Translated message

A translation of this page exists in English.

IdM インストールの失敗を引き起こす fapolicy 制限

Solution Verified - Updated -

Issue

fapolicy が実行されている RHEL 8.3 への IdM のインストールに失敗します。
fapolicy がインストール前に停止され、インストール後に開始された場合、pki-tomcat は起動に失敗します。

  • IdM のインストールは次のエラーで失敗します。
[error] RuntimeError: CA configuration failed.
CA configuration failed.
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information.
  • 次のエラーが /var/log/pki/pki-tomcat に表示されます。
2020-11-05 13:20:07 INFO: Creating new security domain
2020-11-05 13:20:07 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg
2020-11-05 13:20:07 INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg
2020-11-05 13:20:07 INFO: Removing existing database
2020-11-05 13:20:07 DEBUG: Command: sudo -u pkiuser /usr/lib/jvm/jre-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug
2020-11-05 13:20:08 ERROR: CalledProcessError: Command '['sudo', '-u', 'pkiuser', '/usr/lib/jvm/jre-openjdk/bin/java', '-classpath', '/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*', '-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory', '-Dcatalina.base=/var/lib/pki/pki-tomcat', '-Dcatalina.home=/usr/share/tomcat', '-Djava.endorsed.dirs=', '-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp', '-Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties', '-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager', '-Dcom.redhat.fips=false', 'org.dogtagpki.server.cli.PKIServerCLI', 'ca-db-remove', '--force', '--debug']' returned non-zero exit status 1.
  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 820, in spawn
    subsystem.remove_database(force=True)
  File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 945, in remove_database
    self.run(cmd, as_current_user=as_current_user)
  File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1137, in run
    subprocess.run(cmd, check=True)
  File "/usr/lib64/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)

Environment

  • Red Hat Enterprise Linux 8.3+
  • Red Hat Enterprise Linux 9
  • IdM
  • Red Hat Certificate System 10
  • fapolicyd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content