[Freeipa-devel] Configuring ipa-otpd error when selinux is enable

郑磊 zhenglei at kylinos.cn
Tue Nov 8 06:20:04 UTC 2016 

Thank you for your reply! The problem is solved. The reason is that the path of ExecStart program is incorrect in the /lib/systemd/system/ipa-otpd at .service file. I will send mail to freeipa-users if there is any problem. 





------------------
祝:
    工作顺利!生活愉快!
--------------------------
长沙研发中心 郑磊 
电话:18684703229
邮箱:zhenglei at kylinos.cn
公司:天津麒麟信息技术有限公司
地址:湖南长沙市开福区三一大道工美大厦十四楼
 

 
 
 
------------------ Original ------------------
From:  "Lukas Slebodnik"<lslebodn at redhat.com>;
Date:  Tue, Nov 8, 2016 02:06 PM
To:  "郑磊"<zhenglei at kylinos.cn>; 
Cc:  "freeipa-devel"<freeipa-devel at redhat.com>; 
Subject:  Re: [Freeipa-devel] Configuring ipa-otpd error when selinux is enable

 
On (08/11/16 10:29), 郑磊 wrote:
>Hello everyone,
>
>I have successfully set up the FreeIPA environment on Ubuntu when selinux is disable. But when selinux is enable, there is a configuring ipa-otpd error occurred. 
>
>The ipaserver-install.log shows following informations:
>2016-11-08T01:55:18Z DEBUG   [1/2]: starting ipa-otpd
>2016-11-08T01:55:18Z DEBUG Starting external process
>2016-11-08T01:55:18Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket
>2016-11-08T01:55:18Z DEBUG Process finished, return code=3
>2016-11-08T01:55:18Z DEBUG stdout=inactive
>
>2016-11-08T01:55:18Z DEBUG stderr=
>2016-11-08T01:55:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2016-11-08T01:55:18Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2016-11-08T01:55:18Z DEBUG Starting external process
>2016-11-08T01:55:18Z DEBUG args=/bin/systemctl restart ipa-otpd.socket
>2016-11-08T01:55:18Z DEBUG Process finished, return code=1
>2016-11-08T01:55:18Z DEBUG stdout=
>2016-11-08T01:55:18Z DEBUG stderr=Job for ipa-otpd.socket failed. See "systemctl status ipa-otpd.socket" and "journalctl -xe" for details.
>
>2016-11-08T01:55:18Z DEBUG Traceback (most recent call last):
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation
>    run_step(full_msg, method)
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 437, in run_step
>    method()
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 585, in __start
>    self.restart()
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 347, in restart
>    self.service.restart(instance_name, capture_output=capture_output, wait=wait)
>  File "/usr/lib/python2.7/dist-packages/ipaplatform/base/services.py", line 301, in restart
>    skip_output=not capture_output)
>  File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 479, in run
>    raise CalledProcessError(p.returncode, arg_string, str(output))
>CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1
>
>2016-11-08T01:55:18Z DEBUG   [error] CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1
>2016-11-08T01:55:18Z DEBUG   File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
>    return_value = self.run()
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 318, in run
>    cfgr.run()
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 310, in run
>    self.execute()
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 332, in execute
>    for nothing in self._executor():
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner
>    self._handle_exception(exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
>    six.reraise(*exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner
>    step()
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda>
>    step = lambda: next(self.__gen)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
>    six.reraise(*exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
>    value = gen.send(prev_value)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 586, in _configure
>    next(executor)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner
>    self._handle_exception(exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 449, in _handle_exception
>    self.__parent._handle_exception(exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
>    six.reraise(*exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 446, in _handle_exception
>    super(ComponentBase, self)._handle_exception(exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
>    six.reraise(*exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner
>    step()
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda>
>    step = lambda: next(self.__gen)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
>    six.reraise(*exc_info)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
>    value = gen.send(prev_value)
>  File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 63, in _install
>    for nothing in self._installer(self.parent):
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 1513, in main
>    install(self)
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 267, in decorated
>    func(installer)
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 944, in install
>    ipautil.realm_to_suffix(realm_name))
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 579, in create_instance
>    self.start_creation("Configuring %s" % self.service_name)
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation
>    run_step(full_msg, method)
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 437, in run_step
>    method()
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 585, in __start
>    self.restart()
>  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 347, in restart
>    self.service.restart(instance_name, capture_output=capture_output, wait=wait)
>  File "/usr/lib/python2.7/dist-packages/ipaplatform/base/services.py", line 301, in restart
>    skip_output=not capture_output)
>  File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 479, in run
>    raise CalledProcessError(p.returncode, arg_string, str(output))
>
>2016-11-08T01:55:18Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1
>2016-11-08T01:55:18Z ERROR Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1
>2016-11-08T01:55:18Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
>
>the ipa-otpd.socket status is as follows:
>root at ipaserver:~# systemctl status ipa-otpd.socket
>● ipa-otpd.socket - ipa-otpd socket
>   Loaded: loaded (/lib/systemd/system/ipa-otpd.socket; disabled; vendor preset: enabled)
>   Active: failed (Result: exit-code) since 二 2016-11-08 09:55:18 CST; 26min ago
>   Listen: /var/run/krb5kdc/DEFAULT.socket (Stream)
> Accepted: 0; Connected: 0
>  Process: 19864 ExecStopPre=/usr/bin/unlink /var/run/krb5kdc/DEFAULT.socket (code=exited, status=1/FAILURE)
>
>11月 08 09:55:18 ipaserver.test.com systemd[1]: Starting ipa-otpd socket.
>11月 08 09:55:18 ipaserver.test.com unlink[19864]: /usr/bin/unlink: Unable to remove '/var/run/krb5kdc/DEFAULT.socket' links: no such files or directories 
>11月 08 09:55:18 ipaserver.test.com systemd[1]: ipa-otpd.socket: Control process exited, code=exited status=1
>11月 08 09:55:18 ipaserver.test.com systemd[1]: Failed to listen on ipa-otpd socket.
>11月 08 09:55:18 ipaserver.test.com systemd[1]: ipa-otpd.socket: Unit entered failed state.
>I found that the file or directory is automatically created when ipa-otpd.socket is started.
>
>Is there anyone help me?
>
Are you sure it's caused by SELinux?
IIRC Ubuntu has apparmor and not SELinux.

And BTW this mail thread should have beed on freeipa-users and
not on devel.

LS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20161108/b669727b/attachment.htm>

More information about the Freeipa-devel mailing list