Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Ok, I reverted to a completely fresh install, literally just after the first reboot. It installed cleanly. So there's something in a package upgrade that's breaking things. I may try to figure it out later. On Tue, May 16, 2017 at 3:08 PM Dagan McGregor <l...@sudo.nz> wrote: > On 17 May 2017 8:50:02 AM NZST, "Robert L. Harris" < > robert.l.har...@gmail.com> wrote: >> >> I can, though that's what I did 2 days ago, fresh install from latest >> ISO. >> >> >> On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.hol...@gmail.com> >> wrote: >> >>> I have a feeling that there is something broken with your image. Could >>> you try installing Centos from ISO? >>> >>> >>> On 16 May 2017 at 22:37, Robert L. Harris <robert.l.har...@gmail.com> >>> wrote: >>> >>>> >>>> I left SELinux enabled, no change, still streaming the same error: >>>> >>>> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize >>>> failed. Certificate database: /etc/httpd/alias. >>>> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library >>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED >>>> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS >>>> database exist? >>>> >>>> >>>> >>>> On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com> >>>> wrote: >>>> >>>>> Yea, I would try installing IPA then making the changes that you want. >>>>> I think SELinux should be left enabled however. It makes admin super fun! >>>>> :) >>>>> >>>>> >>>>> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com> >>>>> wrote: >>>>> >>>>>> >>>>>> I did disable selinux as it gave errors setting up my standard users, >>>>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable >>>>>> selinux and then try again. >>>>>> >>>>>> >>>>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway < >>>>>> andrew.hol...@gmail.com> wrote: >>>>>> >>>>>>> This is pretty weird. FreeIPA installation normally works. >>>>>>> >>>>>>> Has the operating system image been changed or optimised somehow? >>>>>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 >>>>>>> from >>>>>>> the ISO? >>>>>>> >>>>>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com >>>>>>> > wrote: >>>>>>> >>>>>>>> >>>>>>>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no >>>>>>>> alarms on VMWare ) >>>>>>>> >>>>>>>> >>>>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway < >>>>>>>> andrew.hol...@gmail.com> wrote: >>>>>>>> >>>>>>>>> Hallo, >>>>>>>>> >>>>>>>>> How much memory do you have on the machine. I have a sneaking >>>>>>>>> suspicion that you're running out. >>>>>>>>> >>>>>>>>> Ta, >>>>>>>>> >>>>>>>>> Andrew >>>>>>>>> >>>>>>>>> On 16 May 2017 at 17:16, Robert L. Harris < >>>>>>>>> robert.l.har...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Last night I rolled back my snapshot. Here's what I have after >>>>>>>>>> the yum install >>>>>>>>>> >>>>>>>>>> "minimal" install of Centos7 + basic build. >>>>>>>>>> {0}:/var/log>cat /etc/*elease >>>>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>>>> NAME="CentOS Linux" >>>>>>>>>> VERSION="7 (Core)" >>>>>>>>>> ID="centos" >>>>>>>>>> ID_LIKE="rhel fedora" >>>>>>>>>> VERSION_ID
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
I can, though that's what I did 2 days ago, fresh install from latest ISO. On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > I have a feeling that there is something broken with your image. Could you > try installing Centos from ISO? > > > On 16 May 2017 at 22:37, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >> I left SELinux enabled, no change, still streaming the same error: >> >> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize >> failed. Certificate database: /etc/httpd/alias. >> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error: >> -8038 SEC_ERROR_NOT_INITIALIZED >> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS >> database exist? >> >> >> >> On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com> >> wrote: >> >>> Yea, I would try installing IPA then making the changes that you want. I >>> think SELinux should be left enabled however. It makes admin super fun! :) >>> >>> >>> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com> >>> wrote: >>> >>>> >>>> I did disable selinux as it gave errors setting up my standard users, >>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable >>>> selinux and then try again. >>>> >>>> >>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com> >>>> wrote: >>>> >>>>> This is pretty weird. FreeIPA installation normally works. >>>>> >>>>> Has the operating system image been changed or optimised somehow? >>>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from >>>>> the ISO? >>>>> >>>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com> >>>>> wrote: >>>>> >>>>>> >>>>>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no >>>>>> alarms on VMWare ) >>>>>> >>>>>> >>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway < >>>>>> andrew.hol...