Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Ok, I reverted to a completely fresh install, literally just after the
first reboot. It installed cleanly. So there's something in a package
upgrade that's breaking things. I may try to figure it out later.
On Tue, May 16, 2017 at 3:08 PM Dagan McGregor <l...@sudo.nz> wrote:
> On 17 May 2017 8:50:02 AM NZST, "Robert L. Harris" <
> robert.l.har...@gmail.com> wrote:
>>
>> I can, though that's what I did 2 days ago, fresh install from latest
>> ISO.
>>
>>
>> On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.hol...@gmail.com>
>> wrote:
>>
>>> I have a feeling that there is something broken with your image. Could
>>> you try installing Centos from ISO?
>>>
>>>
>>> On 16 May 2017 at 22:37, Robert L. Harris <robert.l.har...@gmail.com>
>>> wrote:
>>>
>>>>
>>>> I left SELinux enabled, no change, still streaming the same error:
>>>>
>>>> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize
>>>> failed. Certificate database: /etc/httpd/alias.
>>>> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library
>>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED
>>>> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS
>>>> database exist?
>>>>
>>>>
>>>>
>>>> On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com>
>>>> wrote:
>>>>
>>>>> Yea, I would try installing IPA then making the changes that you want.
>>>>> I think SELinux should be left enabled however. It makes admin super fun!
>>>>> :)
>>>>>
>>>>>
>>>>> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> I did disable selinux as it gave errors setting up my standard users,
>>>>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable
>>>>>> selinux and then try again.
>>>>>>
>>>>>>
>>>>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <
>>>>>> andrew.hol...@gmail.com> wrote:
>>>>>>
>>>>>>> This is pretty weird. FreeIPA installation normally works.
>>>>>>>
>>>>>>> Has the operating system image been changed or optimised somehow?
>>>>>>> Perhaps SELinux has been disabled? Have you tried installing Centos7
>>>>>>> from
>>>>>>> the ISO?
>>>>>>>
>>>>>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no
>>>>>>>> alarms on VMWare )
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <
>>>>>>>> andrew.hol...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hallo,
>>>>>>>>>
>>>>>>>>> How much memory do you have on the machine. I have a sneaking
>>>>>>>>> suspicion that you're running out.
>>>>>>>>>
>>>>>>>>> Ta,
>>>>>>>>>
>>>>>>>>> Andrew
>>>>>>>>>
>>>>>>>>> On 16 May 2017 at 17:16, Robert L. Harris <
>>>>>>>>> robert.l.har...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Last night I rolled back my snapshot. Here's what I have after
>>>>>>>>>> the yum install
>>>>>>>>>>
>>>>>>>>>> "minimal" install of Centos7 + basic build.
>>>>>>>>>> {0}:/var/log>cat /etc/*elease
>>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>>> NAME="CentOS Linux"
>>>>>>>>>> VERSION="7 (Core)"
>>>>>>>>>> ID="centos"
>>>>>>>>>> ID_LIKE="rhel fedora"
>>>>>>>>>> VERSION_ID
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
I can, though that's what I did 2 days ago, fresh install from latest ISO.
On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.hol...@gmail.com>
wrote:
> I have a feeling that there is something broken with your image. Could you
> try installing Centos from ISO?
>
>
> On 16 May 2017 at 22:37, Robert L. Harris <robert.l.har...@gmail.com>
> wrote:
>
>>
>> I left SELinux enabled, no change, still streaming the same error:
>>
>> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize
>> failed. Certificate database: /etc/httpd/alias.
>> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error:
>> -8038 SEC_ERROR_NOT_INITIALIZED
>> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS
>> database exist?
>>
>>
>>
>> On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com>
>> wrote:
>>
>>> Yea, I would try installing IPA then making the changes that you want. I
>>> think SELinux should be left enabled however. It makes admin super fun! :)
>>>
>>>
>>> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com>
>>> wrote:
>>>
>>>>
>>>> I did disable selinux as it gave errors setting up my standard users,
>>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable
>>>> selinux and then try again.
>>>>
>>>>
>>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com>
>>>> wrote:
>>>>
>>>>> This is pretty weird. FreeIPA installation normally works.
>>>>>
>>>>> Has the operating system image been changed or optimised somehow?
>>>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from
>>>>> the ISO?
>>>>>
>>>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no
>>>>>> alarms on VMWare )
>>>>>>
>>>>>>
>>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <
>>>>>> andrew.hol...@gmail.com> wrote:
>>>>>>
>>>>>>> Hallo,
>>>>>>>
>>>>>>> How much memory do you have on the machine. I have a sneaking
>>>>>>> suspicion that you're running out.
>>>>>>>
>>>>>>> Ta,
>>>>>>>
>>>>>>> Andrew
>>>>>>>
>>>>>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Last night I rolled back my snapshot. Here's what I have after the
>>>>>>>> yum install
>>>>>>>>
>>>>>>>> "minimal" install of Centos7 + basic build.
>>>>>>>> {0}:/var/log>cat /etc/*elease
>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>> NAME="CentOS Linux"
>>>>>>>> VERSION="7 (Core)"
>>>>>>>> ID="centos"
>>>>>>>> ID_LIKE="rhel fedora"
>>>>>>>> VERSION_ID="7"
>>>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)"
>>>>>>>> ANSI_COLOR="0;31"
>>>>>>>> CPE_NAME="cpe:/o:centos:centos:7"
>>>>>>>> HOME_URL="https://www.centos.org/;
>>>>>>>> BUG_REPORT_URL="https://bugs.centos.org/;
>>>>>>>>
>>>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>>>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>>>>>>>> REDHAT_SUPPORT_PRODUCT="centos"
>>>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>>>>>>>
>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>
>>>>>>>>
>>>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
>>>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
>>>>>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
I left SELinux enabled, no change, still streaming the same error:
[Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize
failed. Certificate database: /etc/httpd/alias.
[Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error:
-8038 SEC_ERROR_NOT_INITIALIZED
[Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS
database exist?
On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com>
wrote:
> Yea, I would try installing IPA then making the changes that you want. I
> think SELinux should be left enabled however. It makes admin super fun! :)
>
>
> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com>
> wrote:
>
>>
>> I did disable selinux as it gave errors setting up my standard users,
>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable
>> selinux and then try again.
>>
>>
>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com>
>> wrote:
>>
>>> This is pretty weird. FreeIPA installation normally works.
>>>
>>> Has the operating system image been changed or optimised somehow?
>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from
>>> the ISO?
>>>
>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com>
>>> wrote:
>>>
>>>>
>>>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no
>>>> alarms on VMWare )
>>>>
>>>>
>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hallo,
>>>>>
>>>>> How much memory do you have on the machine. I have a sneaking
>>>>> suspicion that you're running out.
>>>>>
>>>>> Ta,
>>>>>
>>>>> Andrew
>>>>>
>>>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> Last night I rolled back my snapshot. Here's what I have after the
>>>>>> yum install
>>>>>>
>>>>>> "minimal" install of Centos7 + basic build.
>>>>>> {0}:/var/log>cat /etc/*elease
>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>> NAME="CentOS Linux"
>>>>>> VERSION="7 (Core)"
>>>>>> ID="centos"
>>>>>> ID_LIKE="rhel fedora"
>>>>>> VERSION_ID="7"
>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)"
>>>>>> ANSI_COLOR="0;31"
>>>>>> CPE_NAME="cpe:/o:centos:centos:7"
>>>>>> HOME_URL="https://www.centos.org/;
>>>>>> BUG_REPORT_URL="https://bugs.centos.org/;
>>>>>>
>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>>>>>> REDHAT_SUPPORT_PRODUCT="centos"
>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>>>>>
>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>
>>>>>>
>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
>>>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch
>>>>>> ipa-common-4.4.0-14.el7.centos.7.noarch
>>>>>> perl-HTTP-Tiny-0.033-3.el7.noarch
>>>>>> python-iniparse-0.4-9.el7.noarch
>>>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch
>>>>>> pam_krb5-2.4.8-6.el7.x86_64
>>>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64
>>>>>> python-ipaddress-1.0.16-2.el7.noarch
>>>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch
>>>>>> krb5-libs-1.14.1-27.el7_3.x86_64
>>>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64
>>>>>> krb5-workstation-1.14.1-27.el7_3.x86_64
>>>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64
>>>>>>
>>>>>> Tried to pull an exact client. The "yum install ipa-server" went
>>>>>> fine:
>>>>>>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
I did disable selinux as it gave errors setting up my standard users, etc.
I can roll back the snapshot, set it at 4Gigs of RAM and re-enable selinux
and then try again.
On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com>
wrote:
> This is pretty weird. FreeIPA installation normally works.
>
> Has the operating system image been changed or optimised somehow? Perhaps
> SELinux has been disabled? Have you tried installing Centos7 from the ISO?
>
> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com>
> wrote:
>
>>
>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms
>> on VMWare )
>>
>>
>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com>
>> wrote:
>>
>>> Hallo,
>>>
>>> How much memory do you have on the machine. I have a sneaking suspicion
>>> that you're running out.
>>>
>>> Ta,
>>>
>>> Andrew
>>>
>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com>
>>> wrote:
>>>
>>>>
>>>> Last night I rolled back my snapshot. Here's what I have after the yum
>>>> install
>>>>
>>>> "minimal" install of Centos7 + basic build.
>>>> {0}:/var/log>cat /etc/*elease
>>>> CentOS Linux release 7.3.1611 (Core)
>>>> NAME="CentOS Linux"
>>>> VERSION="7 (Core)"
>>>> ID="centos"
>>>> ID_LIKE="rhel fedora"
>>>> VERSION_ID="7"
>>>> PRETTY_NAME="CentOS Linux 7 (Core)"
>>>> ANSI_COLOR="0;31"
>>>> CPE_NAME="cpe:/o:centos:centos:7"
>>>> HOME_URL="https://www.centos.org/;
>>>> BUG_REPORT_URL="https://bugs.centos.org/;
>>>>
>>>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>>>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>>>> REDHAT_SUPPORT_PRODUCT="centos"
>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>>>
>>>> CentOS Linux release 7.3.1611 (Core)
>>>> CentOS Linux release 7.3.1611 (Core)
>>>>
>>>>
>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch
>>>> ipa-common-4.4.0-14.el7.centos.7.noarch
>>>> perl-HTTP-Tiny-0.033-3.el7.noarch
>>>> python-iniparse-0.4-9.el7.noarch
>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch
>>>> pam_krb5-2.4.8-6.el7.x86_64
>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64
>>>> python-ipaddress-1.0.16-2.el7.noarch
>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch
>>>> krb5-libs-1.14.1-27.el7_3.x86_64
>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64
>>>> krb5-workstation-1.14.1-27.el7_3.x86_64
>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64
>>>>
>>>> Tried to pull an exact client. The "yum install ipa-server" went fine:
>>>>
>>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server
>>>> ipa-server-4.4.0-14.el7.centos.7.x86_64
>>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch
>>>>
>>>>
>>>> "ipa-server-install" ran clean but has been stuck for 2 days:
>>>>
>>>> Restarting the directory server
>>>> Restarting the KDC
>>>> Please add records in this file to your DNS system:
>>>> /tmp/ipa.system.records.qLsLyx.db
>>>> Restarting the web server
>>>> Configuring client side components
>>>> Using existing certificate '/etc/ipa/ca.crt'.
