Andrea Stacchiotti via FreeIPA-users wrote: > Hello everyone, > freshly installed ipa server on Oracle Linux 9, via the ansible role at > https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipaserver/README.md > > The installation goes apparently well, but if I try restarting the service I > get the error in the subject, which prevents dirsrv from starting, a debug > log is at the end. > > This is apparently a known issue, as > https://access.redhat.com/solutions/5268961 exists to address it, but I don't > have a subscription and I found no other results on the internet. > It seems to be an issue finding services, but `ipa service-find` finds HTTP > and ldap as expected. > > Can someone help? Thanks > > ------------ > [root@ipa-innovation opc]# ipactl start -d > ipa: DEBUG: importing all plugin modules in ipaserver.plugins... > ipa: DEBUG: importing plugin module ipaserver.plugins.aci > [...] > Starting Directory Service > ipa: DEBUG: Starting external process > ipa: DEBUG: args=['/bin/systemctl', 'start', 'dirsrv@PRIVATE-ACUS-EU.service'] > ipa: DEBUG: Process finished, return code=0 > ipa: DEBUG: Starting external process > ipa: DEBUG: args=['/bin/systemctl', 'is-active', > 'dirsrv@PRIVATE-ACUS-EU.service'] > ipa: DEBUG: Process finished, return code=0 > ipa: DEBUG: stdout=active > > ipa: DEBUG: stderr= > ipa: DEBUG: wait_for_open_ports: localhost [389] timeout 120 > ipa: DEBUG: waiting for port: 389 > ipa: DEBUG: SUCCESS: port: 389 > ipa: DEBUG: Start of dirsrv@PRIVATE-ACUS-EU.service complete > ipa: DEBUG: Starting external process > ipa: DEBUG: args=['/bin/systemctl', 'is-active', > 'dirsrv@PRIVATE-ACUS-EU.service'] > ipa: DEBUG: Process finished, return code=0 > ipa: DEBUG: stdout=active > > ipa: DEBUG: stderr= > Failed to read data from service file: Unknown error when retrieving list of > services from LDAP: not enough values to unpack (expected 2, got 1) > Shutting down > ipa: DEBUG: Starting external process > ipa: DEBUG: args=['/bin/systemctl', 'stop', 'dirsrv@PRIVATE-ACUS-EU.service'] > ipa: DEBUG: Process finished, return code=0 > ipa: DEBUG: Stop of dirsrv@PRIVATE-ACUS-EU.service complete > ipa: DEBUG: File > "/usr/lib/python3.9/site-packages/ipaserver/install/installutils.py", line > 781, in run_script > return_value = main_function() > > File "/usr/lib/python3.9/site-packages/ipaserver/install/ipactl.py", line > 735, in main > ipa_start(options) > > File "/usr/lib/python3.9/site-packages/ipaserver/install/ipactl.py", line > 398, in ipa_start > raise IpactlError(rval=e.rval) > > ipa: DEBUG: The ipactl command failed, exception: IpactlError:
I don't think this is related to the KCS. That had to do with ldap_uri missing from /etc/ipa/default.conf and your 389 instance is starting ok. Unfortunately the backtrace doesn't include where the "not enough values to unpack" is originating. Maybe we can work backwards. ipactl starts dirsrv and then runs a query and uses that to identify which services to start. You can look in your /var/log/dirsrv/slapd-REALM/access to see if the below query is being executed and how many records are returned. If it isn't there then we'll know it didn't even get as far as to do the query. If it does then can you provide the output of: $ kinit admin $ ldapsearch -o ldif-wrap=no -LLL -Q -Y GSSAPI -b cn=ipa.example.test,cn=masters,cn=ipa,cn=etc,dc=example,dc=test "(&(objectClass=ipaConfigObject)(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))" cn ipaConfigString You'll need to substitute in your domain for dc=example,dc=test and your current hostname for ipa.example.test. I'm not 100% sure this is where the data that isn't split is originating but it seems like a good candidate. rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
