[Freeipa-users] freeipa-client on Debian Wheezy

Alexandre Ellert aellert at numeezy.com
Fri Jul 19 15:53:00 UTC 2013 

It's based on 3.0.2 with 1011-xmlrpc_response.patch (found in ipa-3.0.0-26.el6_4.4.src.rpm) and self._conn.close() is added by this patch. 
I included it because it correct this problem :
unable to parse cookie header 'ipa_session=83701130bf434d20cf8c5a3fe2a0ac56; Domain=inf-ipa.numeezy.fr; Path=/ipa; Expires=Fri, 19 Jul 2013 16:08:31 GMT; Secure; HttpOnly': unable to parse expires datetime 'Fri, 19 Jul 2013 16:08:31'


Le 19 juil. 2013 à 17:08, Martin Kosek <mkosek at redhat.com> a écrit :

> Thanks, this should help. Maybe the IPA just tries to close the connection
> twice _after_ keys were uploaded to the server.
> 
> Anyway, what version of IPA software is the Debian package based on? I cannot
> find line "self._conn.close()" in ipalib/rpc.py in any of our active branches.
> 
> Martin
> 
> On 07/19/2013 05:03 PM, Alexandre Ellert wrote:
>> Here is the traceback :
>> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
>> Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
>> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
>> Forwarding 'host_mod' to server u'https://inf-ipa.numeezy.fr/ipa/xml'
>> host_mod: KerbTransport instance has no attribute '_conn'
>> Traceback (most recent call last):
>>  File "/usr/sbin/ipa-client-install", line 1234, in update_ssh_keys
>>    updatedns=False
>>  File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 435, in __call__
>>    ret = self.run(*args, **options)
>>  File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 748, in run
>>    return self.forward(*args, **options)
>>  File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 769, in forward
>>    return self.Backend.xmlclient.forward(self.name, *args, **kw)
>>  File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 748, in forward
>>    response = command(*xml_wrap(params))
>>  File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__
>>    return self.__send(self.__name, args)
>>  File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request
>>    verbose=self.__verbose
>>  File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 490, in request
>>    self.close()
>>  File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 457, in close
>>    self._conn.close()
>> AttributeError: KerbTransport instance has no attribute '_conn'
>> Failed to upload host SSH public keys.
>> 
>> -> Key are correctly uploaded on the new VM.
>> 
>> Le 19 juil. 2013 à 16:30, Alexandre Ellert <aellert at numeezy.com> a écrit :
>> 
>>> 
>>> Le 19 juil. 2013 à 16:24, Martin Kosek <mkosek at redhat.com> a écrit :
>>> 
>>>> On 07/19/2013 03:28 PM, Alexandre Ellert wrote:
>>>>> 
>>>>> Le 19 juil. 2013 à 10:20, Martin Kosek <mkosek at redhat.com> a écrit :
>>>>> 
>>>>>> On 07/19/2013 02:59 AM, Alexandre Ellert wrote:
>>>>>>> Hi,
>>>>>>> 
>>>>>>> I have these 3 errors/warnings message when I join a Debian client to a RHEL 6.4 server (ipa-server-3.0.0-26.el6_4.4.x86_64):
>>>>>>> 
>>>>>>> => certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
>>>>>>> There is no such file even on RHEL 6. What is this file ?
>>>>>> 
>>>>>> This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
>>>>>> RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
>>>>>> /var/run/ipa/ directory is there (or update debian platform file to override
>>>>>> PlatformService class in ipapython/platform/base/__init__.py).
>>>>> 
>>>>> I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
>>>>> 
>>>>>> 
>>>>>>> => host_mod: KerbTransport instance has no attribute '_conn'
>>>>>>> What does that mean ?
>>>>>> 
>>>>>> This means that there was some issue with XMLRPC call to IPA server (the error
>>>>>> message is indeed unfortunate) - does ipaclient-install.log contain more details?
>>>>> 
>>>>> Unfortunately there is no more details in ipaclient-install.log, here is the relevant part :
>>>>> 2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
>>>>> 2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
>>>>> Is there any way to get more debug log ?
>>>>> In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
>>>>> 
>>>> 
>>>> Are you sure the SSH keys aren't there from previous installation attempt or
>>>> similar? The _conn generally means there was some problem with the connection
>>>> to server in the xmlrpclib python library.
>>> 
>>> I can confirm you that SSH key upload is successful. I've done tests with a fresh install of Debian.
>>> To be sure, I will create a new VM and try an ipa-client-install with modifications you give me.
>>> 
>>>> 
>>>> We need to find out what and why triggers it, a change in ipa-client-install
>>>> script like below may shed more light on what is the source of the error:
>>>> 
>>>> 
>>>> diff --git a/ipa-client/ipa-install/ipa-client-install
>>>> b/ipa-client/ipa-install/ipa-client-install
>>>> index 280edd7..f82b9f6 100755
>>>> --- a/ipa-client/ipa-install/ipa-client-install
>>>> +++ b/ipa-client/ipa-install/ipa-client-install
>>>> @@ -1450,6 +1450,8 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
>>>>       pass
>>>>   except StandardError, e:
>>>>       root_logger.info("host_mod: %s", str(e))
>>>> +        import traceback
>>>> +        traceback.print_exc()
>>>>       root_logger.warning("Failed to upload host SSH public keys.")
>>>>       return
>>>> 
>>>> 
>>>> Martin
>>> 
>>> Thanks
>>> Alexandre
>>> 
>>> 
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> 
>

More information about the Freeipa-users mailing list