2021-09-13T08:49:47Z DEBUG stderr= 2021-09-13T08:49:47Z DEBUG Restart of ipa-custodia.service complete 2021-09-13T08:49:47Z DEBUG step duration: ipa-custodia __start 1.62 sec 2021-09-13T08:49:47Z DEBUG [5/5]: configuring ipa-custodia to start on boot 2021-09-13T08:49:47Z DEBUG Starting external process 2021-09-13T08:49:47Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service'] 2021-09-13T08:49:47Z DEBUG Process finished, return code=1 2021-09-13T08:49:47Z DEBUG stdout=disabled 2021-09-13T08:49:47Z DEBUG stderr= 2021-09-13T08:49:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:47Z DEBUG Starting external process 2021-09-13T08:49:47Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-custodia.service'] 2021-09-13T08:49:47Z DEBUG Process finished, return code=0 2021-09-13T08:49:47Z DEBUG stdout= 2021-09-13T08:49:47Z DEBUG stderr= 2021-09-13T08:49:47Z DEBUG Starting external process 2021-09-13T08:49:47Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service'] 2021-09-13T08:49:48Z DEBUG Process finished, return code=0 2021-09-13T08:49:48Z DEBUG stdout= 2021-09-13T08:49:48Z DEBUG stderr= 2021-09-13T08:49:48Z DEBUG step duration: ipa-custodia __enable 1.44 sec 2021-09-13T08:49:48Z DEBUG Done configuring ipa-custodia. 2021-09-13T08:49:48Z DEBUG service duration: ipa-custodia 7.59 sec 2021-09-13T08:49:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2021-09-13T08:49:48Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2021-09-13T08:49:48Z DEBUG update_entry modlist [(2, 'ipacertificatesubjectbase', [b'O=TESTIPA.DOM'])] 2021-09-13T08:49:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2021-09-13T08:49:48Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2021-09-13T08:49:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2021-09-13T08:49:48Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 2021-09-13T08:49:48Z DEBUG [1/28]: configuring certificate server instance 2021-09-13T08:49:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2021-09-13T08:49:48Z DEBUG Contents of pkispawn configuration file (/tmp/tmptq0btfij): [CA] pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert pki_admin_cert_request_type = pkcs10 pki_admin_dualkey = False pki_admin_email = root@localhost pki_admin_name = admin pki_admin_nickname = ipa-ca-agent pki_admin_password = XXXXXXXX pki_admin_subject_dn = cn=ipa-ca-agent,O=TESTIPA.DOM pki_admin_uid = admin pki_ajp_host_ipv4 = 127.0.0.1 pki_ajp_host_ipv6 = ::1 pki_ajp_secret = 7Uh0Ee4BszlzvFB5HyhC5XnEa1dneNUORcoVJBcLBgOY pki_audit_group = pkiaudit pki_audit_signing_key_algorithm = SHA256withRSA pki_audit_signing_key_size = 2048 pki_audit_signing_key_type = rsa pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_audit_signing_signing_algorithm = SHA256withRSA pki_audit_signing_subject_dn = cn=CA Audit,O=TESTIPA.DOM pki_audit_signing_token = internal pki_backup_keys = True pki_backup_password = XXXXXXXX pki_ca_hostname = dc1.testipa.dom pki_ca_port = 443 pki_ca_signing_cert_path = /etc/pki/pki-tomcat/external_ca.cert pki_ca_signing_csr_path = /root/ipa.csr pki_ca_signing_key_algorithm = SHA256withRSA pki_ca_signing_key_size = 3072 pki_ca_signing_key_type = rsa pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_ca_signing_record_create = True pki_ca_signing_serial_number = 1 pki_ca_signing_signing_algorithm = SHA256withRSA pki_ca_signing_subject_dn = CN=Certificate Authority,O=TESTIPA.DOM pki_ca_signing_token = internal pki_ca_starting_crl_number = 0 pki_cert_chain_nickname = caSigningCert External CA pki_cert_chain_path = /etc/pki/pki-tomcat/external_ca_chain.cert pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_client_database_password = pki_client_database_purge = True pki_client_dir = /root/.dogtag/pki-tomcat pki_client_pkcs12_password = XXXXXXXX pki_configuration_path = /etc/pki pki_default_ocsp_uri = http://ipa-ca.testipa.dom/ca/ocsp pki_dns_domainname = testipa.dom pki_ds_base_dn = o=ipaca pki_ds_bind_dn = cn=Directory Manager pki_ds_database = ipaca pki_ds_hostname = dc1.testipa.dom pki_ds_ldap_port = 389 pki_ds_ldaps_port = 636 pki_ds_password = XXXXXXXX pki_ds_remove_data = True pki_ds_secure_connection = False pki_ds_secure_connection_ca_nickname = Directory Server CA certificate pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt pki_enable_proxy = True pki_existing = False pki_external = False pki_external_pkcs12_password = pki_external_pkcs12_path = pki_external_step_two = False pki_group = pkiuser pki_hostname = dc1.testipa.dom pki_hsm_enable = False pki_hsm_libfile = pki_hsm_modulename = pki_import_admin_cert = False pki_instance_configuration_path = /etc/pki/pki-tomcat pki_instance_name = pki-tomcat pki_issuing_ca = https://dc1.testipa.dom:443 pki_issuing_ca_hostname = dc1.testipa.dom pki_issuing_ca_https_port = 443 pki_issuing_ca_uri = https://dc1.testipa.dom:443 pki_master_crl_enable = True pki_ocsp_signing_key_algorithm = SHA256withRSA pki_ocsp_signing_key_size = 2048 pki_ocsp_signing_key_type = rsa pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ocsp_signing_signing_algorithm = SHA256withRSA pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=TESTIPA.DOM pki_ocsp_signing_token = internal pki_pkcs12_password = pki_pkcs12_path = pki_profiles_in_ldap = True pki_random_serial_numbers_enable = False pki_replica_number_range_end = 100 pki_replica_number_range_start = 1 pki_replication_password = pki_request_number_range_end = 10000000 pki_request_number_range_start = 1 pki_restart_configured_instance = False pki_san_for_server_cert = pki_san_inject = False pki_security_domain_hostname = dc1.testipa.dom pki_security_domain_https_port = 443 pki_security_domain_name = IPA pki_security_domain_password = XXXXXXXX pki_security_domain_user = admin pki_self_signed_token = internal pki_serial_number_range_end = 10000000 pki_serial_number_range_start = 1 pki_server_database_password = XXXXXXXX pki_share_db = False pki_skip_configuration = False pki_skip_ds_verify = False pki_skip_installation = False pki_skip_sd_verify = False pki_sslserver_key_algorithm = SHA256withRSA pki_sslserver_key_size = 2048 pki_sslserver_key_type = rsa pki_sslserver_nickname = Server-Cert cert-pki-ca pki_sslserver_subject_dn = cn=dc1.testipa.dom,O=TESTIPA.DOM pki_sslserver_token = internal pki_status_request_timeout = 15 pki_subordinate = False pki_subordinate_create_new_security_domain = False pki_subsystem = CA pki_subsystem_key_algorithm = SHA256withRSA pki_subsystem_key_size = 2048 pki_subsystem_key_type = rsa pki_subsystem_nickname = subsystemCert cert-pki-ca pki_subsystem_subject_dn = cn=CA Subsystem,O=TESTIPA.DOM pki_subsystem_token = internal pki_subsystem_type = ca pki_theme_enable = True pki_theme_server_dir = /usr/share/pki/common-ui pki_token_name = internal pki_user = pkiuser 2021-09-13T08:49:48Z DEBUG Starting external process 2021-09-13T08:49:48Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmptq0btfij', '--debug'] 2021-09-13T08:49:49Z DEBUG Process finished, return code=2 2021-09-13T08:49:49Z DEBUG stdout= 2021-09-13T08:49:49Z DEBUG stderr=usage: pkispawn.py [-s ] [-h] [-v] [-f ] [--precheck] [--skip-configuration] [--skip-installation] [--enforce-hostname] [--with-maven-deps] pkispawn.py: error: unrecognized arguments: --debug 2021-09-13T08:49:49Z CRITICAL Failed to configure CA instance 2021-09-13T08:49:49Z CRITICAL See the installation logs and the following files/directories for more information: 2021-09-13T08:49:49Z CRITICAL /var/log/pki/pki-tomcat 2021-09-13T08:49:49Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 635, in start_creation run_step(full_msg, method) File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 621, in run_step method() File "/usr/lib/python3.8/site-packages/ipaserver/install/cainstance.py", line 626, in __spawn_instance DogtagInstance.spawn_instance( File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 212, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 564, in handle_setup_error raise RuntimeError( RuntimeError: CA configuration failed. 2021-09-13T08:49:49Z DEBUG [error] RuntimeError: CA configuration failed. 2021-09-13T08:49:49Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2021-09-13T08:49:49Z DEBUG File "/usr/lib/python3.8/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() File "/usr/lib/python3.8/site-packages/ipapython/install/cli.py", line 342, in run return cfgr.run() File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 418, in step = lambda: next(self.__gen) File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 418, in step = lambda: next(self.__gen) File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.8/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.8/site-packages/ipaserver/install/server/__init__.py", line 575, in main master_install(self) File "/usr/lib/python3.8/site-packages/ipaserver/install/server/install.py", line 275, in decorated func(installer) File "/usr/lib/python3.8/site-packages/ipaserver/install/server/install.py", line 909, in install ca.install_step_0(False, None, options, custodia=custodia) File "/usr/lib/python3.8/site-packages/ipaserver/install/ca.py", line 338, in install_step_0 ca.configure_instance( File "/usr/lib/python3.8/site-packages/ipaserver/install/cainstance.py", line 502, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 635, in start_creation run_step(full_msg, method) File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 621, in run_step method() File "/usr/lib/python3.8/site-packages/ipaserver/install/cainstance.py", line 626, in __spawn_instance DogtagInstance.spawn_instance( File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 212, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 564, in handle_setup_error raise RuntimeError( 2021-09-13T08:49:49Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. 2021-09-13T08:49:49Z ERROR CA configuration failed. 2021-09-13T08:49:49Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information [root@dc1 ~]#