<div dir="ltr">
<p>Hi Dimitri</p><p><span>type=AVC msg=audit(1426243559.181:623): avc: </span><span><b>denied</b></span><span> { create } for pid=2740 comm="ns-slapd" name="imports" scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir</span></p>
<p><span>type=AVC msg=audit(1426243559.388:625): avc: </span><span><b>denied</b></span><span> { create } for pid=2754 comm="ns-slapd" name="imports" scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir</span></p><div class="gmail_extra">I cant find the name of the tool that scans the audit log and proposes boolean changes. So much of this stuff seems to be GUI tools.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On 13 March 2015 at 14:15, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<div>On 03/13/2015 07:43 AM, Andrew Holway
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hallo</div>
<div><br>
</div>
<div>I have a quite odd situation. I am using saltstack to set
up freeipa servers on Centos 7 but I am getting the following
error:</div>
<div><br>
</div>
<div>failed to create ds instance Command '/usr/sbin/<a href="http://setup-ds.pl" target="_blank">setup-ds.pl</a>
--silent --logfile - -f /tmp/tmp5witgD' returned non-zero exit
status 1</div>
<div><br>
</div>
<div>Saltstack outputs the command it is trying to run:</div>
<div><br>
</div>
<div>ipa-server-install -a password --realm <a href="http://CLOUD.DOMAIN.DE" target="_blank">CLOUD.DOMAIN.DE</a>
-P password -p password -n <a href="http://cloud.domain.de" target="_blank">cloud.domain.de</a>
--setup-dns --unattended --no-forwarders</div>
<div><br>
</div>
<div>However if I run this command manually on a clean machine
it works fine.</div>
<div><br>
</div>
<div>It works on Centos 6.</div>
</div>
</blockquote>
<br>
<br></span>
It usually means that you have different privileges and context when
you are running command manually and via SaltStack.<br>
There is probably a different user and a different SELinux context.<br>
Do you see any AVC denials?<br>
<br>
It really seems that you have two DS instances going on the same
machine. I suspewt that when run manually as root you sort of
override the lock and things go through but when you do it via
SaltStack it is different.<br>
<br>
Why do you need two DS instances?<div><div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I see this in the slapd error log:</div>
<div><br>
</div>
<div>[root@freeipa-2 slapd-CLOUD-NATIVE-INSTRUMENTS-DE]# cat
errors</div>
<div><span style="white-space:pre-wrap"> </span>389-Directory/<a href="http://1.3.1.6" target="_blank">1.3.1.6</a>
B2014.219.1825</div>
<div><span style="white-space:pre-wrap"> </span><a href="http://freeipa-2.cloud.native-instruments.de:389" target="_blank">freeipa-2.cloud.native-instruments.de:389</a>
(/etc/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE)</div>
<div><br>
</div>
<div>[13/Mar/2015:10:45:59 +0000] - Error - Unable to create
/var/lock/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE/imports,
Netscape Portable Runtime error -5966 (Access Denied.)</div>
<div>[13/Mar/2015:10:45:59 +0000] - Shutting down due to
possible conflicts with other slapd processes</div>
<div>[13/Mar/2015:10:45:59 +0000] - Error - Unable to create
/var/lock/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE/imports,
Netscape Portable Runtime error -5966 (Access Denied.)</div>
<div>[13/Mar/2015:10:45:59 +0000] - Shutting down due to
possible conflicts with other slapd processes</div>
<div>[root@freeipa-2 slapd-CLOUD-NATIVE-INSTRUMENTS-DE]# cat
errors | sed s/NATIVE-INSTRUMENTS/DOMAIN/g</div>
<div><span style="white-space:pre-wrap"> </span>389-Directory/<a href="http://1.3.1.6" target="_blank">1.3.1.6</a>
B2014.219.1825</div>
<div><span style="white-space:pre-wrap"> </span><a href="http://freeipa-2.cloud.native-instruments.de:389" target="_blank">freeipa-2.cloud.native-instruments.de:389</a>
(/etc/dirsrv/slapd-CLOUD-DOMAIN-DE)</div>
<div><br>
</div>
<div>[13/Mar/2015:10:45:59 +0000] - Error - Unable to create
/var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape
Portable Runtime error -5966 (Access Denied.)</div>
<div>[13/Mar/2015:10:45:59 +0000] - Shutting down due to
possible conflicts with other slapd processes</div>
<div>[13/Mar/2015:10:45:59 +0000] - Error - Unable to create
/var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape
Portable Runtime error -5966 (Access Denied.)</div>
<div>[13/Mar/2015:10:45:59 +0000] - Shutting down due to
possible conflicts with other slapd processes</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>ipaserver-install.log</div>
<div><br>
</div>
<div>015-03-13T10:45:57Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:57Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'</div>
