I did disable selinux as it gave errors setting up my standard users, etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable selinux and then try again.
On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > This is pretty weird. FreeIPA installation normally works. > > Has the operating system image been changed or optimised somehow? Perhaps > SELinux has been disabled? Have you tried installing Centos7 from the ISO? > > On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >> 2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms >> on VMWare ) >> >> >> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com> >> wrote: >> >>> Hallo, >>> >>> How much memory do you have on the machine. I have a sneaking suspicion >>> that you're running out. >>> >>> Ta, >>> >>> Andrew >>> >>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> >>> wrote: >>> >>>> >>>> Last night I rolled back my snapshot. Here's what I have after the yum >>>> install >>>> >>>> "minimal" install of Centos7 + basic build. >>>> {0}:/var/log>cat /etc/*elease >>>> CentOS Linux release 7.3.1611 (Core) >>>> NAME="CentOS Linux" >>>> VERSION="7 (Core)" >>>> ID="centos" >>>> ID_LIKE="rhel fedora" >>>> VERSION_ID="7" >>>> PRETTY_NAME="CentOS Linux 7 (Core)" >>>> ANSI_COLOR="0;31" >>>> CPE_NAME="cpe:/o:centos:centos:7" >>>> HOME_URL="https://www.centos.org/" >>>> BUG_REPORT_URL="https://bugs.centos.org/" >>>> >>>> CENTOS_MANTISBT_PROJECT="CentOS-7" >>>> CENTOS_MANTISBT_PROJECT_VERSION="7" >>>> REDHAT_SUPPORT_PRODUCT="centos" >>>> REDHAT_SUPPORT_PRODUCT_VERSION="7" >>>> >>>> CentOS Linux release 7.3.1611 (Core) >>>> CentOS Linux release 7.3.1611 (Core) >>>> >>>> >>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >>>> ipa-common-4.4.0-14.el7.centos.7.noarch >>>> perl-HTTP-Tiny-0.033-3.el7.noarch >>>> python-iniparse-0.4-9.el7.noarch >>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch >>>> pam_krb5-2.4.8-6.el7.x86_64 >>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >>>> python-ipaddress-1.0.16-2.el7.noarch >>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch >>>> krb5-libs-1.14.1-27.el7_3.x86_64 >>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >>>> krb5-workstation-1.14.1-27.el7_3.x86_64 >>>> ipa-client-4.4.0-14.el7.centos.7.x86_64 >>>> >>>> Tried to pull an exact client. The "yum install ipa-server" went fine: >>>> >>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server >>>> ipa-server-4.4.0-14.el7.centos.7.x86_64 >>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch >>>> >>>> >>>> "ipa-server-install" ran clean but has been stuck for 2 days: >>>> >>>> Restarting the directory server >>>> Restarting the KDC >>>> Please add records in this file to your DNS system: >>>> /tmp/ipa.system.records.qLsLyx.db >>>> Restarting the web server >>>> Configuring client side components >>>> Using existing certificate '/etc/ipa/ca.crt'. >>>> Client hostname: ipa.rdlg.net >>>> Realm: RDLG.NET >>>> DNS Domain: rdlg.net >>>> IPA Server: ipa.rdlg.net >>>> BaseDN: dc=rdlg,dc=net >>>> >>>> Skipping synchronizing time with NTP server. >>>> New SSSD config will be created >>>> Configured sudoers in /etc/nsswitch.conf >>>> Configured /etc/sssd/sssd.conf >>>> trying https://ipa.rdlg.net/ipa/json >>>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >>>> >>>> Checking the /var/log/httpd/error.log has 2 days of just this: >>>> >>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize >>>> failed. Certificate database: /etc/httpd/alias. >>>> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library >>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED >>>> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS >>>> database exist? >>>> >>>> >>>> Robert >>>> >>>> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> >>>> wrote: >>>> >>>>> Robert L. Harris wrote: >>>>> > >>>>> > Hmmm >>>>> > >>>>> > {0}:/var/log>ls >>>>> > anaconda btmp dmesg grubby maillog ppp >>>>> secure >>>>> > tallylog wtmp >>>>> > audit cron dmesg.old grubby_prune_debug messages rhsm >>>>> spooler >>>>> > tuned yum.log >>>>> > boot.log cups firewalld lastlog ntpstats samba sssd >>>>> > vmware-vmsvc.log >>>>> > >>>>> > >>>>> > root@ipa >>>>> > {1}:/var/log>rpm -q -l http >>>>> > package http is not installed >>>>> > >>>>> > root@ipa >>>>> > {1}:/var/log>rpm -q -a | grep -i http >>>>> > perl-HTTP-Tiny-0.033-3.el7.noarch >>>>> > >>>>> > root@ipa >>>>> > {0}:/var/log>rpm -q -a | grep -i tomcat >>>>> > >>>>> > >>>>> > Doesn't look like an httpd was installed as a dependancy? >>>>> >>>>> I find this very hard to believe given that it go so far as to >>>>> configure >>>>> things in Apache, restart it, etc. What version of [free]ipa-server is >>>>> installed? How did you install it and from what repo? >>>>> >>>>> rob >>>>> >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com >>>>> > <mailto:mba...