@gmail.com> wrote: >>>>>> >>>>>>> Hallo, >>>>>>> >>>>>>> How much memory do you have on the machine. I have a sneaking >>>>>>> suspicion that you're running out. >>>>>>> >>>>>>> Ta, >>>>>>> >>>>>>> Andrew >>>>>>> >>>>>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com >>>>>>> > wrote: >>>>>>> >>>>>>>> >>>>>>>> Last night I rolled back my snapshot. Here's what I have after the >>>>>>>> yum install >>>>>>>> >>>>>>>> "minimal" install of Centos7 + basic build. >>>>>>>> {0}:/var/log>cat /etc/*elease >>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>> NAME="CentOS Linux" >>>>>>>> VERSION="7 (Core)" >>>>>>>> ID="centos" >>>>>>>> ID_LIKE="rhel fedora" >>>>>>>> VERSION_ID="7" >>>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)" >>>>>>>> ANSI_COLOR="0;31" >>>>>>>> CPE_NAME="cpe:/o:centos:centos:7" >>>>>>>> HOME_URL="https://www.centos.org/; >>>>>>>> BUG_REPORT_URL="https://bugs.centos.org/; >>>>>>>> >>>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7" >>>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7" >>>>>>>> REDHAT_SUPPORT_PRODUCT="centos" >>>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7" >>>>>>>> >>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>>> >>>>>>>> >>>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >>>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >>>>>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
I left SELinux enabled, no change, still streaming the same error: [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS database exist? On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > Yea, I would try installing IPA then making the changes that you want. I > think SELinux should be left enabled however. It makes admin super fun! :) > > > On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >> I did disable selinux as it gave errors setting up my standard users, >> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable >> selinux and then try again. >> >> >> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com> >> wrote: >> >>> This is pretty weird. FreeIPA installation normally works. >>> >>> Has the operating system image been changed or optimised somehow? >>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from >>> the ISO? >>> >>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com> >>> wrote: >>> >>>> >>>>2 Gigs, it's a VM. The VM didn't report any memory issues ( no >>>> alarms on VMWare ) >>>> >>>> >>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com> >>>> wrote: >>>> >>>>> Hallo, >>>>> >>>>> How much memory do you have on the machine. I have a sneaking >>>>> suspicion that you're running out. >>>>> >>>>> Ta, >>>>> >>>>> Andrew >>>>> >>>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> >>>>> wrote: >>>>> >>>>>> >>>>>> Last night I rolled back my snapshot. Here's what I have after the >>>>>> yum install >>>>>> >>>>>> "minimal" install of Centos7 + basic build. >>>>>> {0}:/var/log>cat /etc/*elease >>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>> NAME="CentOS Linux" >>>>>> VERSION="7 (Core)" >>>>>> ID="centos" >>>>>> ID_LIKE="rhel fedora" >>>>>> VERSION_ID="7" >>>>>> PRETTY_NAME="CentOS Linux 7 (Core)" >>>>>> ANSI_COLOR="0;31" >>>>>> CPE_NAME="cpe:/o:centos:centos:7" >>>>>> HOME_URL="https://www.centos.org/; >>>>>> BUG_REPORT_URL="https://bugs.centos.org/; >>>>>> >>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7" >>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7" >>>>>> REDHAT_SUPPORT_PRODUCT="centos" >>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7" >>>>>> >>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>> >>>>>> >>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >>>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >>>>>> ipa-common-4.4.0-14.el7.centos.7.noarch >>>>>> perl-HTTP-Tiny-0.033-3.el7.noarch >>>>>> python-iniparse-0.4-9.el7.noarch >>>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch >>>>>> pam_krb5-2.4.8-6.el7.x86_64 >>>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >>>>>> python-ipaddress-1.0.16-2.el7.noarch >>>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch >>>>>> krb5-libs-1.14.1-27.el7_3.x86_64 >>>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >>>>>> krb5-workstation-1.14.1-27.el7_3.x86_64 >>>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64 >>>>>> >>>>>> Tried to pull an exact client. The "yum install ipa-server" went >>>>>> fine: >>>>>>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
I did disable selinux as it gave errors setting up my standard users, etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable selinux and then try again. On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > This is pretty weird. FreeIPA installation normally works. > > Has the operating system image been changed or optimised somehow? Perhaps > SELinux has been disabled? Have you tried installing Centos7 from the ISO? > > On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >>2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms >> on VMWare ) >> >> >> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com> >> wrote: >> >>> Hallo, >>> >>> How much memory do you have on the machine. I have a sneaking suspicion >>> that you're running out. >>> >>> Ta, >>> >>> Andrew >>> >>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> >>> wrote: >>> >>>> >>>> Last night I rolled back my snapshot. Here's what I have after the yum >>>> install >>>> >>>> "minimal" install of Centos7 + basic build. >>>> {0}:/var/log>cat /etc/*elease >>>> CentOS Linux release 7.3.1611 (Core) >>>> NAME="CentOS Linux" >>>> VERSION="7 (Core)" >>>> ID="centos" >>>> ID_LIKE="rhel fedora" >>>> VERSION_ID="7" >>>> PRETTY_NAME="CentOS Linux 7 (Core)" >>>> ANSI_COLOR="0;31" >>>> CPE_NAME="cpe:/o:centos:centos:7" >>>> HOME_URL="https://www.centos.org/; >>>> BUG_REPORT_URL="https://bugs.centos.org/; >>>> >>>> CENTOS_MANTISBT_PROJECT="CentOS-7" >>>> CENTOS_MANTISBT_PROJECT_VERSION="7" >>>> REDHAT_SUPPORT_PRODUCT="centos" >>>> REDHAT_SUPPORT_PRODUCT_VERSION="7" >>>> >>>> CentOS