Re: [Freeipa-users] i could use some help with installing FreeIPA

Rob Crittenden Mon, 16 Dec 2013 19:34:25 -0800

Dmitri Pal wrote:

On 12/16/2013 06:46 PM, Galen Brownsmith wrote:

My install fails on the invocation of pkispawn with a Socket Error in
the pki-ca-spawn log  ; anyone have any ideas?  (It isn't the issue
with special characters in the DM's password, as my Directory Manager
and IPA Admin passwords may be 32 characters long, but only contain
[A-Za-z0-9_] )


Configuration and Error Messages follow.

Target System: Fedora19 64bit LXC Container running on top of a
Fedora19 64bit host.  Kernel 3.11.10, Q9550 Intel CPU.
Attempting to install freeipa server 3.3.3 .  SEllinux has been set to
'disabled' on the host and container.

/etc/hosts:
# IP            FQDN                            Alias(es)
127.0.0.1       localhost.localdomain           localhost localhost4
192.168.253.94 woeg.marphod.net <http://woeg.marphod.net> woeg

# Peers
192.168.253.99 skete.marphod.net <http://skete.marphod.net> skete
wiki.marphod.net <http://wiki.marphod.net> wiki www.marphod.net
<http://www.marphod.net> www
[... several more machines]

/etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search marphod.net <http://marphod.net>
nameserver 192.168.253.1

/etc/sysconfig/network:
NETWORKING=yes
HOSTNAME=woeg.marphod.net <http://woeg.marphod.net>

No software firewall on the Container:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source destination

Chain FORWARD (policy ACCEPT)
target     prot opt source destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Not using NetworkManager.  The machine has a virtual nic, and is
connected to the bridge on the host, and can interact with the outside
world.

Installation commands:
# ipa-server-install --uninstall -U
# pkidestroy -s CA -i pki-tomcat
# ipa-server-install -N -d --no-host-dns

I select the defaults during the interactive install.

During installation, everything seems to run fine up to the invocation
of pkispawn.   I then get the errors:
<text>
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed.

ipa         : DEBUG    stderr=Job for [email protected]
failed. See 'systemctl status [email protected]' and
'journalctl -xn' for details.
pkispawn    : ERROR    ....... server failed to restart

ipa         : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpwNB5bU' returned non-zero exit
status 1
ipa         : DEBUG      File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 622, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1074, in main
    dm_password, subject_base=options.subject)

  File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 478, in configure_instance
    self.start_creation(runtime=210)

  File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
364, in start_creation
    method()

  File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 604, in __spawn_instance
    raise RuntimeError('Configuration of CA failed')

ipa         : DEBUG    The ipa-server-install command failed,
exception: RuntimeError: Configuration of CA failed
Configuration of CA failed
</text>

the relevant errors from /var/log/pki/pki-ca-spawn.timestamp.log: (the
... skipping... is from the file)
<text>
...skipping...
y still be down
2013-12-16 18:12:23 pkispawn    : DEBUG    ........... No connection -
exception thrown: Cannot connect to proxy. Socket error: [Errno 111]
Connection refused.
2013-12-16 18:12:24 pkispawn    : DEBUG    ........... No connection -
server may still be down
2013-12-16 18:12:24 pkispawn    : DEBUG    ........... No connection -
exception thrown: Cannot connect to proxy. Socket error: [Errno 111]
Connection refused.
2013-12-16 18:12:25 pkispawn    : DEBUG    ........... No connection -
server may still be down
...
(error repeated 12 more times)
...
2013-12-16 18:12:39 pkispawn    : ERROR    ....... server failed to
restart
2013-12-16 18:12:39 pkispawn    : DEBUG    ....... Error Type: SystemExit
2013-12-16 18:12:39 pkispawn    : DEBUG    ....... Error Message: 1
2013-12-16 18:12:39 pkispawn    : DEBUG    .......   File
"/usr/sbin/pkispawn", line 374, in main
    rv = instance.spawn()
  File
"/usr/lib/python2.7/site-packages/pki/deployment/configuration.py",
line 102, in spawn
    sys.exit(1)
</text>


You are trying it in a container. I do not know whether this makes a
difference.
It might be due to the fact that underlying directory server has not
started.
Please look at the pki instance DS logs to determine whether the DS
instance was installed and configured correctly.
http://www.freeipa.org/page/Troubleshooting#Server_Installation
Please publish these logs here.

I'm not entirely sure that IPA works in a container. I think thatNathaniel looked at this a few months ago but I can't recall his findings.


rob

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] i could use some help with installing FreeIPA

Reply via email to