timed out after 30.0018370152 seconds
DNS resolution for hostname dirpav01.ipa.subdomain.com failed: The DNS operation timed out after 30.0018370152 seconds
Failed to update DNS records.
Missing A/AAAA record(s) for host dirpav01.ipa.subdomain.com: 10.26.60.179.
Missing reverse record(s) for address(es): 10.26.60.179.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://aaa01.ipa.subdomain.com/ipa/session/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring ipa.subdomain.com as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
Warning: skipping DNS resolution of host dirpav01.ipa.subdomain.com
Warning: skipping DNS resolution of host aaa01.ipa.subdomain.com
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
[1/42]: creating directory server instance
[2/42]: enabling ldapi
[3/42]: configure autobind for root
[4/42]: stopping directory server
[5/42]: updating configuration in dse.ldif
[6/42]: starting directory server
[7/42]: adding default schema
[8/42]: enabling memberof plugin
[9/42]: enabling winsync plugin
[10/42]: configure password logging
[11/42]: configuring replication version plugin
[12/42]: enabling IPA enrollment plugin
[13/42]: configuring uniqueness plugin
[14/42]: configuring uuid plugin
[15/42]: configuring modrdn plugin
[16/42]: configuring DNS plugin
[17/42]: enabling entryUSN plugin
[18/42]: configuring lockout plugin
[19/42]: configuring topology plugin
[20/42]: creating indices
[21/42]: enabling referential integrity plugin
[22/42]: configuring certmap.conf
[23/42]: configure new location for managed entries
[24/42]: configure dirsrv ccache
[25/42]: enabling SASL mapping fallback
[26/42]: restarting directory server
[27/42]: creating DS keytab
[28/42]: ignore time skew for initial replication
[29/42]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 31 seconds elapsed
Update succeeded
[30/42]: prevent time skew after initial replication
[31/42]: adding sasl mappings to the directory
[32/42]: updating schema
[33/42]: setting Auto Member configuration
[34/42]: enabling S4U2Proxy delegation
[35/42]: initializing group membership
[36/42]: adding master entry
[37/42]: initializing domain level
[38/42]: configuring Posix uid/gid generation
[39/42]: adding replication acis
[40/42]: activating sidgen plugin
[41/42]: activating extdom plugin
[42/42]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
[1/5]: configuring KDC
[2/5]: adding the password extension to the directory
[3/5]: creating anonymous principal
[4/5]: starting the KDC
[5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
[1/3]: configuring TLS for DS instance
[2/3]: importing CA certificates from LDAP
[3/3]: restarting directory server
Done configuring directory server (dirsrv).
Configuring the web interface (httpd)
[1/22]: stopping httpd
[2/22]: setting mod_nss port to 443
[3/22]: setting mod_nss cipher suite
[4/22]: setting mod_nss protocol list to TLSv1.2
[5/22]: setting mod_nss password file
[6/22]: enabling mod_nss renegotiate
[7/22]: disabling mod_nss OCSP
[8/22]: adding URL rewriting rules
[9/22]: configuring httpd
[10/22]: setting up httpd keytab
[11/22]: configuring Gssproxy
[12/22]: setting up ssl
[13/22]: configure certmonger for renewals
[14/22]: importing CA certificates from LDAP
[15/22]: publish CA cert
[16/22]: clean up any existing httpd ccaches
[17/22]: configuring SELinux for httpd
[18/22]: create KDC proxy config
[19/22]: enable KDC proxy
[20/22]: starting httpd
[21/22]: configuring httpd to start on boot
[22/22]: enabling oddjobd
Done configuring the web interface (httpd).