Linux release 7.3.1611 (Core) >>>> CentOS Linux release 7.3.1611 (Core) >>>> >>>> >>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >>>> ipa-common-4.4.0-14.el7.centos.7.noarch >>>> perl-HTTP-Tiny-0.033-3.el7.noarch >>>> python-iniparse-0.4-9.el7.noarch >>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch >>>> pam_krb5-2.4.8-6.el7.x86_64 >>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >>>> python-ipaddress-1.0.16-2.el7.noarch >>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch >>>> krb5-libs-1.14.1-27.el7_3.x86_64 >>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >>>> krb5-workstation-1.14.1-27.el7_3.x86_64 >>>> ipa-client-4.4.0-14.el7.centos.7.x86_64 >>>> >>>> Tried to pull an exact client. The "yum install ipa-server" went fine: >>>> >>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server >>>> ipa-server-4.4.0-14.el7.centos.7.x86_64 >>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch >>>> >>>> >>>> "ipa-server-install" ran clean but has been stuck for 2 days: >>>> >>>> Restarting the directory server >>>> Restarting the KDC >>>> Please add records in this file to your DNS system: >>>> /tmp/ipa.system.records.qLsLyx.db >>>> Restarting the web server >>>> Configuring client side components >>>> Using existing certificate '/etc/ipa/ca.crt'. >>>> Client hostname: ipa.rdlg.net >>>> Realm: RDLG.NET >>>> DNS Domain: rdlg.net >>>> IPA Server: ipa.rdlg.net >>>> BaseDN: dc=rdlg,dc=net >>>> >>>> Skipping synchronizing time with NTP server. >>>> New SSSD config will be created >>>> Configured sudoers in /etc/nsswitch.conf >>>> Configured /etc/sssd/sssd.conf >>>> trying https://ipa.rdlg.net/ipa/json >>>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >>>> >>>> Checking the /var/log/httpd/error.log has 2 days of just this: >>>> >>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms on VMWare ) On Tue, May 16, 2017 at 12:29 PM Andrew Holway <andrew.hol...@gmail.com> wrote: > Hallo, > > How much memory do you have on the machine. I have a sneaking suspicion > that you're running out. > > Ta, > > Andrew > > On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> >> Last night I rolled back my snapshot. Here's what I have after the yum >> install >> >> "minimal" install of Centos7 + basic build. >> {0}:/var/log>cat /etc/*elease >> CentOS Linux release 7.3.1611 (Core) >> NAME="CentOS Linux" >> VERSION="7 (Core)" >> ID="centos" >> ID_LIKE="rhel fedora" >> VERSION_ID="7" >> PRETTY_NAME="CentOS Linux 7 (Core)" >> ANSI_COLOR="0;31" >> CPE_NAME="cpe:/o:centos:centos:7" >> HOME_URL="https://www.centos.org/; >> BUG_REPORT_URL="https://bugs.centos.org/; >> >> CENTOS_MANTISBT_PROJECT="CentOS-7" >> CENTOS_MANTISBT_PROJECT_VERSION="7" >> REDHAT_SUPPORT_PRODUCT="centos" >> REDHAT_SUPPORT_PRODUCT_VERSION="7" >> >> CentOS Linux release 7.3.1611 (Core) >> CentOS Linux release 7.3.1611 (Core) >> >> >> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >> ipa-common-4.4.0-14.el7.centos.7.noarch >> perl-HTTP-Tiny-0.033-3.el7.noarch >> python-iniparse-0.4-9.el7.noarch >> ipa-client-common-4.4.0-14.el7.centos.7.noarch >> pam_krb5-2.4.8-6.el7.x86_64 >> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >> python-ipaddress-1.0.16-2.el7.noarch >> python2-ipalib-4.4.0-14.el7.centos.7.noarch >> krb5-libs-1.14.1-27.el7_3.x86_64 >> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >> krb5-workstation-1.14.1-27.el7_3.x86_64 >> ipa-client-4.4.0-14.el7.centos.7.x86_64 >> >> Tried to pull an exact client. The "yum install ipa-server" went fine: >> >> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server >> ipa-server-4.4.0-14.el7.centos.7.x86_64 >> ipa-server-common-4.4.0-14.el7.centos.7.noarch >> >> >> "ipa-server-install" ran clean but has been stuck for 2 days: >> >> Restarting the directory server >> Restarting the KDC >> Please add records in this file to your DNS system: >> /tmp/ipa.system.records.qLsLyx.db >> Restarting the web server >> Configuring client side components >> Using existing certificate '/etc/ipa/ca.crt'. >> Client hostname: ipa.rdlg.net >> Realm: RDLG.NET >> DNS Domain: rdlg.net >> IPA Server: ipa.rdlg.net >> BaseDN: dc=rdlg,dc=net >> >> Skipping synchronizing time with NTP server. >> New SSSD config will be created >> Configured sudoers in /etc/nsswitch.conf >> Configured /etc/sssd/sssd.conf >> trying https://ipa.rdlg.net/ipa/json >> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >> >> Checking the /var/log/httpd/error.log has 2 days of just this: >> >> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize >> failed. Certificate database: /etc/httpd/alias. >> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error: >> -8038 SEC_ERROR_NOT_INITIALIZED >> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS >> database exist? >> >> >> Robert >> >> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> >> wrote: >> >>> Robert L. Harris wrote: >>> > >>> > Hmmm >>> > >>> > {0}:/var/log>ls >>> > anaconda btmp dmesg grubby maillog pppsecure >>> > tallylog wtmp >>> > audit cron dmesg.old grubby_prune_debug messages rhsm spooler >>> > tuned yum.log >>> > boot.log cups firewalld lastlog ntpstats samba sssd >>> > vmware-vmsvc.log >>> > >>> > >>> > root@ipa >>> > {1}:/var/log>rpm -q -l http >>> > package http is not installed >>> > >>> > root@ipa >>> > {1}:/var/log>rpm -q -a | grep -i http >>> > perl-HTTP-Tiny-0.033-3.el7.noarch >>> > >>> > root@ipa >>> > {0}:/var/log>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Last night I rolled back my snapshot. Here's what I have after the yum install "minimal" install of Centos7 + basic build. {0}:/var/log>cat /etc/*elease CentOS Linux release 7.3.1611 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/; BUG_REPORT_URL="https://bugs.centos.org/; CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" CentOS Linux release 7.3.1611 (Core) CentOS Linux release 7.3.1611 (Core) {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 python2-ipaclient-4.4.0-14.el7.centos.7.noarch ipa-common-4.4.0-14.el7.centos.7.noarch perl-HTTP-Tiny-0.033-3.el7.noarch python-iniparse-0.4-9.el7.noarch ipa-client-common-4.4.0-14.el7.centos.7.noarch pam_krb5-2.4.8-6.el7.x86_64 sssd-krb5-1.14.0-43.el7_3.14.x86_64 python-ipaddress-1.0.16-2.el7.noarch python2-ipalib-4.4.0-14.el7.centos.7.noarch krb5-libs-1.14.1-27.el7_3.x86_64 libipa_hbac-1.14.0-43.el7_3.14.x86_64 python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 sssd-ipa-1.14.0-43.el7_3.14.x86_64 krb5-workstation-1.14.1-27.el7_3.x86_64 ipa-client-4.4.0-14.el7.centos.7.x86_64 Tried to pull an exact client. The "yum install ipa-server" went fine: {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server ipa-server-4.4.0-14.el7.centos.7.x86_64 ipa-server-common-4.4.0-14.el7.centos.7.noarch "ipa-server-install" ran clean but has been stuck for 2 days: Restarting the directory server Restarting the KDC Please add records in this file to your DNS system: /tmp/ipa.system.records.qLsLyx.db Restarting the web server Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: ipa.rdlg.net Realm: RDLG.NET DNS Domain: rdlg.net IPA Server: ipa.rdlg.net BaseDN: dc=rdlg,dc=net Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://ipa.rdlg.net/ipa/json Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' Checking the /var/log/httpd/error.log has 2 days of just this: [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS database exist? Robert On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> wrote: > Robert L. Harris wrote: > > > > Hmmm > > > > {0}:/var/log>ls > > anaconda btmp dmesg grubby maillog pppsecure > > tallylog wtmp > > audit cron dmesg.old grubby_prune_debug messages rhsm spooler > > tuned yum.log > > boot.log cups firewalld lastlog ntpstats samba sssd > > vmware-vmsvc.log > > > > > > root@ipa > > {1}:/var/log>rpm -q -l http > > package http is not installed > > > > root@ipa > > {1}:/var/log>rpm -q -a | grep -i http > > perl-HTTP-Tiny-0.033-3.el7.noarch > > > > root@ipa > > {0}:/var/log>rpm -q -a | grep -i tomcat > > > > > > Doesn't look like an httpd was installed as a dependancy? > > I find this very hard to believe given that it go so far as to configure > things in Apache, restart it, etc. What version of [free]ipa-server is > installed? How did you install it and from what repo? > > rob > > > > > > > > > > > > > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com > > <mailto:mba...@redhat.com>> wrote: > > > > That's weird, it should be super fast, anything in > > /var/log/httpd/error_log? > > > > > > On 11.05.2017 22:23, Robert L. Harris wrote: > >> > >> Odd, must have clicked reply instead of reply-all. > >> > >> Anyway, I did the revert and re-install. Actual install went > >> through fine then the "ipa-server-install" ran until this: > >> > >> [8/9]: restoring configuration > >> [9/9]: starting directory server > >> Done. > >> Restarting the directory server > >> Restarting the KDC > >> Please add records in this file to your DNS system: > >> /tmp/ipa.system.records.v5Jwrt.db > >> Restarting the web server > >>
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Hmmm {0}:/var/log>ls anaconda btmp dmesg grubby maillog pppsecure tallylog wtmp audit cron dmesg.old grubby_prune_debug messages rhsm spooler tuned yum.log boot.log cups firewalld lastlog ntpstats samba sssd vmware-vmsvc.log root@ipa {1}:/var/log>rpm -q -l http package http is not installed root@ipa {1}:/var/log>rpm -q -a | grep -i http perl-HTTP-Tiny-0.033-3.el7.noarch root@ipa {0}:/var/log>rpm -q -a | grep -i tomcat Doesn't look like an httpd was installed as a dependancy? On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com> wrote: > That's weird, it should be super fast, anything in > /var/log/httpd/error_log? > > On 11.05.2017 22:23, Robert L. Harris wrote: > > > Odd, must have clicked reply instead of reply-all. > > Anyway, I did the revert and re-install. Actual install went through fine > then the "ipa-server-install" ran until this: > > [8/9]: restoring configuration > [9/9]: starting directory server > Done. > Restarting the directory server > Restarting the KDC > Please add records in this file to your DNS system: > /tmp/ipa.system.records.v5Jwrt.db > Restarting the web server > Configuring client side components > Using existing certificate '/etc/ipa/ca.crt'. > Client hostname: ipa.rdlg.net > Realm: RDLG.NET > DNS Domain: rdlg.net > IPA Server: ipa.rdlg.net > BaseDN: dc=rdlg,dc=net > > Skipping synchronizing time with NTP server. > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > trying https://ipa.rdlg.net/ipa/json > Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' > > > It's been sitting there for a while ( 4 hours? ) I don't see anyting in > the ipaserver-install.log, but it's here: https://pastebin.com/biK1Dmv7 > > > > On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com> wrote: > >> Please keep