Hi all, See https://www.freeipa.org/page/ARM As mentioned earlier: I applied these settings but it wasn't enough. The startup_timeout was set at a huge 1200 but somewhere during a restart, it will complain:
........... server did not start after 60s\npkispawn : ERROR ....... server failed to restart\n') It's complaining about 60 seconds, not 1200 so I guess there's sme other value to set, somewhere.... Winfried -----Oorspronkelijk bericht----- Van: Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Antwoord-naar: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Aan: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Cc: Winfried de Heiden <w...@dds.nl>, Fraser Tweedale <ftwee...@redhat.com>, Rob Crittenden <rcrit...@redhat.com> Onderwerp: [Freeipa-users] Re: Replica install on RPI3 Datum: Mon, 5 Nov 2018 11:25:21 -0500 Winfried de Heiden via FreeIPA-users wrote: Hi all, Believe me, after modifying "startup_timeout" in/usr/lib/python3.7/site-packages/ipalib/constants.py and/etc/ipa/default.conf is does run on a Pi as a Master but obviously thisis not enough fiir the Replica. See https://www.freeipa.org/page/ARM I did not add this post to discuss whether it is usefull to run on a P,I try to find out which install parameter (I guess) to modify in whichfile. I had FreeIPA running Master running for months on a Pi. It ranstable :) There are multiple reports of it (and related hardware like the bananapi) running fine. How much of a good idea it is is up for debate ;-) TBH I'm glad you're creating a replica with a CA so you don't have asingle point-of-failure. rob Winfried Fraser Tweedale via FreeIPA-users schreef op 05-11-2018 0:37: Dogtag CA is a massive enterprise Java program. Can't do much aboutit. Run a CA-less deployment, or run a CA-ful deployment withRaspberryPi replicas having no CA, and CA replicas running onmachines with more memory and more grunt. Cheers,Fraser On Sun, Nov 04, 2018 at 04:04:27PM +0100, Winfried de Heiden viaFreeIPA-users wrote: Hi all,can't tell it's the only issue. Installing the replica without CAworks well. The error happens during a restart during installationwich take too much time. Don't know what will go wrong after fixingthis issue....WinfriedJohn Keates via FreeIPA-users schreef op za 03-11-2018 om 16:41 [+0100]: Ah, so the install went fine but the CA startup is the onlyremaining issue? John On 3 Nov 2018, at 16:39, Winfried de Heiden via FreeIPA-users<freeipa-users@lists.fedorahosted.org> wrote: Hi all,Yes, the Pi is too slow but funny enough it can work perfectly.The DogTag CA server just takes a painfull time to start. I had a Pirunning as just a master for months quite well, but start Dogtag tooka very long time, but afterwards it all ran well in a smallenvironment (@home...) As mentioned, just for the sake of trying and Pi are so cheap, I'm trying to setup a Pi Replica but default setup timeout settingsneed a modification... Winfried John Keates schreef op za 03-11-2018 om 16:26 [+0100]: My suggestion would be: don’t run it on a Pi, it’s not fastenough. But you came to that conclusion already, so I guess the nextissue would be: where does it fail?I’m assuming the rpm install worksout but ipa-server-install doesn’t? Or does that work but does thestarting of all the components time out? If it’s just the installation that’s failing, you can getaround that by running the install in an emulated ARM machine first,and then copying the filesystem over to the Pi. John On 3 Nov 2018, at 15:53, Winfried de Heiden via FreeIPA-users<freeipa-users@lists.fedorahosted.org> wrote: Hi all,Just because we can and a Rapsberry Pi 3 is cheap, I'm tryingto install a FreeIPA replica on Fedora 29 ARM. It looks like theRaspberry is a bit too slow for default installation settings: 018-11-03T12:27:12Z DEBUG stderr=WARNING: Password wasgarbage collected before it was cleared.password file contains nodatapkispawn : ERROR ........... server did not start after60spkispawn : ERROR ....... server failed to restart 2018-11-03T12:27:12Z CRITICAL Failed to configure CAinstance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s','CA', '-f', '/tmp/tmpv2y32e9l'] returned non-zero exit status 1:'WARNING: Password was garbage collected before it wascleared.\npassword file contains no data\npkispawn : ERROR ........... server did not start after 60s\npkispawn : ERROR ....... server failed to restart\n')2018-11-03T12:27:12Z CRITICAL Seethe installation logs and the following files/directories for moreinformation:2018-11-03T12:27:12Z CRITICAL /var/log/pki/pki-tomcat2018-11-03T12:27:12Z DEBUG Traceback (mostrecent call last): File"/usr/lib/python3.7/site-packages/ipaserver/install/dogtaginstance.py",line 164, in spawn_instance ipautil.run(args, nolog=nolog_list) File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line573, in run p.returncode, arg_string, output_log, error_logipapython.ipautil.CalledProcessError: CalledProcessError(Command['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpv2y32e9l'] returnednon-zero exit status 1: 'WARNING: Password was garbage collected beforeit was cleared.\npassword file contains no data\npkispawn : ERROR ........... server did not start after 60s\npkispawn : ERROR ....... server failed to restart\n') I did change the "startup_timeout" in/usr/lib/python3.7/site-packages/ipalib/constants.py and/etc/ipa/default.conf but it doens't seem to be enough. Any sugestion?Winfried_______________________________________________FreeIPA-users mailing list --freeipa-users@lists.fedorahosted.org To unsubscribe send an email tofreeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:https://getfedora.org/code-of-conduct.html List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgTo unsubscribe send an email tofreeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.htmlList Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________FreeIPA-usersmailing list -- freeipa-users@lists.fedorahosted.orgTo unsubscribesend an email to freeipa-users-leave@lists.fedorahosted.orgFedoraCode of Conduct: https://getfedora.org/code-of-conduct.htmlListGuidelines:https://fedoraproject.org/wiki/Mailing_list_guidelinesList Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgTo unsubscribe send an email tofreeipa-users-leave@lists.fedorahosted.orgFedora Code of Conduct: https://getfedora.org/code-of-conduct.htmlList Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelinesList Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgTo unsubscribe send an email tofreeipa-users-leave@lists.fedorahosted.orgFedora Code of Conduct: https://getfedora.org/code-of-conduct.htmlList Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelinesList Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgTo unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.orgFedora Code of Conduct: https://getfedora.org/code-of-conduct.htmlList Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelinesList Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgTo unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.orgFedora Code of Conduct: https://getfedora.org/code-of-conduct.htmlList Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelinesList Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
signature.asc
Description: This is a digitally signed message part
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org