Configuring ipa-otpd
[1/2]: starting ipa-otpd
[2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Configuring ipa-custodia
[1/4]: Generating ipa-custodia config file
[2/4]: Generating ipa-custodia keys
[3/4]: starting ipa-custodia
[4/4]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/30]: creating certificate server db
[2/30]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 30 seconds elapsed
Update succeeded
[3/30]: creating ACIs for admin
[4/30]: creating installation admin user
[5/30]: configuring certificate server instance
[6/30]: secure AJP connector
[7/30]: reindex attributes
[8/30]: exporting Dogtag certificate store pin
[9/30]: stopping certificate server instance to update CS.cfg
[10/30]: backing up CS.cfg
[11/30]: disabling nonces
[12/30]: set up CRL publishing
[13/30]: enable PKIX certificate path discovery and validation
[14/30]: destroying installation admin user
[15/30]: starting certificate server instance
[16/30]: Finalize replication settings
[17/30]: configure certmonger for renewals
[18/30]: Importing RA key
[19/30]: setting audit signing renewal to 2 years
[20/30]: restarting certificate server
[21/30]: authorizing RA to modify profiles
[22/30]: authorizing RA to manage lightweight CAs
[23/30]: Ensure lightweight CAs container exists
[24/30]: configure certificate renewals
[25/30]: configure Server-Cert certificate renewal
[26/30]: Configure HTTP to proxy connections
[27/30]: restarting certificate server
[28/30]: updating IPA configuration
[29/30]: enabling CA instance
[30/30]: configuring certmonger renewal for lightweight CAs
Done configuring certificate server (pki-tomcatd).
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR CA did not start in 300.0s
ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
[root@dirpav01 ~]#
================================
/var/log/pki/pki-tomcat/ca/debug
[02/Sep/2022:20:41:02][localhost-startStop-1]: SSLClientCertificateSelectionCB: Setting desired cert nickname to: subsystemCert cert-pki-ca
[02/Sep/2022:20:41:02][localhost-startStop-1]: ldapconn/PKISocketFactory.makeSSLSocket: set client auth cert nickname subsystemCert cert-pki-ca
[02/Sep/2022:20:41:02][localhost-startStop-1]: SSLClientCertificatSelectionCB: Entering!
[02/Sep/2022:20:41:02][localhost-startStop-1]: Candidate cert: ocspSigningCert cert-pki-ca
[02/Sep/2022:20:41:02][localhost-startStop-1]: Candidate cert: subsystemCert cert-pki-ca
[02/Sep/2022:20:41:02][localhost-startStop-1]: SSLClientCertificateSelectionCB: desired cert found in list: subsystemCert cert-pki-ca
[02/Sep/2022:20:41:02][localhost-startStop-1]: SSLClientCertificateSelectionCB: returning: subsystemCert cert-pki-ca
[02/Sep/2022:20:41:02][localhost-startStop-1]: PKIClientSocketListener.handshakeCompleted: begins
[02/Sep/2022:20:41:02][localhost-startStop-1]: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH
[02/Sep/2022:20:41:02][localhost-startStop-1]: PKIClientSocketListener.handshakeCompleted: CS_CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS
[02/Sep/2022:20:41:02][localhost-startStop-1]: PKIClientSocketListener.handshakeCompleted: clientIP=10.26.60.179 serverIP=10.26.60.179 serverPort=31746
[02/Sep/2022:20:41:02][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host dirpav01.ipa.subdomain.com port 636 Error netscape.ldap.LDAPException: Authentication failed (48)
at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:667)
at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1054)
at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:960)
at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:566)
at com.netscape.certsrv.apps.CMS.init(CMS.java:194)
at com.netscape.certsrv.apps.CMS.start(CMS.java:1461)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1218)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1174)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1066)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5377)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5669)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
Internal Database Error encountered: Could not connect to LDAP server host dirpav01.ipa.subdomain.com port 636 Error netscape.ldap.LDAPException: Authentication failed (48)
at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:689)
at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1054)
at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:960)
at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:566)
at com.netscape.certsrv.apps.CMS.init(CMS.java:194)
at com.netscape.certsrv.apps.CMS.start(CMS.java:1461)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:117)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1218)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1174)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1066)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5377)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5669)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
[02/Sep/2022:20:41:02][localhost-startStop-1]: CMS.start(): shutdown server
[root@dirpav01 ~]#
================================
/var/log/ipareplica-install.log
"""
---
2022-09-02T18:42:31Z DEBUG response body 'Apache Tomcat/7.0.76 - Error report
HTTP Status 500 - Subsystem unavailable
type Exception report
message Subsystem unavailable
description The server encountered an internal error that prevented it from fulfilling this request.
exception
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\torg.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)\n\torg.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:750)\n
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.76 logs.