freeipa-users in CC >> >> Snapshot is always better, so I suggest to use it. Otherwise there is an >> option --ignore-last-of-role to unblock uninstallation. >> >> Martin >> >> On 11.05.2017 16:00, Robert L. Harris wrote: >> >> >> Looks like you hit it, apache didn't have a group: >> >> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu 2017-05-11 >> 07:48:27 MDT. -- >> May 10 20:36:00 ipa.rdlg.net systemd[1]: Starting The Apache HTTP >> Server... >> May 10 20:36:00 ipa.rdlg.net ipa-httpd-kdcproxy[28808]: ipa : >> INFO KDC proxy enabled >> May 10 20:36:00 ipa.rdlg.net httpd[28809]: AH00544: httpd: bad group >> name apache >> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: main process >> exited, code=exited, status=1/FAILURE >> May 10 20:36:00 ipa.rdlg.net kill[28812]: kill: cannot find process "" >> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: control process >> exited, code=exited status=1 >> May 10 20:36:00 ipa.rdlg.net systemd[1]: Failed to start The Apache HTTP >> Server. >> May 10 20:36:00 ipa.rdlg.net systemd[1]: Unit httpd.service entered >> failed state. >> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service failed. >> >> Thanks, didn't know that command. I tried to continue the process: >> >> {0}:/root>ipa-server-install >> >> The log file for this installation can be found in >> /var/log/ipaserver-install.log >> ipa.ipapython.install.cli.install_tool(Server): ERRORIPA server is >> already configured on this system. >> If you want to reinstall the IPA server, please uninstall it first using >> 'ipa-server-install --uninstall'. >> ipa.ipapython.install.cli.install_tool(Server): ERRORThe >> ipa-server-install command failed. See /var/log/ipaserver-install.log for >> more information >> >> root@ipa >> {1}:/root>ipa-server-install --uninstall >> >> This is a NON REVERSIBLE operation and will delete all data and >> configuration! >> >> Are you sure you want to continue with the uninstall procedure? [no]: yes >> ipa : ERRORServer removal aborted: Deleting this server is >> not allowed as it would leave your installation without a CA.. >> >> >> >> This is a VM and I took a snapshot right before I started the install, so >> I can revert, just make sure ti add the apache user before starting the >> install. Or if you have a better command to continue the >> clean-up/install. >> >> >> On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mba...@redhat.com> wrote: >> >>> H
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Odd, must have clicked reply instead of reply-all. Anyway, I did the revert and re-install. Actual install went through fine then the "ipa-server-install" ran until this: [8/9]: restoring configuration [9/9]: starting directory server Done. Restarting the directory server Restarting the KDC Please add records in this file to your DNS system: /tmp/ipa.system.records.v5Jwrt.db Restarting the web server Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: ipa.rdlg.net Realm: RDLG.NET DNS Domain: rdlg.net IPA Server: ipa.rdlg.net BaseDN: dc=rdlg,dc=net Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://ipa.rdlg.net/ipa/json Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' It's been sitting there for a while ( 4 hours? ) I don't see anyting in the ipaserver-install.log, but it's here: https://pastebin.com/biK1Dmv7 On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mba...@redhat.com> wrote: > Please keep freeipa-users in CC > > Snapshot is always better, so I suggest to use it. Otherwise there is an > option --ignore-last-of-role to unblock uninstallation. > > Martin > > On 11.05.2017 16:00, Robert L. Harris wrote: > > > Looks like you hit it, apache didn't have a group: > > -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu 2017-05-11 > 07:48:27 MDT. -- > May 10 20:36:00 ipa.rdlg.net systemd[1]: Starting The Apache HTTP > Server... > May 10 20:36:00 ipa.rdlg.net ipa-httpd-kdcproxy[28808]: ipa : > INFO KDC proxy enabled > May 10 20:36:00 ipa.rdlg.net httpd[28809]: AH00544: httpd: bad group name > apache > May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: main process > exited, code=exited, status=1/FAILURE > May 10 20:36:00 ipa.rdlg.net kill[28812]: kill: cannot find process "" > May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: control process > exited, code=exited status=1 > May 10 20:36:00 ipa.rdlg.net systemd[1]: Failed to start The Apache HTTP > Server. > May 10 20:36:00 ipa.rdlg.net systemd[1]: Unit httpd.service entered > failed state. > May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service failed. > > Thanks, didn't know that command. I tried to continue the process: > > {0}:/root>ipa-server-install > > The log file for this installation can be found in > /var/log/ipaserver-install.log > ipa.ipapython.install.cli.install_tool(Server): ERRORIPA server is > already configured on this system. > If you want to reinstall the IPA server, please uninstall it first using > 'ipa-server-install --uninstall'. > ipa.ipapython.install.cli.install_tool(Server): ERRORThe > ipa-server-install command failed. See /var/log/ipaserver-install.log for > more information > > root@ipa > {1}:/root>ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and > configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > ipa : ERRORServer removal aborted: Deleting this server is not > allowed as it would leave your installation without a CA.. > > > > This is a VM and I took a snapshot right before I started the install, so > I can revert, just make sure ti add the apache user before starting the > install. Or if you have a better command to continue the > clean-up/install. > > > On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mba...@redhat.com> wrote: > >> Hello, >> >> comments inline >> >> On 11.05.2017 06:06, Robert L. Harris wrote: >> >> >> Sigh... Sorry, it's been a long day, I thought I put that log in the >> first pastebin. It's in this one: https://pastebin.com/18PAXXNS >> >> >> Could you please provide journalctl -u httpd and /var/log/httpd/error_log >> ? >> >> >> >> >> Also, >>Anyone else get the constant spam when mailing this list? Got an >> address to block for it? >> >> >> Sorry for that, there is a bot mining public archives. We plan to resolve >> this issue but it may take time as we are not maintaining our mailman. >> >> Martin >> >> >> >> Robert >> >> >> >> >> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman <data...@gmail.com> >> wrote: >> >>> Robert, did you look in /var/log/ipaserver-install.log as it says? >>> >>> Was there any other information? >>> >>> cheers >>> L. >>> >>> -- >>> "Mission Statement: To provide hope and inspiration for collective
Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Sigh... Sorry, it's been a long day, I thought I put that log in the first pastebin. It's in this one: https://pastebin.com/18PAXXNS Also, Anyone else get the constant spam when mailing this list? Got an address to block for it? Robert On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman <data...@gmail.com> wrote: > Robert, did you look in /var/log/ipaserver-install.log as it says? > > Was there any other information? > > cheers > L. > > -- > "Mission Statement: To provide hope and inspiration for collective action, > to build collective power, to achieve collective transformation, rooted in > grief and rage but pointed towards vision and dreams." > > - Patrice Cullors, *Black Lives Matter founder* > > On 11 May 2017 at 13:24, Robert L. Harris <robert.l.har...@gmail.com> > wrote: > >> Ok, I gave up on Ubuntu. I'm now trying the latest CentOS7. I built >> out a "minimal server" with some normal base packages which did include the >> freeipa-client but otherwise, just standard tools. Here's a pastebin of >> the output of the install: https://pastebin.com/zAWCgkUU >> >> Robert >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Ok, I gave up on Ubuntu. I'm now trying the latest CentOS7. I built out a "minimal server" with some normal base packages which did include the freeipa-client but otherwise, just standard tools. Here's a pastebin of the output of the install: https://pastebin.com/zAWCgkUU Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Installing on Ubuntu 16.04
Gave up on freeipa and Ubuntu 17.10. Re-installed with 16.04 and some base packages which does include freeipa-client. When I do an apt-get install on freeipa-server it runs along happily until I find this: . ... Setting up pki-server (10.2.6+git20160317-1) ... Job for pki-tomcatd.service failed because the control process exited with error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe" for details. invoke-rc.d: initscript pki-tomcatd, action "start" failed. * pki-tomcatd.service - LSB: Start pki-tomcatd at boot time Loaded: loaded (/etc/init.d/pki-tomcatd; bad; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2017-04-30 20:38:29 MDT; 3ms ago Docs: man:systemd-sysv-generator(8) Process: 9645 ExecStart=/etc/init.d/pki-tomcatd start (code=exited, status=5) Apr 30 20:38:29 ipa systemd[1]: Starting LSB: Start pki-tomcatd at boot time... Apr 30 20:38:29 ipa pki-tomcatd[9645]: ERROR: No 'tomcat' instances installed! ... because no CA instance has been configured yet. pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it. pki-tomcatd.target is a disabled or a static unit, not starting it. Setting up pki-ca (10.2.6+git20160317-1) ... ... . I have been googling but can't find a relevant fix that resolves this. Any ideas? Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] "Purge" scripts?
"apt-get remove --purge " or "dpkg -P " should remove all files. One a previous build I tried the --uninstall and got an error. Right now I'm trying the PPA and 17.04 and getting a KRB error. On Thu, Apr 27, 2017 at 9:06 AM Rob Crittenden <rcrit...@redhat.com> wrote: > Martin Bašti wrote: > > > > > > On 26.04.2017 20:07, Robert L. Harris wrote: > >> So twice now I've tried installing freeipa on an Ubuntu 16.04 > >> system. Both times I've gotten an error and followed the instructions > >> to "fix it" and they didn't work so I removed files ( with purge ), > >> cleaned up everything I could find related to freeipa, sssd and kerb > >> but trying to run it again gives either a different error or the same > >> error with a different process output indicating it's not 100% clean. > >> > >>Is there a known list of paths, packages or files to make sure are > >> un-installed or wiped out to make the system 100% clean? Preferably > >> for Ubuntu. > >> > >> Robert > >> > >> > >> > > > > Hello, could you be more specific about the errors? > > I think it is a misunderstanding. Removing the packages doesn't undo the > configuration. I think he needs to reinstall the packages and run > ipa-server-install --uninstall (though the ipa-upgrade post-install > command may blow up on reinstall). > > rob > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] "Purge" scripts?
