Re: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work
> > Did we confirm that this is a bug? > > Was it filed? > > The user added this information to > https://bugzilla.redhat.com/show_bug.cgi?id=953488 last week. > > rob > > Bug still appears on F19 (ran into it again installing another FreeIPA server for my lab). Will look at re-creating in a virtual machine and filing a bug report when I can. This issues has existed for a while, I set up my first freeIPA server on F17 last year and had the problem then. I suspect its unusual for people using IPA to require HTTP_PROXY/HTTPS_PROXY to be set on their machines. My setup is unusual in that the University network info-structure is externally controlled and my freeIPA setup exists within it to provide authentication for our dual boot lab. G. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work
Dmitri Pal wrote: On 09/29/2013 06:48 AM, Glenn Jenkins wrote: Alexander Bokovoy writes: On Fri, 14 Jun 2013, Steve Dickson wrote: The $subject says it all... Any ideas what is going on here? I did fresh install right now on a up to date F19 VM and experienced no problem whatsoever. There were updates in pki-* and 389-ds-* packages over weekend. 2013-06-14T16:54:45Z DEBUG Starting external process 2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI 2013-06-14T16:54:51Z DEBUG Process finished, return code=1 2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpO2lDxI. ^^^ The date corresponds to Friday last week, also there was issue with metadata information in Fedora 19 and Rawhide repositories which prevented proper packages propagating. Please try up to date packages from update-testing as of Monday. I think this is similar to a bug I've seen reported elsewhere I believe the underlying cause may be the HTTP_PROXY and HTTPS_PROXY variables. If these are set then the ipa install script has problems locating the dogtag server and fails. The error I see in my install log is something along the lines of certificate server failed to restart. From the point of view of the running script the failure looks the same as that produced if the script is run twice. It should be easy to re-create this bug simply by setting HTTP_PROXY and HTTPS_PROXY on a test server and running the server install. Posts in other forums suggest re-installation solves the problem, I suggest this simply removes these variables. Could the install script check for them being set and unset-reset them or simply warn the user? Did we confirm that this is a bug? Was it filed? The user added this information to https://bugzilla.redhat.com/show_bug.cgi?id=953488 last week. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work
On 09/29/2013 06:48 AM, Glenn Jenkins wrote: > Alexander Bokovoy writes: > >> On Fri, 14 Jun 2013, Steve Dickson wrote: >>> The $subject says it all... Any ideas what is going on here? >> I did fresh install right now on a up to date F19 VM and experienced no >> problem whatsoever. >> >> There were updates in pki-* and 389-ds-* packages over weekend. >> >>> 2013-06-14T16:54:45Z DEBUG Starting external process >>> 2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI >>> 2013-06-14T16:54:51Z DEBUG Process finished, return code=1 >>> 2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from > /tmp/tmpO2lDxI. >> ^^^ The date corresponds to Friday last week, also there was issue with >> metadata information in Fedora 19 and Rawhide repositories which >> prevented proper packages propagating. >> >> Please try up to date packages from update-testing as of Monday. >> > I think this is similar to a bug I've seen reported elsewhere I believe the > underlying cause may be the HTTP_PROXY and HTTPS_PROXY variables. If these > are set then the ipa install script has problems locating the dogtag server > and fails. The error I see in my install log is something along the lines > of certificate server failed to restart. From the point of view of the > running script the failure looks the same as that produced if the script is > run twice. > > It should be easy to re-create this bug simply by setting HTTP_PROXY and > HTTPS_PROXY on a test server and running the server install. Posts in other > forums suggest re-installation solves the problem, I suggest this simply > removes these variables. Could the install script check for them being set > and unset-reset them or simply warn the user? Did we confirm that this is a bug? Was it filed? > > G > > > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work
Alexander Bokovoy writes: > > On Fri, 14 Jun 2013, Steve Dickson wrote: > >The $subject says it all... Any ideas what is going on here? > I did fresh install right now on a up to date F19 VM and experienced no > problem whatsoever. > > There were updates in pki-* and 389-ds-* packages over weekend. > > >2013-06-14T16:54:45Z DEBUG Starting external process > >2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI > >2013-06-14T16:54:51Z DEBUG Process finished, return code=1 > >2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpO2lDxI. > ^^^ The date corresponds to Friday last week, also there was issue with > metadata information in Fedora 19 and Rawhide repositories which > prevented proper packages propagating. > > Please try up to date packages from update-testing as of Monday. > I think this is similar to a bug I've seen reported elsewhere I believe the underlying cause may be the HTTP_PROXY and HTTPS_PROXY variables. If these are set then the ipa install script has problems locating the dogtag server and fails. The error I see in my install log is something along the lines of certificate server failed to restart. From the point of view of the running script the failure looks the same as that produced if the script is run twice. It should be easy to re-create this bug simply by setting HTTP_PROXY and HTTPS_PROXY on a test server and running the server install. Posts in other forums suggest re-installation solves the problem, I suggest this simply removes these variables. Could the install script check for them being set and unset-reset them or simply warn the user? G ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work
On Fri, 14 Jun 2013, Steve Dickson wrote: The $subject says it all... Any ideas what is going on here? I did fresh install right now on a up to date F19 VM and experienced no problem whatsoever. There were updates in pki-* and 389-ds-* packages over weekend. 2013-06-14T16:54:45Z DEBUG Starting external process 2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI 2013-06-14T16:54:51Z DEBUG Process finished, return code=1 2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpO2lDxI. ^^^ The date corresponds to Friday last week, also there was issue with metadata information in Fedora 19 and Rawhide repositories which prevented proper packages propagating. Please try up to date packages from update-testing as of Monday. -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work
The $subject says it all... Any ideas what is going on here?
steved.
Original Message
So yum install works, but 'ipa-server-install' fails every time - I've tried
debugging but i think i've gone as far as i can down the pki tomcat rabbit hole:
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30
seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI' returned non-zero exit status 1
Configuration of CA failed
>From the install log:
2013-06-14T16:54:45Z DEBUG Starting external process
2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI
2013-06-14T16:54:51Z DEBUG Process finished, return code=1
2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from
/tmp/tmpO2lDxI.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed.
2013-06-14T16:54:51Z DEBUG stderr=
2013-06-14T16:54:51Z CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI' returned non-zero exit status 1
2013-06-14T16:54:51Z INFO File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 616,
in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 1025, in main
dm_password, subject_base=options.subject)
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
617, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
363, in start_creation
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
736, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
2013-06-14T16:54:51Z INFO The ipa-server-install command failed, exception:
RuntimeError: Configuration of CA failed
Running that command by hand exposes a different bug:
/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI
ERROR: File '/tmp/tmpO2lDxI' is either missing or is NOT a regular file!
Traceback (most recent call last):
File "/usr/sbin/pkispawn", line 424, in
main(sys.argv)
File "/usr/sbin/pkispawn", line 122, in main
parser.validate()
File "/usr/lib/python2.7/site-packages/pki/deployment/pkiparser.py", line
153, in validate
parser.arg_parser.print_help()
NameError: global name 'parser' is not defined
the fix is two places where "parser." needs to be changed to "self." but that
is just an error in an error path…
-dros
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