>>>> Client hostname: ipa.rdlg.net
>>>> Realm: RDLG.NET
>>>> DNS Domain: rdlg.net
>>>> IPA Server: ipa.rdlg.net
>>>> BaseDN: dc=rdlg,dc=net
>>>>
>>>> Skipping synchronizing time with NTP server.
>>>> New SSSD config will be created
>>>> Configured sudoers in /etc/nsswitch.conf
>>>> Configured /etc/sssd/sssd.conf
>>>> trying https://ipa.rdlg.net/ipa/json
>>>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
>>>>
>>>> Checking the /var/log/httpd/error.log has 2 days of just this:
>>>>
>>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms
on VMWare )
On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com>
wrote:
> Hallo,
>
> How much memory do you have on the machine. I have a sneaking suspicion
> that you're running out.
>
> Ta,
>
> Andrew
>
> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com>
> wrote:
>
>>
>> Last night I rolled back my snapshot. Here's what I have after the yum
>> install
>>
>> "minimal" install of Centos7 + basic build.
>> {0}:/var/log>cat /etc/*elease
>> CentOS Linux release 7.3.1611 (Core)
>> NAME="CentOS Linux"
>> VERSION="7 (Core)"
>> ID="centos"
>> ID_LIKE="rhel fedora"
>> VERSION_ID="7"
>> PRETTY_NAME="CentOS Linux 7 (Core)"
>> ANSI_COLOR="0;31"
>> CPE_NAME="cpe:/o:centos:centos:7"
>> HOME_URL="https://www.centos.org/;
>> BUG_REPORT_URL="https://bugs.centos.org/;
>>
>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>> REDHAT_SUPPORT_PRODUCT="centos"
>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>
>> CentOS Linux release 7.3.1611 (Core)
>> CentOS Linux release 7.3.1611 (Core)
>>
>>
>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch
>> ipa-common-4.4.0-14.el7.centos.7.noarch
>> perl-HTTP-Tiny-0.033-3.el7.noarch
>> python-iniparse-0.4-9.el7.noarch
>> ipa-client-common-4.4.0-14.el7.centos.7.noarch
>> pam_krb5-2.4.8-6.el7.x86_64
>> sssd-krb5-1.14.0-43.el7_3.14.x86_64
>> python-ipaddress-1.0.16-2.el7.noarch
>> python2-ipalib-4.4.0-14.el7.centos.7.noarch
>> krb5-libs-1.14.1-27.el7_3.x86_64
>> libipa_hbac-1.14.0-43.el7_3.14.x86_64
>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64
>> sssd-ipa-1.14.0-43.el7_3.14.x86_64
>> krb5-workstation-1.14.1-27.el7_3.x86_64
>> ipa-client-4.4.0-14.el7.centos.7.x86_64
>>
>> Tried to pull an exact client. The "yum install ipa-server" went fine:
>>
>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server
>> ipa-server-4.4.0-14.el7.centos.7.x86_64
>> ipa-server-common-4.4.0-14.el7.centos.7.noarch
>>
>>
>> "ipa-server-install" ran clean but has been stuck for 2 days:
>>
>> Restarting the directory server
>> Restarting the KDC
>> Please add records in this file to your DNS system:
>> /tmp/ipa.system.records.qLsLyx.db
>> Restarting the web server
>> Configuring client side components
>> Using existing certificate '/etc/ipa/ca.crt'.
>> Client hostname: ipa.rdlg.net
>> Realm: RDLG.NET
>> DNS Domain: rdlg.net
>> IPA Server: ipa.rdlg.net
>> BaseDN: dc=rdlg,dc=net
>>
>> Skipping synchronizing time with NTP server.
>> New SSSD config will be created
>> Configured sudoers in /etc/nsswitch.conf
>> Configured /etc/sssd/sssd.conf
>> trying https://ipa.rdlg.net/ipa/json
>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
>>
>> Checking the /var/log/httpd/error.log has 2 days of just this:
>>
>> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize
>> failed. Certificate database: /etc/httpd/alias.
>> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error:
>> -8038 SEC_ERROR_NOT_INITIALIZED
>> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS
>> database exist?
>>
>>
>> Robert
>>
>> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com>
>> wrote:
>>
>>> Robert L. Harris wrote:
>>> >
>>> > Hmmm
>>> >
>>> > {0}:/var/log>ls
>>> > anaconda btmp dmesg grubby maillog pppsecure
>>> > tallylog wtmp
>>> > audit cron dmesg.old grubby_prune_debug messages rhsm spooler
>>> > tuned yum.log
>>> > boot.log cups firewalld lastlog ntpstats samba sssd
>>> > vmware-vmsvc.log
>>> >
>>> >
>>> > root@ipa
>>> > {1}:/var/log>rpm -q -l http
>>> > package http is not installed
>>> >
>>> > root@ipa
>>> > {1}:/var/log>rpm -q -a | grep -i http
>>> > perl-HTTP-Tiny-0.033-3.el7.noarch
>>> >
>>> > root@ipa
>>> > {0}:/var/log>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Last night I rolled back my snapshot. Here's what I have after the yum
install
"minimal" install of Centos7 + basic build.