It changes each time it seems. In a minute I'm going to do a completely virgin install under a "script" session for Ubuntu 16.04 and 17.04 with and with the PPAs then upload the scripts to pastebin so they can be looked at. Robert On Thu, Apr 27, 2017 at 9:01 AM Martin Bašti <mba...@redhat.com> wrote: > > > On 26.04.2017 20:07, Robert L. Harris wrote: > > So twice now I've tried installing freeipa on an Ubuntu 16.04 system. > Both times I've gotten an error and followed the instructions to "fix it" > and they didn't work so I removed files ( with purge ), cleaned up > everything I could find related to freeipa, sssd and kerb but trying to run > it again gives either a different error or the same error with a different > process output indicating it's not 100% clean. > >Is there a known list of paths, packages or files to make sure are > un-installed or wiped out to make the system 100% clean? Preferably for > Ubuntu. > > Robert > > > > > Hello, could you be more specific about the errors? > > > Martin > > -- > Martin Bašti > Software Engineer > Red Hat Czech > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] "Purge" scripts?
So twice now I've tried installing freeipa on an Ubuntu 16.04 system. Both times I've gotten an error and followed the instructions to "fix it" and they didn't work so I removed files ( with purge ), cleaned up everything I could find related to freeipa, sssd and kerb but trying to run it again gives either a different error or the same error with a different process output indicating it's not 100% clean. Is there a known list of paths, packages or files to make sure are un-installed or wiped out to make the system 100% clean? Preferably for Ubuntu. Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] New server install failing
I'm trying to install freeipa-server on an ubuntu 16.04 box, fresh install, but it keeps failing: {0}:/etc/apt>lsb_release -r Release:16.04 {0}:/etc/apt>dpkg -l | egrep -i 'slapd|ipa' ii python-ipaddress 1.0.16-1 all Backport of Python 3 ipaddress module (Python 2) I added the apt repository: {0}:/etc/apt> sudo add-apt-repository ppa:freeipa/ppa * This worked, it's far up in my history {0}:/etc/apt>apt-get install freeipa-server Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libodbc1 libslp1 Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: freeipa-admintools freeipa-client freeipa-server-dns Suggested packages: libpam-krb5 The following NEW packages will be installed: freeipa-admintools freeipa-client freeipa-server freeipa-server-dns 0 upgraded, 4 newly installed, 0 to remove and 6 not upgraded. Need to get 0 B/853 kB of archives. After this operation, 3669 kB of additional disk space will be used. Do you want to continue? [Y/n] y Selecting previously unselected package freeipa-client. (Reading database ... 161356 files and directories currently installed.) Preparing to unpack .../freeipa-client_4.3.1-0ubuntu1_amd64.deb ... Unpacking freeipa-client (4.3.1-0ubuntu1) ... Selecting previously unselected package freeipa-admintools. Preparing to unpack .../freeipa-admintools_4.3.1-0ubuntu1_all.deb ... Unpacking freeipa-admintools (4.3.1-0ubuntu1) ... Selecting previously unselected package freeipa-server. Preparing to unpack .../freeipa-server_4.3.1-0ubuntu1_amd64.deb ... Unpacking freeipa-server (4.3.1-0ubuntu1) ... Selecting previously unselected package freeipa-server-dns. Preparing to unpack .../freeipa-server-dns_4.3.1-0ubuntu1_all.deb ... Unpacking freeipa-server-dns (4.3.1-0ubuntu1) ... Processing triggers for man-db (2.7.5-1) ... Processing triggers for dbus (1.10.6-1ubuntu3.3) ... Setting up freeipa-client (4.3.1-0ubuntu1) ... Setting up freeipa-admintools (4.3.1-0ubuntu1) ... Setting up freeipa-server (4.3.1-0ubuntu1) ... apache2_invoke: Enable module auth_gssapi apache2_invoke: Enable module authz_user apache2_invoke: Enable module deflate apache2_invoke: Enable module expires apache2_invoke: Enable module headers apache2_invoke: Enable module proxy apache2_invoke: Enable module proxy_ajp apache2_invoke: Enable module proxy_http apache2_invoke: Enable module rewrite Running ipa-server-upgrade... IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: *IOError: [Errno 2] No such file or directory: u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif.modified.out'* The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information dpkg: error processing package freeipa-server (--configure): subprocess installed post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of freeipa-server-dns: freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however: Package freeipa-server is not configured yet. dpkg: error processing package freeipa-server-dns (--configure): dependency problems - leaving unconfigured Processing triggers for dbus (1.10.6-1ubuntu3.3) ...No apport report written because the error message indicates its a followup error from a previous failure. Errors were encountered while processing: freeipa-server freeipa-server-dns E: Sub-process /usr/bin/dpkg returned an error code (1) If I search around, that slapd-EXAMPLE-COM directoryand file can be created by installing slapd but that requires 389-ds-base which conflicts with slapd. Thoughts? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing on Ubuntu
