2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms on VMWare )
On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > Hallo, > > How much memory do you have on the machine. I have a sneaking suspicion > that you're running out. > > Ta, > > Andrew > > On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >> Last night I rolled back my snapshot. Here's what I have after the yum >> install >> >> "minimal" install of Centos7 + basic build. >> {0}:/var/log>cat /etc/*elease >> CentOS Linux release 7.3.1611 (Core) >> NAME="CentOS Linux" >> VERSION="7 (Core)" >> ID="centos" >> ID_LIKE="rhel fedora" >> VERSION_ID="7" >> PRETTY_NAME="CentOS Linux 7 (Core)" >> ANSI_COLOR="0;31" >> CPE_NAME="cpe:/o:centos:centos:7" >> HOME_URL="https://www.centos.org/" >> BUG_REPORT_URL="https://bugs.centos.org/" >> >> CENTOS_MANTISBT_PROJECT="CentOS-7" >> CENTOS_MANTISBT_PROJECT_VERSION="7" >> REDHAT_SUPPORT_PRODUCT="centos" >> REDHAT_SUPPORT_PRODUCT_VERSION="7" >> >> CentOS Linux release 7.3.1611 (Core) >> CentOS Linux release 7.3.1611 (Core) >> >> >> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >> ipa-common-4.4.0-14.el7.centos.7.noarch >> perl-HTTP-Tiny-0.033-3.el7.noarch >> python-iniparse-0.4-9.el7.noarch >> ipa-client-common-4.4.0-14.el7.centos.7.noarch >> pam_krb5-2.4.8-6.el7.x86_64 >> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >> python-ipaddress-1.0.16-2.el7.noarch >> python2-ipalib-4.4.0-14.el7.centos.7.noarch >> krb5-libs-1.14.1-27.el7_3.x86_64 >> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >> krb5-workstation-1.14.1-27.el7_3.x86_64 >> ipa-client-4.4.0-14.el7.centos.7.x86_64 >> >> Tried to pull an exact client. The "yum install ipa-server" went fine: >> >> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server >> ipa-server-4.4.0-14.el7.centos.7.x86_64 >> ipa-server-common-4.4.0-14.el7.centos.7.noarch >> >> >> "ipa-server-install" ran clean but has been stuck for 2 days: >> >> Restarting the directory server >> Restarting the KDC >> Please add records in this file to your DNS system: >> /tmp/ipa.system.records.qLsLyx.db >> Restarting the web server >> Configuring client side components >> Using existing certificate '/etc/ipa/ca.crt'. >> Client hostname: ipa.rdlg.net >> Realm: RDLG.NET >> DNS Domain: rdlg.net >> IPA Server: ipa.rdlg.net >> BaseDN: dc=rdlg,dc=net >> >> Skipping synchronizing time with NTP server. >> New SSSD config will be created >> Configured sudoers in /etc/nsswitch.conf >> Configured /etc/sssd/sssd.conf >> trying https://ipa.rdlg.net/ipa/json >> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >> >> Checking the /var/log/httpd/error.log has 2 days of just this: >> >> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize >> failed. Certificate database: /etc/httpd/alias. >> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error: >> -8038 SEC_ERROR_NOT_INITIALIZED >> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS >> database exist? >> >> >> Robert >> >> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> >> wrote: >> >>> Robert L. Harris wrote: >>> > >>> > Hmmm >>> > >>> > {0}:/var/log>ls >>> > anaconda btmp dmesg grubby maillog ppp secure >>> > tallylog wtmp >>> > audit cron dmesg.old grubby_prune_debug messages rhsm spooler >>> > tuned yum.log >>> > boot.log cups firewalld lastlog ntpstats samba sssd >>> > vmware-vmsvc.log >>> > >>> > >>> > root@ipa >>> > {1}:/var/log>rpm -q -l http >>> > package http is not installed >>> > >>> > root@ipa >>> > {1}:/var/log>rpm -q -a | grep -i http >>> > perl-HTTP-Tiny-0.033-3.el7.noarch >>> > >>> > root@ipa >>> > {0}:/var/log>rpm -q -a | grep -i tomcat >>> > >>> > >>> > Doesn't look like an httpd was installed as a dependancy? >>> >>> I find this very hard to believe given that it go so far as to configure >>> things in Apache, restart it, etc. What version of [free]ipa-server is >>> installed? How did you install it and from what repo? >>> >>> rob >>> >>> > >>> > >>> > >>> > >>> > >>> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com >>> > <mailto:mba...