{0}:/var/log>cat /etc/*elease
CentOS Linux release 7.3.1611 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/;
BUG_REPORT_URL="https://bugs.centos.org/;
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.3.1611 (Core)
CentOS Linux release 7.3.1611 (Core)
{0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
python2-ipaclient-4.4.0-14.el7.centos.7.noarch
ipa-common-4.4.0-14.el7.centos.7.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
python-iniparse-0.4-9.el7.noarch
ipa-client-common-4.4.0-14.el7.centos.7.noarch
pam_krb5-2.4.8-6.el7.x86_64
sssd-krb5-1.14.0-43.el7_3.14.x86_64
python-ipaddress-1.0.16-2.el7.noarch
python2-ipalib-4.4.0-14.el7.centos.7.noarch
krb5-libs-1.14.1-27.el7_3.x86_64
libipa_hbac-1.14.0-43.el7_3.14.x86_64
python-libipa_hbac-1.14.0-43.el7_3.14.x86_64
sssd-ipa-1.14.0-43.el7_3.14.x86_64
krb5-workstation-1.14.1-27.el7_3.x86_64
ipa-client-4.4.0-14.el7.centos.7.x86_64
Tried to pull an exact client. The "yum install ipa-server" went fine:
{0}:/var/log/httpd>rpm -a -q | grep -i ipa-server
ipa-server-4.4.0-14.el7.centos.7.x86_64
ipa-server-common-4.4.0-14.el7.centos.7.noarch
"ipa-server-install" ran clean but has been stuck for 2 days:
Restarting the directory server
Restarting the KDC
Please add records in this file to your DNS system:
/tmp/ipa.system.records.qLsLyx.db
Restarting the web server
Configuring client side components
Using existing certificate '/etc/ipa/ca.crt'.
Client hostname: ipa.rdlg.net
Realm: RDLG.NET
DNS Domain: rdlg.net
IPA Server: ipa.rdlg.net
BaseDN: dc=rdlg,dc=net
Skipping synchronizing time with NTP server.
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://ipa.rdlg.net/ipa/json
Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
Checking the /var/log/httpd/error.log has 2 days of just this:
[Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize
failed. Certificate database: /etc/httpd/alias.
[Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error:
-8038 SEC_ERROR_NOT_INITIALIZED
[Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS database
exist?
Robert
On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> wrote:
> Robert L. Harris wrote:
> >
> > Hmmm
> >
> > {0}:/var/log>ls
> > anaconda btmp dmesg grubby maillog pppsecure
> > tallylog wtmp
> > audit cron dmesg.old grubby_prune_debug messages rhsm spooler
> > tuned yum.log
> > boot.log cups firewalld lastlog ntpstats samba sssd
> > vmware-vmsvc.log
> >
> >
> > root@ipa
> > {1}:/var/log>rpm -q -l http
> > package http is not installed
> >
> > root@ipa
> > {1}:/var/log>rpm -q -a | grep -i http
> > perl-HTTP-Tiny-0.033-3.el7.noarch
> >
> > root@ipa
> > {0}:/var/log>rpm -q -a | grep -i tomcat
> >
> >
> > Doesn't look like an httpd was installed as a dependancy?
>
> I find this very hard to believe given that it go so far as to configure
> things in Apache, restart it, etc. What version of [free]ipa-server is
> installed? How did you install it and from what repo?
>
> rob
>
> >
> >
> >
> >
> >
> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com
> > <mailto:mba...@redhat.com>> wrote:
> >
> > That's weird, it should be super fast, anything in
> > /var/log/httpd/error_log?
> >
> >
> > On 11.05.2017 22:23, Robert L. Harris wrote:
> >>
> >> Odd, must have clicked reply instead of reply-all.
> >>
> >> Anyway, I did the revert and re-install. Actual install went
> >> through fine then the "ipa-server-install" ran until this:
> >>
> >> [8/9]: restoring configuration
> >> [9/9]: starting directory server
> >> Done.
> >> Restarting the directory server
> >> Restarting the KDC
> >> Please add records in this file to your DNS system:
> >> /tmp/ipa.system.records.v5Jwrt.db
> >> Restarting the web server
> >>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Hmmm
{0}:/var/log>ls
anaconda btmp dmesg grubby maillog pppsecure
tallylog wtmp
audit cron dmesg.old grubby_prune_debug messages rhsm spooler
tuned yum.log
boot.log cups firewalld lastlog ntpstats samba sssd
vmware-vmsvc.log
root@ipa
{1}:/var/log>rpm -q -l http
package http is not installed
root@ipa
{1}:/var/log>rpm -q -a | grep -i http
perl-HTTP-Tiny-0.033-3.el7.noarch
root@ipa
{0}:/var/log>rpm -q -a | grep -i tomcat
Doesn't look like an httpd was installed as a dependancy?
On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com> wrote:
> That's weird, it should be super fast, anything in
> /var/log/httpd/error_log?
>
> On 11.05.2017 22:23, Robert L. Harris wrote:
>
>
> Odd, must have clicked reply instead of reply-all.