@redhat.com>> wrote: >>>>> > >>>>> > That's weird, it should be super fast, anything in >>>>> > /var/log/httpd/error_log? >>>>> > >>>>> > >>>>> > On 11.05.2017 22:23, Robert L. Harris wrote: >>>>> >> >>>>> >> Odd, must have clicked reply instead of reply-all. >>>>> >> >>>>> >> Anyway, I did the revert and re-install. Actual install went >>>>> >> through fine then the "ipa-server-install" ran until this: >>>>> >> >>>>> >> [8/9]: restoring configuration >>>>> >> [9/9]: starting directory server >>>>> >> Done. >>>>> >> Restarting the directory server >>>>> >> Restarting the KDC >>>>> >> Please add records in this file to your DNS system: >>>>> >> /tmp/ipa.system.records.v5Jwrt.db >>>>> >> Restarting the web server >>>>> >> Configuring client side components >>>>> >> Using existing certificate '/etc/ipa/ca.crt'. >>>>> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >> Realm: RDLG.NET <http://RDLG.NET> >>>>> >> DNS Domain: rdlg.net <http://rdlg.net> >>>>> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >> BaseDN: dc=rdlg,dc=net >>>>> >> >>>>> >> Skipping synchronizing time with NTP server. >>>>> >> New SSSD config will be created >>>>> >> Configured sudoers in /etc/nsswitch.conf >>>>> >> Configured /etc/sssd/sssd.conf >>>>> >> trying https://ipa.rdlg.net/ipa/json >>>>> >> Forwarding 'schema' to json server ' >>>>> https://ipa.rdlg.net/ipa/json' >>>>> >> >>>>> >> >>>>> >> It's been sitting there for a while ( 4 hours? ) I don't see >>>>> >> anyting in the ipaserver-install.log, but it's here: >>>>> >> https://pastebin.com/biK1Dmv7 >>>>> >> >>>>> >> >>>>> >> >>>>> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com >>>>> >> <mailto:mba...@redhat.com>> wrote: >>>>> >> >>>>> >> Please keep freeipa-users in CC >>>>> >> >>>>> >> Snapshot is always better, so I suggest to use it. Otherwise >>>>> >> there is an option --ignore-last-of-role to unblock >>>>> >> uninstallation. >>>>> >> >>>>> >> Martin >>>>> >> >>>>> >> >>>>> >> On 11.05.2017 16:00, Robert L. Harris wrote: >>>>> >>> >>>>> >>> Looks like you hit it, apache didn't have a group: >>>>> >>> >>>>> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu >>>>> >>> 2017-05-11 07:48:27 MDT. -- >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> systemd[1]: Starting The Apache HTTP Server... >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC proxy >>>>> >>> enabled >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> httpd[28809]: AH00544: httpd: bad group name apache >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> systemd[1]: httpd.service: main process exited, >>>>> code=exited, >>>>> >>> status=1/FAILURE >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> kill[28812]: kill: cannot find process "" >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> systemd[1]: httpd.service: control process exited, >>>>> >>> code=exited status=1 >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> systemd[1]: Failed to start The Apache HTTP Server. >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> systemd[1]: Unit httpd.service entered failed state. >>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>> >>> systemd[1]: httpd.service failed. >>>>> >>> >>>>> >>> Thanks, didn't know that command. I tried to continue the >>>>> >>> process: >>>>> >>> >>>>> >>> {0}:/root>ipa-server-install >>>>> >>> >>>>> >>> The log file for this installation can be found in >>>>> >>> /var/log/ipaserver-install.log >>>>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR >>>>> IPA >>>>> >>> server is already configured on this system. >>>>> >>> If you want to reinstall the IPA server, please uninstall >>>>> it >>>>> >>> first using 