Apache Tomcat/7.0.76
'
2022-09-02T18:42:31Z DEBUG The CA status is: check interrupted due to error: Retrieving CA status failed with status 500
2022-09-02T18:42:31Z DEBUG Waiting for CA to start...
2022-09-02T18:42:32Z DEBUG request POST http://dirpav01.ipa.subdomain.com:8080/ca/admin/ca/getStatus
2022-09-02T18:42:32Z DEBUG request body ''
2022-09-02T18:42:32Z DEBUG response status 500
2022-09-02T18:42:32Z DEBUG response headers Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 2208
Date: Fri, 02 Sep 2022 18:42:32 GMT
Connection: close
2022-09-02T18:42:32Z DEBUG response body 'Apache Tomcat/7.0.76 - Error report
HTTP Status 500 - Subsystem unavailable
type Exception report
message Subsystem unavailable
description The server encountered an internal error that prevented it from fulfilling this request.
exception
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\torg.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)\n\torg.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:750)\n
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.76 logs.
Apache Tomcat/7.0.76
'
2022-09-02T18:42:32Z DEBUG The CA status is: check interrupted due to error: Retrieving CA status failed with status 500
2022-09-02T18:42:32Z DEBUG Waiting for CA to start...
2022-09-02T18:42:33Z DEBUG request POST http://dirpav01.ipa.subdomain.com:8080/ca/admin/ca/getStatus
2022-09-02T18:42:33Z DEBUG request body ''
2022-09-02T18:42:34Z DEBUG response status 500
2022-09-02T18:42:34Z DEBUG response headers Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 2208
Date: Fri, 02 Sep 2022 18:42:34 GMT
Connection: close
2022-09-02T18:42:34Z DEBUG response body 'Apache Tomcat/7.0.76 - Error report
HTTP Status 500 - Subsystem unavailable
type Exception report
message Subsystem unavailable
description The server encountered an internal error that prevented it from fulfilling this request.
exception
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\torg.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)\n\torg.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:750)\n
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.76 logs.
Apache Tomcat/7.0.76
'
2022-09-02T18:42:34Z DEBUG The CA status is: check interrupted due to error: Retrieving CA status failed with status 500
2022-09-02T18:42:34Z DEBUG Waiting for CA to start...
2022-09-02T18:42:35Z DEBUG request POST http://dirpav01.ipa.subdomain.com:8080/ca/admin/ca/getStatus
2022-09-02T18:42:35Z DEBUG request body ''
2022-09-02T18:42:35Z DEBUG response status 500
2022-09-02T18:42:35Z DEBUG response headers Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 2208
Date: Fri, 02 Sep 2022 18:42:35 GMT
Connection: close
2022-09-02T18:42:35Z DEBUG response body 'Apache Tomcat/7.0.76 - Error report
HTTP Status 500 - Subsystem unavailable
type Exception report
message Subsystem unavailable
description The server encountered an internal error that prevented it from fulfilling this request.
exception
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\torg.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)\n\torg.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:750)\n
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.76 logs.
Apache Tomcat/7.0.76
'
2022-09-02T18:42:35Z DEBUG The CA status is: check interrupted due to error: Retrieving CA status failed with status 500
2022-09-02T18:42:35Z DEBUG Waiting for CA to start...
2022-09-02T18:42:36Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run --->
return cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run
return self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init.py", line 629, in main
replica_install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 408, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1568, in install
ca.install(False, config, options, custodia=custodia)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 255, in install
install_step_1(standalone, replica_config, options, custodia=custodia)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 391, in install_step_1
ca.start('pki-tomcat')
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 464, in start
self.service.start(instance_name, capture_output=capture_output, wait=wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 192, in start
self.wait_until_running()
File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 186, in wait_until_running
raise RuntimeError('CA did not start in %ss' % timeout)
2022-09-02T18:42:36Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: CA did not start in 300.0s
2022-09-02T18:42:36Z ERROR CA did not start in 300.0s
2022-09-02T18:42:36Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
[root@dirpav01 ~]#
"""
Sai
Responses