MERCIER Jonathan via FreeIPA-users wrote:
Dear,
On Rocky Linux 8.4 I fail to install ipa server,
firstly I encounter the issue describe here:
https://lists.fedorahosted.org/archives/list/tfreeipa-users@lists.fedorah...
Broken link?
So as workaround I have removed these two lines from
/etc/crypto-policies/back-ends/nss.config:
name=p11-kit-proxy
library=p11-kit-proxy.so
And I have downgrade 389-ds-base:
dnf downgrade -y 389-ds-base
Why?
With this workaround I getting rid of the error:
--> usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
This message is mostly harmless AFAIR.
while evrything seemms to be fine the command `ipa-server-install`
end with a timeout ----> waiting for CA subsystem to start
I checked I see any error with this command:
find /var/log/pki/pki-tomcat -name '*.log' | xargs cat
Umm, I'd suggest looking at the pki debug log directly, from the top
down, looking for issues.
And both pkcsslotd, pki-tomcatd@pki-tomcat servicess seems to run
without error.
tomcat is a servlet runner so it's very possible for it to be running
and not running the configured servlets (e.g. the CA).
What hardware is this? CPU, RAM?
rob