<div>2015-03-13T10:45:57Z DEBUG httpd is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG kadmin is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG dirsrv is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG pki-cad is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG pki-tomcatd is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG install is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG krb5kdc is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG ntpd is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG named is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG ipa_memcached is not configured</div>
<div>2015-03-13T10:45:57Z DEBUG filestore is tracking no files</div>
<div>2015-03-13T10:45:57Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'</div>
<div>2015-03-13T10:45:57Z DEBUG /usr/sbin/ipa-server-install was
invoked with options: {'reverse_zone': None, 'mkhomedir':
False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp':
True, 'subject': None, 'no_forwarders': True, 'ui_redirect':
True, 'domain_name': '<a href="http://cloud.domain.de" target="_blank">cloud.domain.de</a>', 'idmax':
0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12':
None, 'unattended': True, 'trust_sshfp': False,
'external_ca_file': None, 'no_host_dns': False, 'http_pkcs12':
None, 'realm_name': '<a href="http://CLOUD.DOMAIN.DE" target="_blank">CLOUD.DOMAIN.DE</a>',
'forwarders': None, 'idstart': 1544400000, 'external_ca':
False, 'ip_address': None, 'conf_ssh': True, 'zonemgr': None,
'root_ca_file': None, 'setup_dns': True, 'host_name': None,
'debug': False, 'external_cert_file': None, 'uninstall':
False}</div>
<div>2015-03-13T10:45:57Z DEBUG missing options might be asked
for interactively later</div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'</div>
<div>2015-03-13T10:45:57Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:57Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:57Z DEBUG args=/bin/systemctl is-enabled
chronyd.service</div>
<div>2015-03-13T10:45:57Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:57Z DEBUG stdout=enabled</div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG stderr=</div>
<div>2015-03-13T10:45:57Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:57Z DEBUG args=/usr/sbin/httpd -t -D
DUMP_VHOSTS</div>
<div>2015-03-13T10:45:57Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:57Z DEBUG stdout=VirtualHost
configuration:</div>
<div>*:8443 is a NameVirtualHost</div>
<div> default server <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a>
(/etc/httpd/conf.d/nss.conf:86)</div>
<div> port 8443 namevhost <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a>
(/etc/httpd/conf.d/nss.conf:86)</div>
<div> port 8443 namevhost <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a>
(/etc/httpd/conf.d/nss.conf:86)</div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG stderr=</div>
<div>2015-03-13T10:45:57Z DEBUG Check if <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a>
is a primary hostname for localhost</div>
<div>2015-03-13T10:45:57Z DEBUG Primary hostname for localhost:
<a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a></div>
<div>2015-03-13T10:45:57Z DEBUG will use host_name: <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a></div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:57Z DEBUG args=/sbin/ip -family inet
-oneline address show</div>
<div>2015-03-13T10:45:57Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:57Z DEBUG stdout=1: lo inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a>
scope host lo\ valid_lft forever preferred_lft forever</div>
<div>2: eth0 inet <a href="http://10.16.1.100/24" target="_blank">10.16.1.100/24</a> brd
10.16.1.255 scope global dynamic eth0\ valid_lft 2770sec
preferred_lft 2770sec</div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG stderr=</div>
<div>2015-03-13T10:45:57Z DEBUG will use dns_forwarders: ()</div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG importing all plugin modules in
'/usr/lib/python2.7/site-packages/ipalib/plugins'...</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'</div>
<div>2015-03-13T10:45:57Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:57Z DEBUG args=klist -V</div>
<div>2015-03-13T10:45:57Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:57Z DEBUG stdout=Kerberos 5 version 1.11.3</div>
<div><br>
</div>
<div>2015-03-13T10:45:57Z DEBUG stderr=</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing all plugin modules in
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins'...</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_idranges.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_pacs.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_services.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py'</div>
<div>2015-03-13T10:45:57Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py'</div>
<div>2015-03-13T10:45:58Z DEBUG Adding DS group dirsrv</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/usr/sbin/groupadd -r
dirsrv</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Done adding DS group</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-enabled
chronyd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=enabled</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active