>
> Anyway, I did the revert and re-install. Actual install went through fine
> then the "ipa-server-install" ran until this:
>
> [8/9]: restoring configuration
> [9/9]: starting directory server
> Done.
> Restarting the directory server
> Restarting the KDC
> Please add records in this file to your DNS system:
> /tmp/ipa.system.records.v5Jwrt.db
> Restarting the web server
> Configuring client side components
> Using existing certificate '/etc/ipa/ca.crt'.
> Client hostname: ipa.rdlg.net
> Realm: RDLG.NET
> DNS Domain: rdlg.net
> IPA Server: ipa.rdlg.net
> BaseDN: dc=rdlg,dc=net
>
> Skipping synchronizing time with NTP server.
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> trying https://ipa.rdlg.net/ipa/json
> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
>
>
> It's been sitting there for a while ( 4 hours? ) I don't see anyting in
> the ipaserver-install.log, but it's here: https://pastebin.com/biK1Dmv7
>
>
>
> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com> wrote:
>
>> Please keep freeipa-users in CC
>>
>> Snapshot is always better, so I suggest to use it. Otherwise there is an
>> option --ignore-last-of-role to unblock uninstallation.
>>
>> Martin
>>
>> On 11.05.2017 16:00, Robert L. Harris wrote:
>>
>>
>> Looks like you hit it, apache didn't have a group:
>>
>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu 2017-05-11
>> 07:48:27 MDT. --
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: Starting The Apache HTTP
>> Server...
>> May 10 20:36:00 ipa.rdlg.net ipa-httpd-kdcproxy[28808]: ipa :
>> INFO KDC proxy enabled
>> May 10 20:36:00 ipa.rdlg.net httpd[28809]: AH00544: httpd: bad group
>> name apache
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: main process
>> exited, code=exited, status=1/FAILURE
>> May 10 20:36:00 ipa.rdlg.net kill[28812]: kill: cannot find process ""
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: control process
>> exited, code=exited status=1
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: Failed to start The Apache HTTP
>> Server.
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: Unit httpd.service entered
>> failed state.
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service failed.
>>
>> Thanks, didn't know that command. I tried to continue the process:
>>
>> {0}:/root>ipa-server-install
>>
>> The log file for this installation can be found in
>> /var/log/ipaserver-install.log
>> ipa.ipapython.install.cli.install_tool(Server): ERRORIPA server is
>> already configured on this system.
>> If you want to reinstall the IPA server, please uninstall it first using
>> 'ipa-server-install --uninstall'.
>> ipa.ipapython.install.cli.install_tool(Server): ERRORThe
>> ipa-server-install command failed. See /var/log/ipaserver-install.log for
>> more information
>>
>> root@ipa
>> {1}:/root>ipa-server-install --uninstall
>>
>> This is a NON REVERSIBLE operation and will delete all data and
>> configuration!
>>
>> Are you sure you want to continue with the uninstall procedure? [no]: yes
>> ipa : ERRORServer removal aborted: Deleting this server is
>> not allowed as it would leave your installation without a CA..
>>
>>
>>
>> This is a VM and I took a snapshot right before I started the install, so
>> I can revert, just make sure ti add the apache user before starting the
>> install. Or if you have a better command to continue the
>> clean-up/install.
>>
>>
>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mba...@redhat.com> wrote:
>>
>>> H
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Odd, must have clicked reply instead of reply-all.
Anyway, I did the revert and re-install. Actual install went through fine
then the "ipa-server-install" ran until this:
[8/9]: restoring configuration
[9/9]: starting directory server
Done.
Restarting the directory server
Restarting the KDC
Please add records in this file to your DNS system:
/tmp/ipa.system.records.v5Jwrt.db
Restarting the web server
Configuring client side components
Using existing certificate '/etc/ipa/ca.crt'.
Client hostname: ipa.rdlg.net
Realm: RDLG.NET
DNS Domain: rdlg.net
IPA Server: ipa.rdlg.net
BaseDN: dc=rdlg,dc=net
Skipping synchronizing time with NTP server.
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://ipa.rdlg.net/ipa/json
Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
It's been sitting there for a while ( 4 hours? ) I don't see anyting in
the ipaserver-install.log, but it's here: https://pastebin.com/biK1Dmv7
On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com> wrote:
> Please keep freeipa-users in CC
>
> Snapshot is always better, so I suggest to use it. Otherwise there is an
> option --ignore-last-of-role to unblock uninstallation.
>
> Martin
>
> On 11.05.2017 16:00, Robert L. Harris wrote:
>
>
> Looks like you hit it, apache didn't have a group:
>
> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu 2017-05-11
> 07:48:27 MDT. --
> May 10 20:36:00 ipa.rdlg.net systemd[1]: Starting The Apache HTTP
> Server...
> May 10 20:36:00 ipa.rdlg.net ipa-httpd-kdcproxy[28808]: ipa :
> INFO KDC proxy enabled
> May 10 20:36:00 ipa.rdlg.net httpd[28809]: AH00544: httpd: bad group name
> apache
> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: main process
> exited, code=exited, status=1/FAILURE
> May 10 20:36:00 ipa.rdlg.net kill[28812]: kill: cannot find process ""
> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: control process
> exited, code=exited status=1
> May 10 20:36:00 ipa.rdlg.net systemd[1]: Failed to start The Apache HTTP
> Server.
