iulian roman via FreeIPA-users wrote:
I suspect this is a red herring. The installer is
likely failing
elsewhere but pkispawn seems to charge on when errors are discovered so
you need to find the first error reported.
It can be. Nevertheless, i have run pkispawn manually with the same parameters
(/usr/sbin/pkispawn -s CA -f /tmp/tmpM6kqkX), and it always fails after the checking phase
:
pkispawn : INFO ........... checking
https://ipa.server.local:8443/ca
Installation failed:
<!doctype html><html lang="en"><head><title>HTTP Status
500 – Internal Server Error</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a
{color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 500 – Internal Server Error</h1><hr class="line"
/><p><b>Type</b> Exception
Report</p><p><b>Message</b> Subsystem
unavailable</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><p><b>Exception</b></p><pre>javax.ws.rs.ServiceUnavailableException:
Subsystem unavailable
com.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:138)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:748)
</pre><p><b>Note</b> The full stack trace of the root cause is
available in the server logs.</p><hr class="line" /><h3>Apache
Tomcat/8.5.39 (Ubuntu)</h3></body></html>
Unfortunately, the only error in the debug.log before Shutting down the CMSEngine in
2020-12-14 17:47:46 [localhost-startStop-1] SEVERE: Unable to start CMS engine: Property
internaldb.ldapconn.port missing value
I tried to look for clues in all the logs , but i couldn't find anything relevant,
apart from the above mentioned error in /var/log/pki/pki-tomcat/ca folder.
That said I don't know how well/if the CA works in Ubuntu these
days, or
what version you're on (or what version of IPA). e.g. I don't know if
the current maintainer of IPA in Ubuntu even has it working.
Ubuntu 18.04 , with freeipa-server 4.7.4 , dogtag 10.6.1 and tomcat 8.5
> rob