chronyd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=active</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl stop
chronyd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl disable
chronyd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=rm
'/etc/systemd/system/multi-user.target.wants/chronyd.service'</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Configuring NTP daemon (ntpd)</div>
<div>2015-03-13T10:45:58Z DEBUG [1/4]: stopping ntpd</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active
ntpd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=3</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=unknown</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl stop
ntpd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG duration: 0 seconds</div>
<div>2015-03-13T10:45:58Z DEBUG [2/4]: writing configuration</div>
<div>2015-03-13T10:45:58Z DEBUG Backing up system configuration
file '/etc/ntp.conf'</div>
<div>2015-03-13T10:45:58Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'</div>
<div>2015-03-13T10:45:58Z DEBUG Backing up system configuration
file '/etc/sysconfig/ntpd'</div>
<div>2015-03-13T10:45:58Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'</div>
<div>2015-03-13T10:45:58Z DEBUG duration: 0 seconds</div>
<div>2015-03-13T10:45:58Z DEBUG [3/4]: configuring ntpd to
start on boot</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-enabled
ntpd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=1</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=disabled</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl enable
ntpd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=ln -s
'/usr/lib/systemd/system/ntpd.service'
'/etc/systemd/system/multi-user.target.wants/ntpd.service'</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG duration: 0 seconds</div>
<div>2015-03-13T10:45:58Z DEBUG [4/4]: starting ntpd</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl start
ntpd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active
ntpd.service</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=active</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG duration: 0 seconds</div>
<div>2015-03-13T10:45:58Z DEBUG Done configuring NTP daemon
(ntpd).</div>
<div>2015-03-13T10:45:58Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Configuring directory server
(dirsrv): Estimated time 1 minute</div>
<div>2015-03-13T10:45:58Z DEBUG [1/38]: creating directory
server user</div>
<div>2015-03-13T10:45:58Z DEBUG Adding DS user dirsrv</div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/usr/sbin/useradd -g dirsrv
-c DS System User -d /var/lib/dirsrv -s /sbin/nologin -M -r
dirsrv</div>
<div>2015-03-13T10:45:58Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:58Z DEBUG stdout=</div>
<div>2015-03-13T10:45:58Z DEBUG stderr=</div>
<div>2015-03-13T10:45:58Z DEBUG Done adding DS user</div>
<div>2015-03-13T10:45:58Z DEBUG duration: 0 seconds</div>
<div>2015-03-13T10:45:58Z DEBUG [2/38]: creating directory
server instance</div>
<div>2015-03-13T10:45:58Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'</div>
<div>2015-03-13T10:45:58Z DEBUG Backing up system configuration
file '/etc/sysconfig/dirsrv'</div>
<div>2015-03-13T10:45:58Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'</div>
<div>2015-03-13T10:45:58Z DEBUG </div>
<div>dn: dc=cloud,dc=domain,dc=de</div>
<div>objectClass: top</div>
<div>objectClass: domain</div>
<div>objectClass: pilotObject</div>
<div>dc: cloud</div>
<div>info: IPA V2.0</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG writing inf template</div>
<div>2015-03-13T10:45:58Z DEBUG </div>
<div>[General]</div>
<div>FullMachineName= <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a></div>
<div>SuiteSpotUserID= dirsrv</div>
<div>SuiteSpotGroup= dirsrv</div>
<div>ServerRoot= /usr/lib64/dirsrv</div>
<div>[slapd]</div>
<div>ServerPort= 389</div>
<div>ServerIdentifier= CLOUD-DOMAIN-DE</div>
<div>Suffix= dc=cloud,dc=domain,dc=de</div>
<div>RootDN= cn=Directory Manager</div>
<div>InstallLdifFile= /var/lib/dirsrv/boot.ldif</div>
<div>inst_dir= /var/lib/dirsrv/scripts-CLOUD-DOMAIN-DE</div>
<div><br>
</div>
<div>2015-03-13T10:45:58Z DEBUG calling <a href="http://setup-ds.pl" target="_blank">setup-ds.pl</a></div>
<div>2015-03-13T10:45:58Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:58Z DEBUG args=/usr/sbin/<a href="http://setup-ds.pl" target="_blank">setup-ds.pl</a>
--silent --logfile - -f /tmp/tmp5witgD</div>
<div>2015-03-13T10:45:59Z DEBUG Process finished, return code=1</div>
<div>2015-03-13T10:45:59Z DEBUG stdout=[15/03/13:10:45:59] -
[Setup] Info Could not import LDIF file
'/var/lib/dirsrv/boot.ldif'. Error: 256. Output: importing
data ...</div>
<div>[13/Mar/2015:10:45:59 +0000] - Error - Unable to create
/var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape
Portable Runtime error -5966 (Access Denied.)</div>
<div>[13/Mar/2015:10:45:59 +0000] - Shutting down due to
possible conflicts with other slapd processes</div>
<div><br>
</div>
<div>Could not import LDIF file '/var/lib/dirsrv/boot.ldif'.
