FreeIPA 4.1.1 Fedora 21is not working

Question

I am trying to install FreeIPA 4.1.1 on Fedora 21

yum install freeipa-*
ipa-server-install

Error during the installation:

[10/27]: importing CA chain to RA certificate database
[error] RuntimeError: Unable to retrieve CA chain: request failed with HTTP status 404
Unable to retrieve CA chain: request failed with HTTP status 404

logs in ipaserver-install.log

2014-12-08T13:34:17Z DEBUG   File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 642, in run_script
    return_value = main_function()

  File "/sbin/ipa-server-install", line 1181, in main
    ca_signing_algorithm=options.ca_signing_algorithm)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 518, in configure_instance
    self.start_creation(runtime=210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 382, in start_creation
    run_step(full_msg, method)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 372, in run_step
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1066, in __import_ca_chain
    chain = self.__get_ca_chain()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1048, in __get_ca_chain
    raise RuntimeError("Unable to retrieve CA chain: %s" % str(e))

2014-12-08T13:34:17Z DEBUG The ipa-server-install command failed, exception: RuntimeError: Unable to retrieve CA chain: request failed with HTTP status 404

Is there a way to get it FreeIPA installed?

score 1 · Answer 1 · answered Dec 08 '14 at 20:43

1

The installation should obviously work on normal conditions, I am curious what is the root cause in your case. I would recommend couple directions for invesetigation:

Check in ipaserver-install.log that the installer is talking to the right hostname
Check that PKI service (systemctl status pki-tomcatd@pki-tomcat.service) is running when the installer crashed - check for any SELinux AVCs in audit.log or other failures that may have prevented pki-tomcatd service from starting.

answered Dec 08 '14 at 20:43

Martin Kosek

386
1
3

Yes, It seems that the installation is not reading the right host but how should I configure it? I follow up on the installation process as in the wiki .
```
comm="pki-tomcatd@pki-tomcat" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
```
– Dina Abu-khader Dec 09 '14 at 09:55

score 0 · Answer 2 · answered Dec 09 '14 at 13:36

0

Some of the required FreeIPA ports were in use by another services. Make sure to have these ports only for Freeipa

TCP : 80, 443 , 636, 8080, 389

answered Dec 09 '14 at 13:36

Dina Abu-khader

141
2
2
7

FreeIPA 4.1.1 Fedora 21is not working

2 Answers2