search

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
361 stars 134 forks source link

ipa-server-install fails when /etc/pki/pki-tomcat already exists #2709

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #2589. Originally filed by jpazdziora on 2017-02-09 04:43:48:

When /etc/pki/pki-tomcat already exists, running ipa-server-install fails.

Steps to Reproduce:

1. yum install -y ipa-server
2. mkdir /etc/pki/pki-tomcat
3. ipa-server-install -r EXAMPLE.TEST -n example.test -p Secret123 -a Secret123
-U

Actual results:

  [37/47]: adding entries for topology management
  [38/47]: initializing group membership
  [39/47]: adding master entry
  [40/47]: initializing domain level
  [41/47]: configuring Posix uid/gid generation
  [42/47]: adding replication acis
  [43/47]: enabling compatibility plugin
  [44/47]: activating sidgen plugin
  [45/47]: activating extdom plugin
  [46/47]: tuning directory server
  [47/47]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
  [1/31]: creating certificate server user
  [2/31]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA
instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpdoJ4Dm' returned
non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs
and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    CA configuration
failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install
command failed. See /var/log/ipaserver-install.log for more information

The /var/log/ipaserver-install.log ends with

2017-01-03T13:25:15Z DEBUG Starting external process
2017-01-03T13:25:15Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpdoJ4Dm
2017-01-03T13:25:16Z DEBUG Process finished, return code=1
2017-01-03T13:25:16Z DEBUG stdout=Log file:
/var/log/pki/pki-ca-spawn.20170103082515.log
Loading deployment configuration from /tmp/tmpdoJ4Dm.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.

Installation failed: Directory '/etc/pki/pki-tomcat' already exists!

2017-01-03T13:25:16Z DEBUG stderr=pkispawn    : ERROR    ....... Directory
'/etc/pki/pki-tomcat' already exists!

2017-01-03T13:25:16Z CRITICAL Failed to configure CA instance: Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpdoJ4Dm' returned non-zero exit status 1
2017-01-03T13:25:16Z CRITICAL See the installation logs and the following
files/directories for more information:
2017-01-03T13:25:16Z CRITICAL   /var/log/pki/pki-tomcat
2017-01-03T13:25:16Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
590, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 420, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.

2017-01-03T13:25:16Z DEBUG   [error] RuntimeError: CA configuration failed.
2017-01-03T13:25:16Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318,
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310,
in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332,
in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372,
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362,
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359,
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586,
in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372,
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449,
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446,
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362,
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359,
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63,
in _install
    for nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1357, in main
    install(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 267, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 773, in install
    ca.install_step_0(False, None, options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 161, in
install_step_0
    ca_signing_algorithm=options.ca_signing_algorithm)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
437, in configure_instance
    self.start_creation(runtime=210)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
590, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 420, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)

2017-01-03T13:25:16Z DEBUG The ipa-server-install command failed, exception:
RuntimeError: CA configuration failed.
2017-01-03T13:25:16Z ERROR CA configuration failed.
2017-01-03T13:25:16Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information

Expected results:

No error.

Additional info:

This issue causes problem especially in containerized environments when we
might want that directory bind-mounted or symlinked to some volume.

Filing against ipa even if pki* might be the ultimate component, since we
likely want to keep this as dependency for future ipa-server-docker work.
pki-bot commented 3 years ago

Comment from jpazdziora at 2017-02-27 13:59:32

Metadata Update from @jpazdziora:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-03-03 14:49:48

Metadata Update from @mharmsen:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-08-09 12:38:11

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-08-09 12:38:11

Metadata Update from @mharmsen:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-08-31 16:43:45

Metadata Update from @mharmsen:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-08-31 16:44:13

Metadata Update from @mharmsen:

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-10-25 17:12:02

[20171025] - Offline Triage ==> 10.6

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-10-25 17:12:03

Metadata Update from @mharmsen:

pki-bot commented 3 years ago

Comment from cheimes (@tiran) at 2018-02-21 16:02:09

2018-02-21 21:53:52 pkispawn    : ERROR    ....... Directory '/etc/pki/pki-tomcat' already exists!
2018-02-21 21:53:52 pkispawn    : DEBUG    ....... Error Type: Exception
2018-02-21 21:53:52 pkispawn    : DEBUG    ....... Error Message: Directory '/etc/pki/pki-tomcat' already exists!
2018-02-21 21:53:52 pkispawn    : DEBUG    .......   File "/usr/sbin/pkispawn", line 533, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/instance_layout.py", line 57, in spawn
    ignore_cb=file_ignore_callback_src_server)
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 1402, in copy
    log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name)
pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2018-12-05 18:42:55

Metadata Update from @mharmsen: