[Freeipa-devel] [PATCH] 391-395 Fedora 19 build and install fixes

Martin Kosek mkosek at redhat.com
Thu Mar 28 09:20:58 UTC 2013 

On 03/27/2013 10:42 AM, Tomas Babej wrote:
> On Tue 26 Mar 2013 06:49:59 PM CET, Martin Kosek wrote:
>> On 03/26/2013 06:32 PM, Tomas Babej wrote:
>>> On 03/26/2013 05:38 PM, Martin Kosek wrote:
>>>> On 03/21/2013 11:59 AM, Martin Kosek wrote:
>>>>> This set of patches (details in commit messages) allow build and
>>>>> installation
>>>>> of FreeIPA in Fedora 19. I tested server and replica install
>>>>> (master on f18,
>>>>> replica on f19) and both worked fine.
>>>>>
>>>>> The patches are compatible with Fedora 18 (I tested).
>>>>>
>>>>> If your Fedora 19 does not have bind-9.9.2-11.P1.fc19, you may need
>>>>> to get that
>>>>> from koji:
>>>>>
>>>>> Bug 920713 - named timeouts when started via systemd
>>>>>
>>>>> Also, to fix trusts and ipa-adtrust-install, I had to use my custom
>>>>> build of
>>>>> 389-ds-base as current builds do not accepts Kerberos tickets
>>>>> greater than 2048
>>>>> bytes. This is the bug I filed:
>>>>>
>>>>> Bug 923879 - 389-ds-base cannot handle Kerberos tickets with PAC
>>>>>
>>>>> Martin
>>>>>
>>>> Sending rebased patches (there was a conflic in spec changelog).
>>>>
>>>> Martin
>>>>
>>> This still needs the following rebase (changelog is not in
>>> chronological order):
>>>
>>> -* Wed Mar 13 2013 Martin Kosek <mkosek at redhat.com> - 3.1.99-2
>>> +* Tue Mar 26 2013 Martin Kosek <mkosek at redhat.com> - 3.1.99-2
>>
>> Right, I will fix that.
>>
>>>
>>> The build on F19 went OK, however, IPA installation on F19 fails with
>>> the
>>> following error:
>>>
>>> [snip]
>>> Configuring certificate server (pki-tomcatd): Estimated time 3
>>> minutes 30 seconds
>>>    [1/20]: creating certificate server user
>>>    [2/20]: configuring certificate server instance
>>> Unexpected error - see /var/log/ipaserver-install.log for details:
>>> IOError: [Errno 2] No such file or directory:
>>> '/root/.pki/pki-tomcat/ca_admin_cert.p12'
>>
>> What pki-ca version do you use? There were some related fixes for bugs
>> I found in pki-ca component (see Bug 919476). I used
>> pki-ca-10.0.1-2.1.fc19.noarch
>>
> 
> The version is the same.
> 
>> If you have this version or higher, what is the root cause of the
>> failure? Is there any useful info in ipaserver-install.log?
>>
> 
> I haven't been able to identify the cause. There seems to be an issue with
> certmonger as well,
> since consenquent uninstallation fails with:
> 
>
[snip]
> 2013-03-26T17:03:19Z INFO The ipa-server-install command failed, exception:
> IOError: [Errno 2] No such file or directory:
> '/root/.pki/pki-tomcat/ca_admin_cert.p12'
> 
>> Thanks,
>> Martin
>>
>>>
>>>
>>> Patches work fine on F18.
>>>
>>> Tomas
>>
> 
> 

Tomas is investigating the Fedora 19 failure, it was most probably caused by
improperly upgraded VM. Sending updated and rebased patchset addressing issues
found so far.

I also reopened BIND bug as BIND does not start after reboot due to wrong
tmpfiles.d configuration:
https://bugzilla.redhat.com/show_bug.cgi?id=920713
But this should not affect the patches as the fix would need to be done only in
bind packages.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-391-3-remove-conflict-with-krb5-1.11.patch
Type: text/x-patch
Size: 2367 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130328/a67efaf5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-392-3-remove-build-warnings.patch
Type: text/x-patch
Size: 14329 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130328/a67efaf5/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-393-3-remove-syslog.target-from-ipa.server.patch
Type: text/x-patch
Size: 1876 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130328/a67efaf5/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-394-3-put-pid-file-to-named.conf.patch
Type: text/x-patch
Size: 3802 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130328/a67efaf5/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-395-3-update-mod_wsgi-socket-directory.patch
Type: text/x-patch
Size: 1095 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130328/a67efaf5/attachment-0004.bin>

More information about the Freeipa-devel mailing list