> May 10 20:36:00 ipa.rdlg.net systemd[1]: Unit httpd.service entered
> failed state.
> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service failed.
>
> Thanks, didn't know that command. I tried to continue the process:
>
> {0}:/root>ipa-server-install
>
> The log file for this installation can be found in
> /var/log/ipaserver-install.log
> ipa.ipapython.install.cli.install_tool(Server): ERRORIPA server is
> already configured on this system.
> If you want to reinstall the IPA server, please uninstall it first using
> 'ipa-server-install --uninstall'.
> ipa.ipapython.install.cli.install_tool(Server): ERRORThe
> ipa-server-install command failed. See /var/log/ipaserver-install.log for
> more information
>
> root@ipa
> {1}:/root>ipa-server-install --uninstall
>
> This is a NON REVERSIBLE operation and will delete all data and
> configuration!
>
> Are you sure you want to continue with the uninstall procedure? [no]: yes
> ipa : ERRORServer removal aborted: Deleting this server is not
> allowed as it would leave your installation without a CA..
>
>
>
> This is a VM and I took a snapshot right before I started the install, so
> I can revert, just make sure ti add the apache user before starting the
> install. Or if you have a better command to continue the
> clean-up/install.
>
>
> On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mba...@redhat.com> wrote:
>
>> Hello,
>>
>> comments inline
>>
>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>
>>
>> Sigh... Sorry, it's been a long day, I thought I put that log in the
>> first pastebin. It's in this one: https://pastebin.com/18PAXXNS
>>
>>
>> Could you please provide journalctl -u httpd and /var/log/httpd/error_log
>> ?
>>
>>
>>
>>
>> Also,
>>Anyone else get the constant spam when mailing this list? Got an
>> address to block for it?
>>
>>
>> Sorry for that, there is a bot mining public archives. We plan to resolve
>> this issue but it may take time as we are not maintaining our mailman.
>>
>> Martin
>>
>>
>>
>> Robert
>>
>>
>>
>>
>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman <data...@gmail.com>
>> wrote:
>>
>>> Robert, did you look in /var/log/ipaserver-install.log as it says?
>>>
>>> Was there any other information?
>>>
>>> cheers
>>> L.
>>>
>>> --
>>> "Mission Statement: To provide hope and inspiration for collective
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Sigh... Sorry, it's been a long day, I thought I put that log in the first pastebin. It's in this one: https://pastebin.com/18PAXXNS Also, Anyone else get the constant spam when mailing this list? Got an address to block for it? Robert On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman <data...@gmail.com> wrote: > Robert, did you look in /var/log/ipaserver-install.log as it says? > > Was there any other information? > > cheers > L. > > -- > "Mission Statement: To provide hope and inspiration for collective action, > to build collective power, to achieve collective transformation, rooted in > grief and rage but pointed towards vision and dreams." > > - Patrice Cullors, *Black Lives Matter founder* > > On 11 May 2017 at 13:24, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> Ok, I gave up on Ubuntu. I'm now trying the latest CentOS7. I built >> out a "minimal server" with some normal base packages which did include the >> freeipa-client but otherwise, just standard tools. Here's a pastebin of >> the output of the install: https://pastebin.com/zAWCgkUU >> >> Robert >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Ok, I gave up on Ubuntu. I'm now trying the latest CentOS7. I built out a "minimal server" with some normal base packages which did include the freeipa-client but otherwise, just standard tools. Here's a pastebin of the output of the install: https://pastebin.com/zAWCgkUU Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Installing on Ubuntu 16.04
Gave up on freeipa and Ubuntu 17.10. Re-installed with 16.04 and some base packages which does include freeipa-client. When I do an apt-get install on freeipa-server it runs along happily until I find this: . ... Setting up pki-server (10.2.6+git20160317-1) ... Job for pki-tomcatd.service failed because the control process exited with error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe" for details. invoke-rc.d: initscript pki-tomcatd, action "start" failed. * pki-tomcatd.service - LSB: Start pki-tomcatd at boot time Loaded: loaded (/etc/init.d/pki-tomcatd; bad; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2017-04-30 20:38:29 MDT; 3ms ago Docs: man:systemd-sysv-generator(8) Process: 9645 ExecStart=/etc/init.d/pki-tomcatd start (code=exited, status=5) Apr 30 20:38:29 ipa systemd[1]: Starting LSB: Start pki-tomcatd at boot time... Apr 30 20:38:29 ipa pki-tomcatd[9645]: ERROR: No 'tomcat' instances installed! ... because no CA instance has been configured yet. pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it. pki-tomcatd.target is a disabled or a static unit, not starting it. Setting up pki-ca (10.2.6+git20160317-1) ... ... . I have been googling but can't find a relevant fix that resolves this. Any ideas? Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] "Purge" scripts?
"apt-get remove --purge " or "dpkg -P " should remove all files. One a previous build I tried the --uninstall and got an error. Right now I'm trying the PPA and 17.04 and getting a KRB error. On Thu, Apr 27, 2017 at 9:06 AM Rob Crittenden <rcrit...@redhat.com> wrote: > Martin Bašti wrote: > > > > > > On 26.04.2017 20:07, Robert L. Harris wrote: > >> So twice now I've tried installing freeipa on an Ubuntu 16.04 > >> system. Both times I've gotten an error and followed the instructions > >> to "fix it" and they didn't work so I removed files ( with purge ), > >> cleaned up everything I could find related to freeipa, sssd and kerb > >> but trying to run it again gives either a different error or the same > >> error with a different process output indicating it's not 100% clean. > >> > >>Is there a known list of paths, packages or files to make sure are > >> un-installed or wiped out to make the system 100% clean? Preferably > >> for Ubuntu. > >> > >> Robert > >> > >> > >> > > > > Hello, could you be more specific about the errors? > > I think it is a misunderstanding. Removing the packages doesn't undo the > configuration. I think he needs to reinstall the packages and run > ipa-server-install --uninstall (though the ipa-upgrade post-install > command may blow up on reinstall). > > rob > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] "Purge" scripts?