@redhat.com>> wrote: >>> > >>> > That's weird, it should be super fast, anything in >>> > /var/log/httpd/error_log? >>> > >>> > >>> > On 11.05.2017 22:23, Robert L. Harris wrote: >>> >> >>> >> Odd, must have clicked reply instead of reply-all. >>> >> >>> >> Anyway, I did the revert and re-install. Actual install went >>> >> through fine then the "ipa-server-install" ran until this: >>> >> >>> >> [8/9]: restoring configuration >>> >> [9/9]: starting directory server >>> >> Done. >>> >> Restarting the directory server >>> >> Restarting the KDC >>> >> Please add records in this file to your DNS system: >>> >> /tmp/ipa.system.records.v5Jwrt.db >>> >> Restarting the web server >>> >> Configuring client side components >>> >> Using existing certificate '/etc/ipa/ca.crt'. >>> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net> >>> >> Realm: RDLG.NET <http://RDLG.NET> >>> >> DNS Domain: rdlg.net <http://rdlg.net> >>> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net> >>> >> BaseDN: dc=rdlg,dc=net >>> >> >>> >> Skipping synchronizing time with NTP server. >>> >> New SSSD config will be created >>> >> Configured sudoers in /etc/nsswitch.conf >>> >> Configured /etc/sssd/sssd.conf >>> >> trying https://ipa.rdlg.net/ipa/json >>> >> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json >>> ' >>> >> >>> >> >>> >> It's been sitting there for a while ( 4 hours? ) I don't see >>> >> anyting in the ipaserver-install.log, but it's here: >>> >> https://pastebin.com/biK1Dmv7 >>> >> >>> >> >>> >> >>> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com >>> >> <mailto:mba...@redhat.com>> wrote: >>> >> >>> >> Please keep freeipa-users in CC >>> >> >>> >> Snapshot is always better, so I suggest to use it. Otherwise >>> >> there is an option --ignore-last-of-role to unblock >>> >> uninstallation. >>> >> >>> >> Martin >>> >> >>> >> >>> >> On 11.05.2017 16:00, Robert L. Harris wrote: >>> >>> >>> >>> Looks like you hit it, apache didn't have a group: >>> >>> >>> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu >>> >>> 2017-05-11 07:48:27 MDT. -- >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> systemd[1]: Starting The Apache HTTP Server... >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC proxy >>> >>> enabled >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> httpd[28809]: AH00544: httpd: bad group name apache >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> systemd[1]: httpd.service: main process exited, code=exited, >>> >>> status=1/FAILURE >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> kill[28812]: kill: cannot find process "" >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> systemd[1]: httpd.service: control process exited, >>> >>> code=exited status=1 >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> systemd[1]: Failed to start The Apache HTTP Server. >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> systemd[1]: Unit httpd.service entered failed state. >>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>> >>> systemd[1]: httpd.service failed. >>> >>> >>> >>> Thanks, didn't know that command. I tried to continue the >>> >>> process: >>> >>> >>> >>> {0}:/root>ipa-server-install >>> >>> >>> >>> The log file for this installation can be found in >>> >>> /var/log/ipaserver-install.log >>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR IPA >>> >>> server is already configured on this system. >>> >>> If you want to reinstall the IPA server, please uninstall it >>> >>> first using 'ipa-server-install --uninstall'. >>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR The >>> >>> ipa-server-install command failed. See >>> >>> /var/log/ipaserver-install.log for more information >>> >>> >>> >>> root@ipa >>> >>> {1}:/root>ipa-server-install --uninstall >>> >>> >>> >>> This is a NON REVERSIBLE operation and will delete all data >>> >>> and configuration! >>> >>> >>> >>> Are you sure you want to continue with the uninstall >>> >>> procedure? [no]: yes >>> >>> ipa : ERROR Server removal aborted: Deleting this >>> >>> server is not allowed as it would leave your installation >>> >>> without a CA.. >>> >>> >>> >>> >>> >>> >>> >>> This is a VM and I took a snapshot right before I started the >>> >>> install, so I can revert, just make sure ti add the apache >>> >>> user before starting the install. Or if you have a better >>> >>> command to continue the clean-up/install..... >>> >>> >>> >>> >>> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti >>> >>> <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: >>> >>> >>> >>> Hello, >>> >>> >>> >>> comments inline >>> >>> >>> >>> >>> >>> On 11.05.2017 06:06, Robert L. Harris wrote: >>> >>>> >>> >>>> Sigh... Sorry, it's been a long day, I thought I put >>> >>>> that log in the first pastebin. It's in this one: >>> >>>> https://pastebin.com/18PAXXNS >>> >>> >>> >>> Could you please provide journalctl -u httpd and >>> >>> /var/log/httpd/error_log ? >>> >>> >>> >>> >>> >>> >>> >>>> >>> >>>> Also, >>> >>>> Anyone else get the constant spam when mailing this >>> >>>> list? Got an address to block for it? >>> >>> >>> >>> Sorry for that, there is a bot mining public archives. We >>> >>> plan to resolve this issue but it may take time as we are >>> >>> not maintaining our mailman. >>> >>> >>> >>> Martin >>> >>> >>> >>> >>> >>>> >>> >>>> Robert >>> >>>> >>> >>>> >>> >>>> >>> >>>> >>> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman >>> >>>> <data...@gmail.com <mailto:data...@gmail.com>> wrote: >>> >>>> >>> >>>> Robert, did you look in >>> >>>> /var/log/ipaserver-install.log as it says? >>> >>>> >>> >>>> Was there any other information? >>> >>>> >>> >>>> cheers >>> >>>> L. >>> >>>> >>> >>>> ------ >>> >>>> "Mission Statement: To provide hope and inspiration >>> >>>> for collective action, to build collective power, to >>> >>>> achieve collective transformation, rooted in grief >>> >>>> and rage but pointed towards vision and dreams." >>> >>>> >>> >>>> - Patrice Cullors, /Black Lives Matter founder/ >>> >>>> >>> >>>> On 11 May 2017 at 13:24, Robert L. Harris >>> >>>> <robert.l.har...@gmail.com >>> >>>> <mailto:robert.l.har...@gmail.com>> wrote: >>> >>>> >>> >>>> Ok, I gave up on Ubuntu. I'm now trying the >>> >>>> latest CentOS7. I built out a "minimal server" >>> >>>> with some normal base packages which did include >>> >>>> the freeipa-client but otherwise, just standard >>> >>>> tools. Here's a pastebin of the output of the >>> >>>> install: https://pastebin.com/zAWCgkUU >>> >>>> >>> >>>> Robert >>> >>>> >>> >>>> >>> >>>> -- >>> >>>> Manage your subscription for the Freeipa-users >>> >>>> mailing list: >>> >>>> >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>>> Go to http://freeipa.org for more info on the >>> >>>> project >>> >>>> >>> >>>> >>> >>>> -- >>> >>>> Manage your subscription for the Freeipa-users >>> >>>> mailing list: >>> >>>> >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>>> Go to http://freeipa.org for more info on the >>> project >>> >>>> >>> >>>> >>> >>>> >>> >>> >>> >>> -- >>> >>> Martin Bašti >>> >>> Software Engineer >>> >>> Red Hat Czech >>> >>> >>> >> >>> >> -- >>> >> Martin Bašti >>> >> Software Engineer >>> >> Red Hat Czech >>> >> >>> > >>> > -- >>> > Martin Bašti >>> > Software Engineer >>> > Red Hat Czech >>> > >>> > >>> > >>> >>> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project