← Back to team overview

freeipa team mailing list archive

  1. freeipa team
  2. Mailing list archive
  3. Message #00626

[Bug 1768865] [NEW] freeipa server installation fails on Bionic due to tomcat conflict

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Installing freeipa server fails at configuring certificate server (pki-
tomcatd).

...
Configuring kadmin
  [1/2]: starting kadmin 
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/28]: configuring certificate server instance
ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpGu_KPq'] returned non-zero exit status 1: u"pkispawn    : ERROR    ....... subprocess.CalledProcessError:  Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn    : ERROR    ........... server did not start after 300s\npkispawn    : ERROR    ....... server failed to restart\n")
ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information:
ipaserver.install.dogtaginstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
ipapython.admintool: ERROR    CA configuration failed.
ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Looking more closely in /var/log/pki/pki-tomcat/catalina.out there are a
bunch of java.io.FileNotFoundException

root@usrv1:~# grep java.io.FileNotFoundException /var/log/pki/pki-tomcat/catalina.out
java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory)
java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory)
java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory)
java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory)
java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory)
java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory)

This have been discussed on the FreeIPA users list, and the conclusion
was:

"If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with
 the current release of FreeIPA.

 We have been working on FreeIPA 4.7 for about a half a year now and only
 recently dogtag got support for tomcat 8.5. There are still bits and
 pieces which being fixed in dogtag to support FreeIPA 4.7.

 I guess currently you aren't going to get any luck with Ubuntu/Debian
 builds."

** Affects: freeipa (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1768865

Title:
  freeipa server installation fails on Bionic due to tomcat conflict

Status in freeipa package in Ubuntu:
  New

Bug description:
  Installing freeipa server fails at configuring certificate server
  (pki-tomcatd).

  ...
  Configuring kadmin
    [1/2]: starting kadmin 
    [2/2]: configuring kadmin to start on boot
  Done configuring kadmin.
  Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
    [1/28]: configuring certificate server instance
  ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpGu_KPq'] returned non-zero exit status 1: u"pkispawn    : ERROR    ....... subprocess.CalledProcessError:  Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn    : ERROR    ........... server did not start after 300s\npkispawn    : ERROR    ....... server failed to restart\n")
  ipaserver.install.dogtaginstance: CRITICAL See the installation logs and the following files/directories for more information:
  ipaserver.install.dogtaginstance: CRITICAL   /var/log/pki/pki-tomcat
    [error] RuntimeError: CA configuration failed.
  ipapython.admintool: ERROR    CA configuration failed.
  ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

  Looking more closely in /var/log/pki/pki-tomcat/catalina.out there are
  a bunch of java.io.FileNotFoundException

  root@usrv1:~# grep java.io.FileNotFoundException /var/log/pki/pki-tomcat/catalina.out
  java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory)
  java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory)
  java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory)
  java.io.FileNotFoundException: /usr/share/java/tomcat-annotations-api.jar (No such file or directory)
  java.io.FileNotFoundException: /usr/share/java/el-api-2.1.jar (No such file or directory)
  java.io.FileNotFoundException: /usr/share/java/oscache.jar (No such file or directory)

  This have been discussed on the FreeIPA users list, and the conclusion
  was:

  "If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with
   the current release of FreeIPA.

   We have been working on FreeIPA 4.7 for about a half a year now and only
   recently dogtag got support for tomcat 8.5. There are still bits and
   pieces which being fixed in dogtag to support FreeIPA 4.7.

   I guess currently you aren't going to get any luck with Ubuntu/Debian
   builds."

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1768865/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next