'ipa-server-install --uninstall'. >>>>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR >>>>> The >>>>> >>> ipa-server-install command failed. See >>>>> >>> /var/log/ipaserver-install.log for more information >>>>> >>> >>>>> >>> root@ipa >>>>> >>> {1}:/root>ipa-server-install --uninstall >>>>> >>> >>>>> >>> This is a NON REVERSIBLE operation and will delete all data >>>>> >>> and configuration! >>>>> >>> >>>>> >>> Are you sure you want to continue with the uninstall >>>>> >>> procedure? [no]: yes >>>>> >>> ipa : ERROR Server removal aborted: Deleting >>>>> this >>>>> >>> server is not allowed as it would leave your installation >>>>> >>> without a CA.. >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> This is a VM and I took a snapshot right before I started >>>>> the >>>>> >>> install, so I can revert, just make sure ti add the apache >>>>> >>> user before starting the install. Or if you have a better >>>>> >>> command to continue the clean-up/install..... >>>>> >>> >>>>> >>> >>>>> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti >>>>> >>> <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: >>>>> >>> >>>>> >>> Hello, >>>>> >>> >>>>> >>> comments inline >>>>> >>> >>>>> >>> >>>>> >>> On 11.05.2017 06:06, Robert L. Harris wrote: >>>>> >>>> >>>>> >>>> Sigh... Sorry, it's been a long day, I thought I put >>>>> >>>> that log in the first pastebin. It's in this one: >>>>> >>>> https://pastebin.com/18PAXXNS >>>>> >>> >>>>> >>> Could you please provide journalctl -u httpd and >>>>> >>> /var/log/httpd/error_log ? >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>>> >>>>> >>>> Also, >>>>> >>>> Anyone else get the constant spam when mailing this >>>>> >>>> list? Got an address to block for it? >>>>> >>> >>>>> >>> Sorry for that, there is a bot mining public archives. >>>>> We >>>>> >>> plan to resolve this issue but it may take time as we >>>>> are >>>>> >>> not maintaining our mailman. >>>>> >>> >>>>> >>> Martin >>>>> >>> >>>>> >>> >>>>> >>>> >>>>> >>>> Robert >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman >>>>> >>>> <data...@gmail.com <mailto:data...@gmail.com>> wrote: >>>>> >>>> >>>>> >>>> Robert, did you look in >>>>> >>>> /var/log/ipaserver-install.log as it says? >>>>> >>>> >>>>> >>>> Was there any other information? >>>>> >>>> >>>>> >>>> cheers >>>>> >>>> L. >>>>> >>>> >>>>> >>>> ------ >>>>> >>>> "Mission Statement: To provide hope and >>>>> inspiration >>>>> >>>> for collective action, to build collective power, >>>>> to >>>>> >>>> achieve collective transformation, rooted in grief >>>>> >>>> and rage but pointed towards vision and dreams." >>>>> >>>> >>>>> >>>> - Patrice Cullors, /Black Lives Matter founder/ >>>>> >>>> >>>>> >>>> On 11 May 2017 at 13:24, Robert L. Harris >>>>> >>>> <robert.l.har...@gmail.com >>>>> >>>> <mailto:robert.l.har...@gmail.com>> wrote: >>>>> >>>> >>>>> >>>> Ok, I gave up on Ubuntu. I'm now trying the >>>>> >>>> latest CentOS7. I built out a "minimal >>>>> server" >>>>> >>>> with some normal base packages which did >>>>> include >>>>> >>>> the freeipa-client but otherwise, just >>>>> standard >>>>> >>>> tools. Here's a pastebin of the output of the >>>>> >>>> install: https://pastebin.com/zAWCgkUU >>>>> >>>> >>>>> >>>> Robert >>>>> >>>> >>>>> >>>> >>>>> >>>> -- >>>>> >>>> Manage your subscription for the Freeipa-users >>>>> >>>> mailing list: >>>>> >>>> >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>> Go to http://freeipa.org for more info on the >>>>> >>>> project >>>>> >>>> >>>>> >>>> >>>>> >>>> -- >>>>> >>>> Manage your subscription for the Freeipa-users >>>>> >>>> mailing list: >>>>> >>>> >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>> Go to http://freeipa.org for more info on the >>>>> project >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>> >>>>> >>> -- >>>>> >>> Martin Bašti >>>>> >>> Software Engineer >>>>> >>> Red Hat Czech >>>>> >>> >>>>> >> >>>>> >> -- >>>>> >> Martin Bašti >>>>> >> Software Engineer >>>>> >> Red Hat Czech >>>>> >> >>>>> > >>>>> > -- >>>>> > Martin Bašti >>>>> > Software Engineer >>>>> > Red Hat Czech >>>>> > >>>>> > >>>>> > >>>>> >>>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>> >>> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project