Ok, I removed the files in that directory, manually removed 389-ds-base, cleaned up the user/group and some left over directories and all installed/configured correctly. -R On Tue, Feb 21, 2017 at 1:03 PM Timo Aaltonen <tjaal...@ubuntu.com> wrote: > On 21.02.2017 17:33, Robert L. Harris wrote: > > This was a clean install of Ubuntu. If I install freeipa-server I get > > the error from the original email. If I do a "apt install > > freeipa-server" I do see it will install python-ipaserver. When I let > > it run it downloads and everything and starts setting everything up. I > > get this: > > > > Processing triggers for ureadahead (0.100.0-19) ... > > Errors were encountered while processing: > > 389-ds-base > > freeipa-server > > freeipa-server-dns > > E: Sub-process /usr/bin/dpkg returned an error code (1) > > And I installed it on a clean chroot and the packages installed fine > without issues. Note that the pki-server spam is expected and not an error. > > > If I run the python command you gave me at this point I get this: > > > > python2 -c 'from ipaserver.install import installutils; print "yes" if > > installutils.is_ipa_configured() else "no";' > > yes > > This means that you have some files around which a clean install should > not have. Check the contents of /var/lib/ipa/sysrestore. > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing on Ubuntu
This was a clean install of Ubuntu. If I install freeipa-server I get the error from the original email. If I do a "apt install freeipa-server" I do see it will install python-ipaserver. When I let it run it downloads and everything and starts setting everything up. I get this: Setting up tomcat7-user (7.0.68-1ubuntu0.1) ... Setting up velocity (1.7-4) ... Setting up pki-server (10.2.6+git20160317-1) ... Job for pki-tomcatd.service failed because the control process exited with error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe" for details. invoke-rc.d: initscript pki-tomcatd, action "start" failed. ... because no CA instance has been configured yet. pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it. pki-tomcatd.target is a disabled or a static unit, not starting it. Setting up pki-ca (10.2.6+git20160317-1) ... Setting up pki-kra (10.2.6+git20160317-1) ... . It continues til I get this: . Setting up opendnssec (1:1.4.9-2) ... dpkg: dependency problems prevent configuration of freeipa-server-dns: freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however: Package freeipa-server is not configured yet. dpkg: error processing package freeipa-server-dns (--configure): dependency problems - leaving unconfigured No apport report written because the error message indicates its a followup error from a previous failure. Setting up libverto-libevent1:amd64 (0.2.4-2.1ubuntu2) ... Setting up libverto1:amd64 (0.2.4-2.1ubuntu2) ... . Continues a bit longer til: . Processing triggers for ureadahead (0.100.0-19) ... Errors were encountered while processing: 389-ds-base freeipa-server freeipa-server-dns E: Sub-process /usr/bin/dpkg returned an error code (1) If I run the python command you gave me at this point I get this: python2 -c 'from ipaserver.install import installutils; print "yes" if installutils.is_ipa_configured() else "no";' yes On Tue, Feb 21, 2017 at 1:38 AM Timo Aaltonen <tjaal...@ubuntu.com> wrote: > On 20.02.2017 22:26, Robert L. Harris wrote: > > > > python2 -c 'from ipaserver.install import installutils; print "yes" if > > installutils.is_ipa_configured() else "no";' > > Traceback (most recent call last): > > File "", line 1, in > > ImportError: No module named ipaserver.install > > Then how did you manage to get it installed.. freeipa-server depends on > python-ipaserver so you should have it available :) > > > -- > t > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing on Ubuntu
python2 -c 'from ipaserver.install import installutils; print "yes" if installutils.is_ipa_configured() else "no";' Traceback (most recent call last): File "", line 1, in ImportError: No module named ipaserver.install On Fri, Feb 17, 2017 at 10:33 PM Timo Aaltonen <tjaal...@ubuntu.com> wrote: > On 18.02.2017 03:24, Robert L. Harris wrote: > > > >I have an Ubuntu 16.04 test system which is currently clean. I'm > > trying to install freeipa-server via apt and I'm getting an error about > > files missing : > > > > Setting up freeipa-server (4.3.1-0ubuntu1) ... > > Running ipa-server-upgrade... > > IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run > > command ipa-server-upgrade manually. > > Unexpected error - see /var/log/ipaupgrade.log for details: > > IOError: [Errno 2] No such file or directory: > > u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif' > > The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for > > more information > > dpkg: error processing package freeipa-server (--configure): > > subprocess installed post-installation script returned error exit > status 1 > > dpkg: dependency problems prevent configuration of freeipa-server-dns: > > freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); > however: > > Package freeipa-server is not configured yet. > > It shouldn't run ipa-server-upgrade on a clean install. What does: > python2 -c 'from ipaserver.install import installutils; print "yes" if > installutils.is_ipa_configured() else "no";' > > return? > > > -- > t > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Installing on Ubuntu
I have an Ubuntu 16.04 test system which is currently clean. I'm trying to install freeipa-server via apt and I'm getting an error about files missing : Setting up freeipa-server (4.3.1-0ubuntu1) ... Running ipa-server-upgrade... IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: IOError: [Errno 2] No such file or directory: u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif' The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information dpkg: error processing package freeipa-server (--configure): subprocess installed post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of freeipa-server-dns: freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however: Package freeipa-server is not configured yet. Anyone seen this? The only source I see for these files is the slapd package which conflicts with freeipa. Robert -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project