It changes each time it seems. In a minute I'm going to do a completely virgin install under a "script" session for Ubuntu 16.04 and 17.04 with and with the PPAs then upload the scripts to pastebin so they can be looked at. Robert On Thu, Apr 27, 2017 at 9:01 AM Martin Bašti <mba...@redhat.com> wrote: > > > On 26.04.2017 20:07, Robert L. Harris wrote: > > So twice now I've tried installing freeipa on an Ubuntu 16.04 system. > Both times I've gotten an error and followed the instructions to "fix it" > and they didn't work so I removed files ( with purge ), cleaned up > everything I could find related to freeipa, sssd and kerb but trying to run > it again gives either a different error or the same error with a different > process output indicating it's not 100% clean. > >Is there a known list of paths, packages or files to make sure are > un-installed or wiped out to make the system 100% clean? Preferably for > Ubuntu. > > Robert > > > > > Hello, could you be more specific about the errors? > > > Martin > > -- > Martin Bašti > Software Engineer > Red Hat Czech > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] "Purge" scripts?
So twice now I've tried installing freeipa on an Ubuntu 16.04 system. Both times I've gotten an error and followed the instructions to "fix it" and they didn't work so I removed files ( with purge ), cleaned up everything I could find related to freeipa, sssd and kerb but trying to run it again gives either a different error or the same error with a different process output indicating it's not 100% clean. Is there a known list of paths, packages or files to make sure are un-installed or wiped out to make the system 100% clean? Preferably for Ubuntu. Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] New server install failing
I'm trying to install freeipa-server on an ubuntu 16.04 box, fresh
install, but it keeps failing:
{0}:/etc/apt>lsb_release -r
Release:16.04
{0}:/etc/apt>dpkg -l | egrep -i 'slapd|ipa'
ii python-ipaddress 1.0.16-1
all Backport of Python 3 ipaddress module (Python 2)
I added the apt repository:
{0}:/etc/apt> sudo add-apt-repository ppa:freeipa/ppa
* This worked, it's far up in my history
{0}:/etc/apt>apt-get install freeipa-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer
required:
libodbc1 libslp1
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
freeipa-admintools freeipa-client freeipa-server-dns
Suggested packages:
libpam-krb5
The following NEW packages will be installed:
freeipa-admintools freeipa-client freeipa-server freeipa-server-dns
0 upgraded, 4 newly installed, 0 to remove and 6 not upgraded.
Need to get 0 B/853 kB of archives.
After this operation, 3669 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Selecting previously unselected package freeipa-client.
(Reading database ... 161356 files and directories currently installed.)
Preparing to unpack .../freeipa-client_4.3.1-0ubuntu1_amd64.deb ...
Unpacking freeipa-client (4.3.1-0ubuntu1) ...
Selecting previously unselected package freeipa-admintools.
Preparing to unpack .../freeipa-admintools_4.3.1-0ubuntu1_all.deb ...
Unpacking freeipa-admintools (4.3.1-0ubuntu1) ...
Selecting previously unselected package freeipa-server.
Preparing to unpack .../freeipa-server_4.3.1-0ubuntu1_amd64.deb ...
Unpacking freeipa-server (4.3.1-0ubuntu1) ...
Selecting previously unselected package freeipa-server-dns.
Preparing to unpack .../freeipa-server-dns_4.3.1-0ubuntu1_all.deb ...
Unpacking freeipa-server-dns (4.3.1-0ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for dbus (1.10.6-1ubuntu3.3) ...
Setting up freeipa-client (4.3.1-0ubuntu1) ...
Setting up freeipa-admintools (4.3.1-0ubuntu1) ...
Setting up freeipa-server (4.3.1-0ubuntu1) ...
apache2_invoke: Enable module auth_gssapi
apache2_invoke: Enable module authz_user
apache2_invoke: Enable module deflate
apache2_invoke: Enable module expires
apache2_invoke: Enable module headers
apache2_invoke: Enable module proxy
apache2_invoke: Enable module proxy_ajp
apache2_invoke: Enable module proxy_http
apache2_invoke: Enable module rewrite
Running ipa-server-upgrade...
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
*IOError: [Errno 2] No such file or directory:
u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif.modified.out'*
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more
information
dpkg: error processing package freeipa-server (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of freeipa-server-dns:
freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however:
Package freeipa-server is not configured yet.
dpkg: error processing package freeipa-server-dns (--configure):
dependency problems - leaving unconfigured
Processing triggers for dbus (1.10.6-1ubuntu3.3) ...No apport report
written because the error message indicates its a followup error from a
previous failure.
Errors were encountered while processing:
freeipa-server
freeipa-server-dns
E: Sub-process /usr/bin/dpkg returned an error code (1)
If I search around, that slapd-EXAMPLE-COM directoryand file can be created
by installing slapd but that requires 389-ds-base which conflicts with
slapd.
