Hallo, How much memory do you have on the machine. I have a sneaking suspicion that you're running out.
Ta, Andrew On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> wrote: > > Last night I rolled back my snapshot. Here's what I have after the yum > install > > "minimal" install of Centos7 + basic build. > {0}:/var/log>cat /etc/*elease > CentOS Linux release 7.3.1611 (Core) > NAME="CentOS Linux" > VERSION="7 (Core)" > ID="centos" > ID_LIKE="rhel fedora" > VERSION_ID="7" > PRETTY_NAME="CentOS Linux 7 (Core)" > ANSI_COLOR="0;31" > CPE_NAME="cpe:/o:centos:centos:7" > HOME_URL="https://www.centos.org/" > BUG_REPORT_URL="https://bugs.centos.org/" > > CENTOS_MANTISBT_PROJECT="CentOS-7" > CENTOS_MANTISBT_PROJECT_VERSION="7" > REDHAT_SUPPORT_PRODUCT="centos" > REDHAT_SUPPORT_PRODUCT_VERSION="7" > > CentOS Linux release 7.3.1611 (Core) > CentOS Linux release 7.3.1611 (Core) > > > {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' > sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 > python2-ipaclient-4.4.0-14.el7.centos.7.noarch > ipa-common-4.4.0-14.el7.centos.7.noarch > perl-HTTP-Tiny-0.033-3.el7.noarch > python-iniparse-0.4-9.el7.noarch > ipa-client-common-4.4.0-14.el7.centos.7.noarch > pam_krb5-2.4.8-6.el7.x86_64 > sssd-krb5-1.14.0-43.el7_3.14.x86_64 > python-ipaddress-1.0.16-2.el7.noarch > python2-ipalib-4.4.0-14.el7.centos.7.noarch > krb5-libs-1.14.1-27.el7_3.x86_64 > libipa_hbac-1.14.0-43.el7_3.14.x86_64 > python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 > sssd-ipa-1.14.0-43.el7_3.14.x86_64 > krb5-workstation-1.14.1-27.el7_3.x86_64 > ipa-client-4.4.0-14.el7.centos.7.x86_64 > > Tried to pull an exact client. The "yum install ipa-server" went fine: > > {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server > ipa-server-4.4.0-14.el7.centos.7.x86_64 > ipa-server-common-4.4.0-14.el7.centos.7.noarch > > > "ipa-server-install" ran clean but has been stuck for 2 days: > > Restarting the directory server > Restarting the KDC > Please add records in this file to your DNS system: > /tmp/ipa.system.records.qLsLyx.db > Restarting the web server > Configuring client side components > Using existing certificate '/etc/ipa/ca.crt'. > Client hostname: ipa.rdlg.net > Realm: RDLG.NET > DNS Domain: rdlg.net > IPA Server: ipa.rdlg.net > BaseDN: dc=rdlg,dc=net > > Skipping synchronizing time with NTP server. > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > trying https://ipa.rdlg.net/ipa/json > Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' > > Checking the /var/log/httpd/error.log has 2 days of just this: > > [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize > failed. Certificate database: /etc/httpd/alias. > [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error: > -8038 SEC_ERROR_NOT_INITIALIZED > [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS > database exist? > > > Robert > > On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Robert L. Harris wrote: >> > >> > Hmmm >> > >> > {0}:/var/log>ls >> > anaconda btmp dmesg grubby maillog ppp secure >> > tallylog wtmp >> > audit cron dmesg.old grubby_prune_debug messages rhsm spooler >> > tuned yum.log >> > boot.log cups firewalld lastlog ntpstats samba sssd >> > vmware-vmsvc.log >> > >> > >> > root@ipa >> > {1}:/var/log>rpm -q -l http >> > package http is not installed >> > >> > root@ipa >> > {1}:/var/log>rpm -q -a | grep -i http >> > perl-HTTP-Tiny-0.033-3.el7.noarch >> > >> > root@ipa >> > {0}:/var/log>rpm -q -a | grep -i tomcat >> > >> > >> > Doesn't look like an httpd was installed as a dependancy? >> >> I find this very hard to believe given that it go so far as to configure >> things in Apache, restart it, etc. What version of [free]ipa-server is >> installed? How did you install it and from what repo? >> >> rob >> >> > >> > >> > >> > >> > >> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com >> > <mailto:mba...@redhat.com>> wrote: >> > >> > That's weird, it should be super fast, anything in >> > /var/log/httpd/error_log? >> > >> > >> > On 11.05.2017 22:23, Robert L. Harris wrote: >> >> >> >> Odd, must have clicked reply instead of reply-all. >> >> >> >> Anyway, I did the revert and re-install. Actual install went >> >> through fine then the "ipa-server-install" ran until this: >> >> >> >> [8/9]: restoring configuration >> >> [9/9]: starting directory server >> >> Done. >> >> Restarting the directory server >> >> Restarting the KDC >> >> Please add records in this file to your DNS system: >> >> /tmp/ipa.system.records.v5Jwrt.db >> >> Restarting the web server >> >> Configuring client side components >> >> Using existing certificate '/etc/ipa/ca.crt'. >> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net> >> >> Realm: RDLG.NET <http://RDLG.NET> >> >> DNS Domain: rdlg.net <http://rdlg.net> >> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net> >> >> BaseDN: dc=rdlg,dc=net >> >> >> >> Skipping synchronizing time with NTP server. >> >> New SSSD config will be created >> >> Configured sudoers in /etc/nsswitch.conf >> >> Configured /etc/sssd/sssd.conf >> >> trying https://ipa.rdlg.net/ipa/json >> >> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >> >> >> >> >> >> It's been sitting there for a while ( 4 hours? ) I don't see >> >> anyting in the ipaserver-install.log, but it's here: >> >> https://pastebin.com/biK1Dmv7 >> >> >> >> >> >> >> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com >> >> <mailto:mba...