Last night I rolled back my snapshot. Here's what I have after the yum install
"minimal" install of Centos7 + basic build. {0}:/var/log>cat /etc/*elease CentOS Linux release 7.3.1611 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" CentOS Linux release 7.3.1611 (Core) CentOS Linux release 7.3.1611 (Core) {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 python2-ipaclient-4.4.0-14.el7.centos.7.noarch ipa-common-4.4.0-14.el7.centos.7.noarch perl-HTTP-Tiny-0.033-3.el7.noarch python-iniparse-0.4-9.el7.noarch ipa-client-common-4.4.0-14.el7.centos.7.noarch pam_krb5-2.4.8-6.el7.x86_64 sssd-krb5-1.14.0-43.el7_3.14.x86_64 python-ipaddress-1.0.16-2.el7.noarch python2-ipalib-4.4.0-14.el7.centos.7.noarch krb5-libs-1.14.1-27.el7_3.x86_64 libipa_hbac-1.14.0-43.el7_3.14.x86_64 python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 sssd-ipa-1.14.0-43.el7_3.14.x86_64 krb5-workstation-1.14.1-27.el7_3.x86_64 ipa-client-4.4.0-14.el7.centos.7.x86_64 Tried to pull an exact client. The "yum install ipa-server" went fine: {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server ipa-server-4.4.0-14.el7.centos.7.x86_64 ipa-server-common-4.4.0-14.el7.centos.7.noarch "ipa-server-install" ran clean but has been stuck for 2 days: Restarting the directory server Restarting the KDC Please add records in this file to your DNS system: /tmp/ipa.system.records.qLsLyx.db Restarting the web server Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: ipa.rdlg.net Realm: RDLG.NET DNS Domain: rdlg.net IPA Server: ipa.rdlg.net BaseDN: dc=rdlg,dc=net Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://ipa.rdlg.net/ipa/json Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' Checking the /var/log/httpd/error.log has 2 days of just this: [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS database exist? Robert On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> wrote: > Robert L. Harris wrote: > > > > Hmmm > > > > {0}:/var/log>ls > > anaconda btmp dmesg grubby maillog ppp secure > > tallylog wtmp > > audit cron dmesg.old grubby_prune_debug messages rhsm spooler > > tuned yum.log > > boot.log cups firewalld lastlog ntpstats samba sssd > > vmware-vmsvc.log > > > > > > root@ipa > > {1}:/var/log>rpm -q -l http > > package http is not installed > > > > root@ipa > > {1}:/var/log>rpm -q -a | grep -i http > > perl-HTTP-Tiny-0.033-3.el7.noarch > > > > root@ipa > > {0}:/var/log>rpm -q -a | grep -i tomcat > > > > > > Doesn't look like an httpd was installed as a dependancy? > > I find this very hard to believe given that it go so far as to configure > things in Apache, restart it, etc. What version of [free]ipa-server is > installed? How did you install it and from what repo? > > rob > > > > > > > > > > > > > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com > > <mailto:mba...@redhat.com>> wrote: > > > > That's weird, it should be super fast, anything in > > /var/log/httpd/error_log? > > > > > > On 11.05.2017 22:23, Robert L. Harris wrote: > >> > >> Odd, must have clicked reply instead of reply-all. > >> > >> Anyway, I did the revert and re-install. Actual install went > >> through fine then the "ipa-server-install" ran until this: > >> > >> [8/9]: restoring configuration > >> [9/9]: starting directory server > >> Done. > >> Restarting the directory server > >> Restarting the KDC > >> Please add records in this file to your DNS system: > >> /tmp/ipa.system.records.v5Jwrt.db > >> Restarting the web server > >> Configuring client side components > >> Using existing certificate '/etc/ipa/ca.crt'. > >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net> > >> Realm: RDLG.NET <http://RDLG.NET> > >> DNS Domain: rdlg.net <http://rdlg.net> > >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net> > >> BaseDN: dc=rdlg,dc=net > >> > >> Skipping synchronizing time with NTP server. > >> New SSSD config will be created > >> Configured sudoers in /etc/nsswitch.conf > >> Configured /etc/sssd/sssd.conf > >> trying https://ipa.rdlg.net/ipa/json > >> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' > >> > >> > >> It's been sitting there for a while ( 4 hours? ) I don't see > >> anyting in the ipaserver-install.log, but it's here: > >> https://pastebin.com/biK1Dmv7 > >> > >> > >> > >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com > >> <mailto:mba...