Error: 256. Output: importing data ...</div>
<div>[13/Mar/2015:10:45:59 +0000] - Error - Unable to create
/var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape
Portable Runtime error -5966 (Access Denied.)</div>
<div>[13/Mar/2015:10:45:59 +0000] - Shutting down due to
possible conflicts with other slapd processes</div>
<div><br>
</div>
<div>[15/03/13:10:45:59] - [Setup] Fatal Error: Could not create
directory server instance 'CLOUD-DOMAIN-DE'.</div>
<div>Error: Could not create directory server instance
'CLOUD-DOMAIN-DE'.</div>
<div>[15/03/13:10:45:59] - [Setup] Fatal Exiting . . .</div>
<div>Log file is '-'</div>
<div><br>
</div>
<div>Exiting . . .</div>
<div>Log file is '-'</div>
<div><br>
</div>
<div><br>
</div>
<div>2015-03-13T10:45:59Z DEBUG stderr=</div>
<div>2015-03-13T10:45:59Z CRITICAL failed to create ds instance
Command '/usr/sbin/<a href="http://setup-ds.pl" target="_blank">setup-ds.pl</a> --silent --logfile
- -f /tmp/tmp5witgD' returned non-zero exit status 1</div>
<div>2015-03-13T10:45:59Z DEBUG restarting ds instance</div>
<div>2015-03-13T10:45:59Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:59Z DEBUG args=/bin/systemctl --system
daemon-reload</div>
<div>2015-03-13T10:45:59Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:59Z DEBUG stdout=</div>
<div>2015-03-13T10:45:59Z DEBUG stderr=</div>
<div>2015-03-13T10:45:59Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:59Z DEBUG args=/bin/systemctl restart
<a href="mailto:dirsrv@CLOUD-DOMAIN-DE.service" target="_blank">dirsrv@CLOUD-DOMAIN-DE.service</a></div>
<div>2015-03-13T10:45:59Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:59Z DEBUG stdout=</div>
<div>2015-03-13T10:45:59Z DEBUG stderr=</div>
<div>2015-03-13T10:45:59Z DEBUG Starting external process</div>
<div>2015-03-13T10:45:59Z DEBUG args=/bin/systemctl is-active
<a href="mailto:dirsrv@CLOUD-DOMAIN-DE.service" target="_blank">dirsrv@CLOUD-DOMAIN-DE.service</a></div>
<div>2015-03-13T10:45:59Z DEBUG Process finished, return code=0</div>
<div>2015-03-13T10:45:59Z DEBUG stdout=active</div>
<div><br>
</div>
<div>2015-03-13T10:45:59Z DEBUG stderr=</div>
<div>2015-03-13T10:45:59Z DEBUG wait_for_open_ports: localhost
[389] timeout 300</div>
<div>2015-03-13T10:50:59Z CRITICAL Failed to restart the
directory server (). See the installation log for details.</div>
<div>2015-03-13T10:50:59Z DEBUG done restarting ds instance</div>
<div>2015-03-13T10:50:59Z DEBUG duration: 301 seconds</div>
<div>2015-03-13T10:50:59Z DEBUG [3/38]: adding default schema</div>
<div>2015-03-13T10:50:59Z DEBUG duration: 0 seconds</div>
<div>2015-03-13T10:50:59Z DEBUG [4/38]: enabling memberof
plugin</div>
<div>2015-03-13T10:50:59Z DEBUG wait_for_open_ports: <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a>
[389] timeout 10</div>
<div>2015-03-13T10:51:09Z DEBUG Could not connect to the
Directory Server on <a href="http://freeipa-2.cloud.domain.de" target="_blank">freeipa-2.cloud.domain.de</a>: </div>
<div>2015-03-13T10:51:09Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 638, in run_script</div>
<div> return_value = main_function()</div>
<div><br>
</div>
<div> File "/usr/sbin/ipa-server-install", line 1059, in main</div>
<div> hbac_allow=not options.hbac_allow)</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 323, in create_instance</div>
<div> self.start_creation(runtime=60)</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 364, in start_creation</div>
<div> method()</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 501, in __add_memberof_module</div>
<div> self._ldap_mod("memberof-conf.ldif")</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 152, in _ldap_mod</div>
<div> self.ldap_connect()</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 99, in ldap_connect</div>
<div> conn.do_simple_bind(bindpw=self.dm_password)</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1735, in do_simple_bind</div>
<div> self.__bind_with_wait(self.conn.simple_bind_s, timeout,
binddn, bindpw)</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1730, in __bind_with_wait</div>
<div> self.__wait_for_connection(timeout)</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1719, in __wait_for_connection</div>
<div> wait_for_open_ports(host, int(port), timeout)</div>
<div><br>
</div>
<div> File
"/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
1096, in wait_for_open_ports</div>
<div> raise socket.timeout()</div>
<div><br>
</div>
<div>2015-03-13T10:51:09Z DEBUG The ipa-server-install command
failed, exception: timeout:</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
<br>
</div></div><span><font color="#888888"><pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</font></span></div>
<br>--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div></div>