@redhat.com>> wrote: >> >> >> >> Please keep freeipa-users in CC >> >> >> >> Snapshot is always better, so I suggest to use it. Otherwise >> >> there is an option --ignore-last-of-role to unblock >> >> uninstallation. >> >> >> >> Martin >> >> >> >> >> >> On 11.05.2017 16:00, Robert L. Harris wrote: >> >>> >> >>> Looks like you hit it, apache didn't have a group: >> >>> >> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu >> >>> 2017-05-11 07:48:27 MDT. -- >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> systemd[1]: Starting The Apache HTTP Server... >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC proxy >> >>> enabled >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> httpd[28809]: AH00544: httpd: bad group name apache >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> systemd[1]: httpd.service: main process exited, code=exited, >> >>> status=1/FAILURE >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> kill[28812]: kill: cannot find process "" >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> systemd[1]: httpd.service: control process exited, >> >>> code=exited status=1 >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> systemd[1]: Failed to start The Apache HTTP Server. >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> systemd[1]: Unit httpd.service entered failed state. >> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >> >>> systemd[1]: httpd.service failed. >> >>> >> >>> Thanks, didn't know that command. I tried to continue the >> >>> process: >> >>> >> >>> {0}:/root>ipa-server-install >> >>> >> >>> The log file for this installation can be found in >> >>> /var/log/ipaserver-install.log >> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR IPA >> >>> server is already configured on this system. >> >>> If you want to reinstall the IPA server, please uninstall it >> >>> first using 'ipa-server-install --uninstall'. >> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR The >> >>> ipa-server-install command failed. See >> >>> /var/log/ipaserver-install.log for more information >> >>> >> >>> root@ipa >> >>> {1}:/root>ipa-server-install --uninstall >> >>> >> >>> This is a NON REVERSIBLE operation and will delete all data >> >>> and configuration! >> >>> >> >>> Are you sure you want to continue with the uninstall >> >>> procedure? [no]: yes >> >>> ipa : ERROR Server removal aborted: Deleting this >> >>> server is not allowed as it would leave your installation >> >>> without a CA.. >> >>> >> >>> >> >>> >> >>> This is a VM and I took a snapshot right before I started the >> >>> install, so I can revert, just make sure ti add the apache >> >>> user before starting the install. Or if you have a better >> >>> command to continue the clean-up/install..... >> >>> >> >>> >> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti >> >>> <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: >> >>> >> >>> Hello, >> >>> >> >>> comments inline >> >>> >> >>> >> >>> On 11.05.2017 06:06, Robert L. Harris wrote: >> >>>> >> >>>> Sigh... Sorry, it's been a long day, I thought I put >> >>>> that log in the first pastebin. It's in this one: >> >>>> https://pastebin.com/18PAXXNS >> >>> >> >>> Could you please provide journalctl -u httpd and >> >>> /var/log/httpd/error_log ? >> >>> >> >>> >> >>> >> >>>> >> >>>> Also, >> >>>> Anyone else get the constant spam when mailing this >> >>>> list? Got an address to block for it? >> >>> >> >>> Sorry for that, there is a bot mining public archives. We >> >>> plan to resolve this issue but it may take time as we are >> >>> not maintaining our mailman. >> >>> >> >>> Martin >> >>> >> >>> >> >>>> >> >>>> Robert >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman >> >>>> <data...@gmail.com <mailto:data...@gmail.com>> wrote: >> >>>> >> >>>> Robert, did you look in >> >>>> /var/log/ipaserver-install.log as it says? >> >>>> >> >>>> Was there any other information? >> >>>> >> >>>> cheers >> >>>> L. >> >>>> >> >>>> ------ >> >>>> "Mission Statement: To provide hope and inspiration >> >>>> for collective action, to build collective power, to >> >>>> achieve collective transformation, rooted in grief >> >>>> and rage but pointed towards vision and dreams." >> >>>> >> >>>> - Patrice Cullors, /Black Lives Matter founder/ >> >>>> >> >>>> On 11 May 2017 at 13:24, Robert L. Harris >> >>>> <robert.l.har...@gmail.com >> >>>> <mailto:robert.l.har...@gmail.com>> wrote: >> >>>> >> >>>> Ok, I gave up on Ubuntu. I'm now trying the >> >>>> latest CentOS7. I built out a "minimal server" >> >>>> with some normal base packages which did include >> >>>> the freeipa-client but otherwise, just standard >> >>>> tools. Here's a pastebin of the output of the >> >>>> install: https://pastebin.com/zAWCgkUU >> >>>> >> >>>> Robert >> >>>> >> >>>> >> >>>> -- >> >>>> Manage your subscription for the Freeipa-users >> >>>> mailing list: >> >>>> https://www.redhat.com/ >> mailman/listinfo/freeipa-users >> >>>> Go to http://freeipa.org for more info on the >> >>>> project >> >>>> >> >>>> >> >>>> -- >> >>>> Manage your subscription for the Freeipa-users >> >>>> mailing list: >> >>>> https://www.redhat.com/ >> mailman/listinfo/freeipa-users >> >>>> Go to http://freeipa.org for more info on the >> project >> >>>> >> >>>> >> >>>> >> >>> >> >>> -- >> >>> Martin Bašti >> >>> Software Engineer >> >>> Red Hat Czech >> >>> >> >> >> >> -- >> >> Martin Bašti >> >> Software Engineer >> >> Red Hat Czech >> >> >> > >> > -- >> > Martin Bašti >> > Software Engineer >> > Red Hat Czech >> > >> > >> > >> >> > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project