@redhat.com>> wrote: > >> > >> Please keep freeipa-users in CC > >> > >> Snapshot is always better, so I suggest to use it. Otherwise > >> there is an option --ignore-last-of-role to unblock > >> uninstallation. > >> > >> Martin > >> > >> > >> On 11.05.2017 16:00, Robert L. Harris wrote: > >>> > >>> Looks like you hit it, apache didn't have a group: > >>> > >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu > >>> 2017-05-11 07:48:27 MDT. -- > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> systemd[1]: Starting The Apache HTTP Server... > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC proxy > >>> enabled > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> httpd[28809]: AH00544: httpd: bad group name apache > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> systemd[1]: httpd.service: main process exited, code=exited, > >>> status=1/FAILURE > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> kill[28812]: kill: cannot find process "" > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> systemd[1]: httpd.service: control process exited, > >>> code=exited status=1 > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> systemd[1]: Failed to start The Apache HTTP Server. > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> systemd[1]: Unit httpd.service entered failed state. > >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> > >>> systemd[1]: httpd.service failed. > >>> > >>> Thanks, didn't know that command. I tried to continue the > >>> process: > >>> > >>> {0}:/root>ipa-server-install > >>> > >>> The log file for this installation can be found in > >>> /var/log/ipaserver-install.log > >>> ipa.ipapython.install.cli.install_tool(Server): ERROR IPA > >>> server is already configured on this system. > >>> If you want to reinstall the IPA server, please uninstall it > >>> first using 'ipa-server-install --uninstall'. > >>> ipa.ipapython.install.cli.install_tool(Server): ERROR The > >>> ipa-server-install command failed. See > >>> /var/log/ipaserver-install.log for more information > >>> > >>> root@ipa > >>> {1}:/root>ipa-server-install --uninstall > >>> > >>> This is a NON REVERSIBLE operation and will delete all data > >>> and configuration! > >>> > >>> Are you sure you want to continue with the uninstall > >>> procedure? [no]: yes > >>> ipa : ERROR Server removal aborted: Deleting this > >>> server is not allowed as it would leave your installation > >>> without a CA.. > >>> > >>> > >>> > >>> This is a VM and I took a snapshot right before I started the > >>> install, so I can revert, just make sure ti add the apache > >>> user before starting the install. Or if you have a better > >>> command to continue the clean-up/install..... > >>> > >>> > >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti > >>> <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: > >>> > >>> Hello, > >>> > >>> comments inline > >>> > >>> > >>> On 11.05.2017 06:06, Robert L. Harris wrote: > >>>> > >>>> Sigh... Sorry, it's been a long day, I thought I put > >>>> that log in the first pastebin. It's in this one: > >>>> https://pastebin.com/18PAXXNS > >>> > >>> Could you please provide journalctl -u httpd and > >>> /var/log/httpd/error_log ? > >>> > >>> > >>> > >>>> > >>>> Also, > >>>> Anyone else get the constant spam when mailing this > >>>> list? Got an address to block for it? > >>> > >>> Sorry for that, there is a bot mining public archives. We > >>> plan to resolve this issue but it may take time as we are > >>> not maintaining our mailman. > >>> > >>> Martin > >>> > >>> > >>>> > >>>> Robert > >>>> > >>>> > >>>> > >>>> > >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman > >>>> <data...@gmail.com <mailto:data...@gmail.com>> wrote: > >>>> > >>>> Robert, did you look in > >>>> /var/log/ipaserver-install.log as it says? > >>>> > >>>> Was there any other information? > >>>> > >>>> cheers > >>>> L. > >>>> > >>>> ------ > >>>> "Mission Statement: To provide hope and inspiration > >>>> for collective action, to build collective power, to > >>>> achieve collective transformation, rooted in grief > >>>> and rage but pointed towards vision and dreams." > >>>> > >>>> - Patrice Cullors, /Black Lives Matter founder/ > >>>> > >>>> On 11 May 2017 at 13:24, Robert L. Harris > >>>> <robert.l.har...@gmail.com > >>>> <mailto:robert.l.har...@gmail.com>> wrote: > >>>> > >>>> Ok, I gave up on Ubuntu. I'm now trying the > >>>> latest CentOS7. I built out a "minimal server" > >>>> with some normal base packages which did include > >>>> the freeipa-client but otherwise, just standard > >>>> tools. Here's a pastebin of the output of the > >>>> install: https://pastebin.com/zAWCgkUU > >>>> > >>>> Robert > >>>> > >>>> > >>>> -- > >>>> Manage your subscription for the Freeipa-users > >>>> mailing list: > >>>> > https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go to http://freeipa.org for more info on the > >>>> project > >>>> > >>>> > >>>> -- > >>>> Manage your subscription for the Freeipa-users > >>>> mailing list: > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go to http://freeipa.org for more info on the project > >>>> > >>>> > >>>> > >>> > >>> -- > >>> Martin Bašti > >>> Software Engineer > >>> Red Hat Czech > >>> > >> > >> -- > >> Martin Bašti > >> Software Engineer > >> Red Hat Czech > >> > > > > -- > > Martin Bašti > > Software Engineer > > Red Hat Czech > > > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project