Buscar

Este contenido no está disponible en el idioma seleccionado.

Chapter 9. Troubleshooting IdM server installation

download PDF

The following sections describe how to gather information about a failing IdM server installation, and how to resolve common installation issues.

9.1. Reviewing IdM server installation error logs

When you install an Identity Management (IdM) server, debugging information is appended to the following log files:

  • /var/log/ipaserver-install.log
  • /var/log/httpd/error_log
  • /var/log/dirsrv/slapd-INSTANCE-NAME/access
  • /var/log/dirsrv/slapd-INSTANCE-NAME/errors

The last lines of the log files report success or failure, and the ERROR and DEBUG entries provide additional context.

To troubleshoot a failing IdM server installation, review the errors at the end of the log files and use this information to resolve any corresponding issues.

Prerequisites

  • You must have root privileges to display the contents of IdM log files.

Procedure

  1. Use the tail command to display the last lines of a log file. The following example displays the last 10 lines of /var/log/ipaserver-install.log.

    [user@server ~]$ sudo tail -n 10 /var/log/ipaserver-install.log
    [sudo] password for user:
    value = gen.send(prev_value)
    File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install
    for unused in self._installer(self.parent):
    File "/usr/lib/python3.6/site-packages/ipaserver/install/server/init.py", line 564, in main
    master_install(self)
    File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 291, in decorated
    raise ScriptError()
    
    2020-05-27T22:59:41Z DEBUG The ipa-server-install command failed, exception: ScriptError:
    2020-05-27T22:59:41Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
  2. To review a log file interactively, open the end of the log file using the less utility and use the and arrow keys to navigate. The following example opens the /var/log/ipaserver-install.log file interactively.

    [user@server ~]$ sudo less -N +G /var/log/ipaserver-install.log
  3. Gather additional troubleshooting information by repeating this review process with the remaining log files.

    [user@server ~]$ sudo less -N +G /var/log/httpd/error_log
    
    [user@server ~]$ sudo less -N +G /var/log/dirsrv/slapd-INSTANCE-NAME/access
    
    [user@server ~]$ sudo less -N +G /var/log/dirsrv/slapd-INSTANCE-NAME/errors

Additional resources

9.2. Reviewing IdM CA installation errors

When you install the Certificate Authority (CA) service on an Identity Management (IdM) server, debugging information is appended to the following locations (in order of recommended priority):

LocationDescription

/var/log/pki/pki-ca-spawn.$TIME_OF_INSTALLATION.log

High-level issues and Python traces for the pkispawn installation process

journalctl -u pki-tomcatd@pki-tomcat output

Errors from the pki-tomcatd@pki-tomcat service

/var/log/pki/pki-tomcat/ca/debug.$DATE.log

Large JAVA stacktraces of activity in the core of the Public Key Infrastructure (PKI) product

/var/log/pki/pki-tomcat/ca/signedAudit/ca_audit log file

Audit log of the PKI product

  • /var/log/pki/pki-tomcat/ca/system
  • /var/log/pki/pki-tomcat/ca/transactions
  • /var/log/pki/pki-tomcat/catalina.$DATE.log

Low-level debug data of certificate operations for service principals, hosts, and other entities that use certificates

Note

If a full IdM server installation fails while installing the optional CA component, no details about the CA are logged; a message is logged in the /var/log/ipaserver-install.log file indicating that the overall installation process failed. Red Hat recommends reviewing the log files listed above for details specific to the CA installation failure.

The only exception to this behavior is when you are installing the CA service and the root CA is an external CA. If there is an issue with the certificate from the external CA, errors are logged in /var/log/ipaserver-install.log.

To troubleshoot a failing IdM CA installation, review the errors at the end of these log files and use this information to resolve any corresponding issues.

Prerequisites

  • You must have root privileges to display the contents of IdM log files.

Procedure

  1. To review a log file interactively, open the end of the log file using the less utility and use the and arrow keys to navigate, while searching for ScriptError entries. The following example opens /var/log/pki/pki-ca-spawn.$TIME_OF_INSTALLATION.log.

    [user@server ~]$ sudo less -N +G /var/log/pki/pki-ca-spawn.20200527185902.log
  2. Gather additional troubleshooting information by repeating this review process with all the log files listed above.

Additional resources

9.3. Removing a partial IdM server installation

If an IdM server installation fails, some configuration files can be left behind. Additional attempts to install the IdM server fail and the installation script reports that IPA is already configured.

Example system with existing partial IdM configuration

[root@server ~]# ipa-server-install

The log file for this installation can be found in /var/log/ipaserver-install.log
IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'.
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

To resolve this issue, uninstall the partial IdM server configuration and retry the installation process.

Prerequisites

  • You must have root privileges.

Procedure

  1. Uninstall the IdM server software from the host you are trying to configure as an IdM server.

    [root@server ~]# ipa-server-install --uninstall
  2. If you continue to experience difficulty installing an IdM server because of repeated failed installations, reinstall the operating system.

    One of the requirements for installing an IdM server is a clean system without any customization. Failed installations may have compromised the integrity of the host by unexpectedly modifying system files.

Additional resources

9.4. Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.