Thoughts?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing on Ubuntu
Ok, I removed the files in that directory, manually removed 389-ds-base, cleaned up the user/group and some left over directories and all installed/configured correctly. -R On Tue, Feb 21, 2017 at 1:03 PM Timo Aaltonen <tjaal...@ubuntu.com> wrote: > On 21.02.2017 17:33, Robert L. Harris wrote: > > This was a clean install of Ubuntu. If I install freeipa-server I get > > the error from the original email. If I do a "apt install > > freeipa-server" I do see it will install python-ipaserver. When I let > > it run it downloads and everything and starts setting everything up. I > > get this: > > > > Processing triggers for ureadahead (0.100.0-19) ... > > Errors were encountered while processing: > > 389-ds-base > > freeipa-server > > freeipa-server-dns > > E: Sub-process /usr/bin/dpkg returned an error code (1) > > And I installed it on a clean chroot and the packages installed fine > without issues. Note that the pki-server spam is expected and not an error. > > > If I run the python command you gave me at this point I get this: > > > > python2 -c 'from ipaserver.install import installutils; print "yes" if > > installutils.is_ipa_configured() else "no";' > > yes > > This means that you have some files around which a clean install should > not have. Check the contents of /var/lib/ipa/sysrestore. > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing on Ubuntu
This was a clean install of Ubuntu. If I install freeipa-server I get the error from the original email. If I do a "apt install freeipa-server" I do see it will install python-ipaserver. When I let it run it downloads and everything and starts setting everything up. I get this: Setting up tomcat7-user (7.0.68-1ubuntu0.1) ... Setting up velocity (1.7-4) ... Setting up pki-server (10.2.6+git20160317-1) ... Job for pki-tomcatd.service failed because the control process exited with error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe" for details. invoke-rc.d: initscript pki-tomcatd, action "start" failed. ... because no CA instance has been configured yet. pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it. pki-tomcatd.target is a disabled or a static unit, not starting it. Setting up pki-ca (10.2.6+git20160317-1) ... Setting up pki-kra (10.2.6+git20160317-1) ... . It continues til I get this: . Setting up opendnssec (1:1.4.9-2) ... dpkg: dependency problems prevent configuration of freeipa-server-dns: freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however: Package freeipa-server is not configured yet. dpkg: error processing package freeipa-server-dns (--configure): dependency problems - leaving unconfigured No apport report written because the error message indicates its a followup error from a previous failure. Setting up libverto-libevent1:amd64 (0.2.4-2.1ubuntu2) ... Setting up libverto1:amd64 (0.2.4-2.1ubuntu2) ... . Continues a bit longer til: . Processing triggers for ureadahead (0.100.0-19) ... Errors were encountered while processing: 389-ds-base freeipa-server freeipa-server-dns E: Sub-process /usr/bin/dpkg returned an error code (1) If I run the python command you gave me at this point I get this: python2 -c 'from ipaserver.install import installutils; print "yes" if installutils.is_ipa_configured() else "no";' yes On Tue, Feb 21, 2017 at 1:38 AM Timo Aaltonen <tjaal...@ubuntu.com> wrote: > On 20.02.2017 22:26, Robert L. Harris wrote: > > > > python2 -c 'from ipaserver.install import installutils; print "yes" if > > installutils.is_ipa_configured() else "no";' > > Traceback (most recent call last): > > File "", line 1, in > > ImportError: No module named ipaserver.install > > Then how did you manage to get it installed.. freeipa-server depends on > python-ipaserver so you should have it available :) > > > -- > t > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing on Ubuntu
python2 -c 'from ipaserver.install import installutils; print "yes" if installutils.is_ipa_configured() else "no";' Traceback (most recent call last): File "", line 1, in ImportError: No module named ipaserver.install On Fri, Feb 17, 2017 at 10:33 PM Timo Aaltonen <tjaal...@ubuntu.com> wrote: > On 18.02.2017 03:24, Robert L. Harris wrote: > > > >I have an Ubuntu 16.04 test system which is currently clean. I'm > > trying to install freeipa-server via apt and I'm getting an error about > > files missing : > > > > Setting up freeipa-server (4.3.1-0ubuntu1) ... > > Running ipa-server-upgrade... > > IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run > > command ipa-server-upgrade manually. > > Unexpected error - see /var/log/ipaupgrade.log for details: > > IOError: [Errno 2] No such file or directory: > > u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif' > > The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for > > more information > > dpkg: error processing package freeipa-server (--configure): > > subprocess installed post-installation script returned error exit > status 1 > > dpkg: dependency problems prevent configuration of freeipa-server-dns: > > freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); > however: > > Package freeipa-server is not configured yet. > > It shouldn't run ipa-server-upgrade on a clean install. What does: > python2 -c 'from ipaserver.install import installutils; print "yes" if > installutils.is_ipa_configured() else "no";' > > return? > > > -- > t > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Installing on Ubuntu
I have an Ubuntu 16.04 test system which is currently clean. I'm trying to install freeipa-server via apt and I'm getting an error about files missing : Setting up freeipa-server (4.3.1-0ubuntu1) ... Running ipa-server-upgrade... IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: IOError: [Errno 2] No such file or directory: u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif' The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information dpkg: error processing package freeipa-server (--configure): subprocess installed post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of freeipa-server-dns: freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however: Package freeipa-server is not configured yet. Anyone seen this? The only source I see for these files is the slapd package which conflicts with freeipa. Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
