I can, though that's what I did 2 days ago, fresh install from latest ISO.
On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > I have a feeling that there is something broken with your image. Could you > try installing Centos from ISO? > > > On 16 May 2017 at 22:37, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >> I left SELinux enabled, no change, still streaming the same error: >> >> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize >> failed. Certificate database: /etc/httpd/alias. >> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error: >> -8038 SEC_ERROR_NOT_INITIALIZED >> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS >> database exist? >> >> >> >> On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com> >> wrote: >> >>> Yea, I would try installing IPA then making the changes that you want. I >>> think SELinux should be left enabled however. It makes admin super fun! :) >>> >>> >>> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com> >>> wrote: >>> >>>> >>>> I did disable selinux as it gave errors setting up my standard users, >>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable >>>> selinux and then try again. >>>> >>>> >>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com> >>>> wrote: >>>> >>>>> This is pretty weird. FreeIPA installation normally works. >>>>> >>>>> Has the operating system image been changed or optimised somehow? >>>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from >>>>> the ISO? >>>>> >>>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com> >>>>> wrote: >>>>> >>>>>> >>>>>> 2 Gigs, it's a VM. The VM didn't report any memory issues ( no >>>>>> alarms on VMWare ) >>>>>> >>>>>> >>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway < >>>>>> andrew.hol...@gmail.com> wrote: >>>>>> >>>>>>> Hallo, >>>>>>> >>>>>>> How much memory do you have on the machine. I have a sneaking >>>>>>> suspicion that you're running out. >>>>>>> >>>>>>> Ta, >>>>>>> >>>>>>> Andrew >>>>>>> >>>>>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com >>>>>>> > wrote: >>>>>>> >>>>>>>> >>>>>>>> Last night I rolled back my snapshot. Here's what I have after the >>>>>>>> yum install >>>>>>>> >>>>>>>> "minimal" install of Centos7 + basic build. >>>>>>>> {0}:/var/log>cat /etc/*elease >>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>> NAME="CentOS Linux" >>>>>>>> VERSION="7 (Core)" >>>>>>>> ID="centos" >>>>>>>> ID_LIKE="rhel fedora" >>>>>>>> VERSION_ID="7" >>>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)" >>>>>>>> ANSI_COLOR="0;31" >>>>>>>> CPE_NAME="cpe:/o:centos:centos:7" >>>>>>>> HOME_URL="https://www.centos.org/" >>>>>>>> BUG_REPORT_URL="https://bugs.centos.org/" >>>>>>>> >>>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7" >>>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7" >>>>>>>> REDHAT_SUPPORT_PRODUCT="centos" >>>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7" >>>>>>>> >>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>> >>>>>>>> >>>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >>>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >>>>>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >>>>>>>> ipa-common-4.4.0-14.el7.centos.7.noarch >>>>>>>> perl-HTTP-Tiny-0.033-3.el7.noarch >>>>>>>> python-iniparse-0.4-9.el7.noarch >>>>>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch >>>>>>>> pam_krb5-2.4.8-6.el7.x86_64 >>>>>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >>>>>>>> python-ipaddress-1.0.16-2.el7.noarch >>>>>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch >>>>>>>> krb5-libs-1.14.1-27.el7_3.x86_64 >>>>>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>>>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>>>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >>>>>>>> krb5-workstation-1.14.1-27.el7_3.x86_64 >>>>>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64 >>>>>>>> >>>>>>>> Tried to pull an exact client. The "yum install ipa-server" went >>>>>>>> fine: >>>>>>>> >>>>>>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server >>>>>>>> ipa-server-4.4.0-14.el7.centos.7.x86_64 >>>>>>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch >>>>>>>> >>>>>>>> >>>>>>>> "ipa-server-install" ran clean but has been stuck for 2 days: >>>>>>>> >>>>>>>> Restarting the directory server >>>>>>>> Restarting the KDC >>>>>>>> Please add records in this file to your DNS system: >>>>>>>> /tmp/ipa.system.records.qLsLyx.db >>>>>>>> Restarting the web server >>>>>>>> Configuring client side components >>>>>>>> Using existing certificate '/etc/ipa/ca.crt'. >>>>>>>> Client hostname: ipa.rdlg.net >>>>>>>> Realm: RDLG.NET >>>>>>>> DNS Domain: rdlg.net >>>>>>>> IPA Server: ipa.rdlg.net >>>>>>>> BaseDN: dc=rdlg,dc=net >>>>>>>> >>>>>>>> Skipping synchronizing time with NTP server. >>>>>>>> New SSSD config will be created >>>>>>>> Configured sudoers in /etc/nsswitch.conf >>>>>>>> Configured /etc/sssd/sssd.conf >>>>>>>> trying https://ipa.rdlg.net/ipa/json >>>>>>>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >>>>>>>> >>>>>>>> Checking the /var/log/httpd/error.log has 2 days of just this: >>>>>>>> >>>>>>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] >>>>>>>> NSS_Initialize failed. Certificate database: /etc/httpd/alias. >>>>>>>> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library >>>>>>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED >>>>>>>> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS >>>>>>>> database exist? >>>>>>>> >>>>>>>> >>>>>>>> Robert >>>>>>>> >>>>>>>> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden < >>>>>>>> rcrit...@redhat.com> wrote: >>>>>>>> >>>>>>>>> Robert L. Harris wrote: >>>>>>>>> > >>>>>>>>> > Hmmm >>>>>>>>> > >>>>>>>>> > {0}:/var/log>ls >>>>>>>>> > anaconda btmp dmesg grubby maillog ppp >>>>>>>>> secure >>>>>>>>> > tallylog wtmp >>>>>>>>> > audit cron dmesg.old grubby_prune_debug messages rhsm >>>>>>>>> spooler >>>>>>>>> > tuned yum.log >>>>>>>>> > boot.log cups firewalld lastlog ntpstats samba >>>>>>>>> sssd >>>>>>>>> > vmware-vmsvc.log >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > root@ipa >>>>>>>>> > {1}:/var/log>rpm -q -l http >>>>>>>>> > package http is not installed >>>>>>>>> > >>>>>>>>> > root@ipa >>>>>>>>> > {1}:/var/log>rpm -q -a | grep -i http >>>>>>>>> > perl-HTTP-Tiny-0.033-3.el7.noarch >>>>>>>>> > >>>>>>>>> > root@ipa >>>>>>>>> > {0}:/var/log>rpm -q -a | grep -i tomcat >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > Doesn't look like an httpd was installed as a dependancy? >>>>>>>>> >>>>>>>>> I find this very hard to believe given that it go so far as to >>>>>>>>> configure >>>>>>>>> things in Apache, restart it, etc. What version of >>>>>>>>> [free]ipa-server is >>>>>>>>> installed? How did you install it and from what repo? >>>>>>>>> >>>>>>>>> rob >>>>>>>>> >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com >>>>>>>>> > <mailto:mba...@redhat.com>> wrote: >>>>>>>>> > >>>>>>>>> > That's weird, it should be super fast, anything in >>>>>>>>> > /var/log/httpd/error_log? >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > On 11.05.2017 22:23, Robert L. Harris wrote: >>>>>>>>> >> >>>>>>>>> >> Odd, must have clicked reply instead of reply-all. >>>>>>>>> >> >>>>>>>>> >> Anyway, I did the revert and re-install. Actual install >>>>>>>>> went >>>>>>>>> >> through fine then the "ipa-server-install" ran until this: >>>>>>>>> >> >>>>>>>>> >> [8/9]: restoring configuration >>>>>>>>> >> [9/9]: starting directory server >>>>>>>>> >> Done. >>>>>>>>> >> Restarting the directory server >>>>>>>>> >> Restarting the KDC >>>>>>>>> >> Please add records in this file to your DNS system: >>>>>>>>> >> /tmp/ipa.system.records.v5Jwrt.db >>>>>>>>> >> Restarting the web server >>>>>>>>> >> Configuring client side components >>>>>>>>> >> Using existing certificate '/etc/ipa/ca.crt'. >>>>>>>>> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >> Realm: RDLG.NET <http://RDLG.NET> >>>>>>>>> >> DNS Domain: rdlg.net <http://rdlg.net> >>>>>>>>> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >> BaseDN: dc=rdlg,dc=net >>>>>>>>> >> >>>>>>>>> >> Skipping synchronizing time with NTP server. >>>>>>>>> >> New SSSD config will be created >>>>>>>>> >> Configured sudoers in /etc/nsswitch.conf >>>>>>>>> >> Configured /etc/sssd/sssd.conf >>>>>>>>> >> trying https://ipa.rdlg.net/ipa/json >>>>>>>>> >> Forwarding 'schema' to json server ' >>>>>>>>> https://ipa.rdlg.net/ipa/json' >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> It's been sitting there for a while ( 4 hours? ) I don't >>>>>>>>> see >>>>>>>>> >> anyting in the ipaserver-install.log, but it's here: >>>>>>>>> >> https://pastebin.com/biK1Dmv7 >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti < >>>>>>>>> mba...@redhat.com >>>>>>>>> >> <mailto:mba...@redhat.com>> wrote: >>>>>>>>> >> >>>>>>>>> >> Please keep freeipa-users in CC >>>>>>>>> >> >>>>>>>>> >> Snapshot is always better, so I suggest to use it. >>>>>>>>> Otherwise >>>>>>>>> >> there is an option --ignore-last-of-role to unblock >>>>>>>>> >> uninstallation. >>>>>>>>> >> >>>>>>>>> >> Martin >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> On 11.05.2017 16:00, Robert L. Harris wrote: >>>>>>>>> >>> >>>>>>>>> >>> Looks like you hit it, apache didn't have a group: >>>>>>>>> >>> >>>>>>>>> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at >>>>>>>>> Thu >>>>>>>>> >>> 2017-05-11 07:48:27 MDT. -- >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> systemd[1]: Starting The Apache HTTP Server... >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC >>>>>>>>> proxy >>>>>>>>> >>> enabled >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> httpd[28809]: AH00544: httpd: bad group name apache >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> systemd[1]: httpd.service: main process exited, >>>>>>>>> code=exited, >>>>>>>>> >>> status=1/FAILURE >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> kill[28812]: kill: cannot find process "" >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> systemd[1]: httpd.service: control process exited, >>>>>>>>> >>> code=exited status=1 >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> systemd[1]: Failed to start The Apache HTTP Server. >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> systemd[1]: Unit httpd.service entered failed state. >>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>>> >>> systemd[1]: httpd.service failed. >>>>>>>>> >>> >>>>>>>>> >>> Thanks, didn't know that command. I tried to continue >>>>>>>>> the >>>>>>>>> >>> process: >>>>>>>>> >>> >>>>>>>>> >>> {0}:/root>ipa-server-install >>>>>>>>> >>> >>>>>>>>> >>> The log file for this installation can be found in >>>>>>>>> >>> /var/log/ipaserver-install.log >>>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR >>>>>>>>> IPA >>>>>>>>> >>> server is already configured on this system. >>>>>>>>> >>> If you want to reinstall the IPA server, please >>>>>>>>> uninstall it >>>>>>>>> >>> first using 'ipa-server-install --uninstall'. >>>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR >>>>>>>>> The >>>>>>>>> >>> ipa-server-install command failed. See >>>>>>>>> >>> /var/log/ipaserver-install.log for more information >>>>>>>>> >>> >>>>>>>>> >>> root@ipa >>>>>>>>> >>> {1}:/root>ipa-server-install --uninstall >>>>>>>>> >>> >>>>>>>>> >>> This is a NON REVERSIBLE operation and will delete all >>>>>>>>> data >>>>>>>>> >>> and configuration! >>>>>>>>> >>> >>>>>>>>> >>> Are you sure you want to continue with the uninstall >>>>>>>>> >>> procedure? [no]: yes >>>>>>>>> >>> ipa : ERROR Server removal aborted: >>>>>>>>> Deleting this >>>>>>>>> >>> server is not allowed as it would leave your >>>>>>>>> installation >>>>>>>>> >>> without a CA.. >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>> This is a VM and I took a snapshot right before I >>>>>>>>> started the >>>>>>>>> >>> install, so I can revert, just make sure ti add the >>>>>>>>> apache >>>>>>>>> >>> user before starting the install. Or if you have a >>>>>>>>> better >>>>>>>>> >>> command to continue the clean-up/install..... >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti >>>>>>>>> >>> <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: >>>>>>>>> >>> >>>>>>>>> >>> Hello, >>>>>>>>> >>> >>>>>>>>> >>> comments inline >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>> On 11.05.2017 06:06, Robert L. Harris wrote: >>>>>>>>> >>>> >>>>>>>>> >>>> Sigh... Sorry, it's been a long day, I thought I >>>>>>>>> put >>>>>>>>> >>>> that log in the first pastebin. It's in this one: >>>>>>>>> >>>> https://pastebin.com/18PAXXNS >>>>>>>>> >>> >>>>>>>>> >>> Could you please provide journalctl -u httpd and >>>>>>>>> >>> /var/log/httpd/error_log ? >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>>> >>>>>>>>> >>>> Also, >>>>>>>>> >>>> Anyone else get the constant spam when mailing >>>>>>>>> this >>>>>>>>> >>>> list? Got an address to block for it? >>>>>>>>> >>> >>>>>>>>> >>> Sorry for that, there is a bot mining public >>>>>>>>> archives. We >>>>>>>>> >>> plan to resolve this issue but it may take time as >>>>>>>>> we are >>>>>>>>> >>> not maintaining our mailman. >>>>>>>>> >>> >>>>>>>>> >>> Martin >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>>> >>>>>>>>> >>>> Robert >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman >>>>>>>>> >>>> <data...@gmail.com <mailto:data...@gmail.com>> >>>>>>>>> wrote: >>>>>>>>> >>>> >>>>>>>>> >>>> Robert, did you look in >>>>>>>>> >>>> /var/log/ipaserver-install.log as it says? >>>>>>>>> >>>> >>>>>>>>> >>>> Was there any other information? >>>>>>>>> >>>> >>>>>>>>> >>>> cheers >>>>>>>>> >>>> L. >>>>>>>>> >>>> >>>>>>>>> >>>> ------ >>>>>>>>> >>>> "Mission Statement: To provide hope and >>>>>>>>> inspiration >>>>>>>>> >>>> for collective action, to build collective >>>>>>>>> power, to >>>>>>>>> >>>> achieve collective transformation, rooted in >>>>>>>>> grief >>>>>>>>> >>>> and rage but pointed towards vision and >>>>>>>>> dreams." >>>>>>>>> >>>> >>>>>>>>> >>>> - Patrice Cullors, /Black Lives Matter >>>>>>>>> founder/ >>>>>>>>> >>>> >>>>>>>>> >>>> On 11 May 2017 at 13:24, Robert L. Harris >>>>>>>>> >>>> <robert.l.har...@gmail.com >>>>>>>>> >>>> <mailto:robert.l.har...@gmail.com>> wrote: >>>>>>>>> >>>> >>>>>>>>> >>>> Ok, I gave up on Ubuntu. I'm now trying >>>>>>>>> the >>>>>>>>> >>>> latest CentOS7. I built out a "minimal >>>>>>>>> server" >>>>>>>>> >>>> with some normal base packages which did >>>>>>>>> include >>>>>>>>> >>>> the freeipa-client but otherwise, just >>>>>>>>> standard >>>>>>>>> >>>> tools. Here's a pastebin of the output >>>>>>>>> of the >>>>>>>>> >>>> install: https://pastebin.com/zAWCgkUU >>>>>>>>> >>>> >>>>>>>>> >>>> Robert >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> -- >>>>>>>>> >>>> Manage your subscription for the >>>>>>>>> Freeipa-users >>>>>>>>> >>>> mailing list: >>>>>>>>> >>>> >>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>>>> >>>> Go to http://freeipa.org for more info >>>>>>>>> on the >>>>>>>>> >>>> project >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> -- >>>>>>>>> >>>> Manage your subscription for the Freeipa-users >>>>>>>>> >>>> mailing list: >>>>>>>>> >>>> >>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>>>> >>>> Go to http://freeipa.org for more info on >>>>>>>>> the project >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>> >>>>>>>>> >>> -- >>>>>>>>> >>> Martin Bašti >>>>>>>>> >>> Software Engineer >>>>>>>>> >>> Red Hat Czech >>>>>>>>> >>> >>>>>>>>> >> >>>>>>>>> >> -- >>>>>>>>> >> Martin Bašti >>>>>>>>> >> Software Engineer >>>>>>>>> >> Red Hat Czech >>>>>>>>> >> >>>>>>>>> > >>>>>>>>> > -- >>>>>>>>> > Martin Bašti >>>>>>>>> > Software Engineer >>>>>>>>> > Red Hat Czech >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>>> Manage your subscription for the Freeipa-users mailing list: >>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>>> Go to http://freeipa.org for more info on the project >>>>>>>> >>>>>>> >>>>>>> >>>>> >>> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project