[Freeipa-users] freeipa-server from copr repo
Martin Kosek
mkosek at redhat.com
Wed Nov 19 19:45:28 UTC 2014
Good news!
To clarify on the selinux-policy side. By not maintaining it for the CentOS I
meant that FreeIPA Copr should not maintain system policy for any system, not
just SELinux.
Ideally, it should have a SELinux policy module that would be compiled for
SELinux only and that would only contain the additional policy required by IPA
on top of 7.0.
But this is not a priority for now & we do not have enough capacity for it ATM.
But if anyone wishes to contribute that part, doors are open :-)
Martin
On 11/19/2014 05:56 PM, Bill Peck wrote:
>
> Hi Martin,
>
> Yes, setting selinux to permissive allowed me to install and configure IPA 4.1
> on CentOS 7.
>
> :-)
>
> On Wed, Nov 19, 2014 at 11:41 AM, Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
>
> It is highly probable the issue is caused by SELinux (check for AVCs in
> /var/log/audit/audit.log).
>
> Can you try with SELinux permissive? We specifically did not build
> selinux-policy as we do not think we should be the ones maintaining it for
> CentOS.
>
> HTH,
> Martin
>
> ----- Original Message -----
> > From: "Bill Peck" <bill at pecknet.com <mailto:bill at pecknet.com>>
> > To: "Martin Kosek" <mkosek at redhat.com <mailto:mkosek at redhat.com>>
> > Cc: "Tamas Papp" <tompos at martos.bme.hu <mailto:tompos at martos.bme.hu>>,
> freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> > Sent: Wednesday, November 19, 2014 5:34:10 PM
> > Subject: Re: [Freeipa-users] freeipa-server from copr repo
> >
> > Hi Marin,
> >
> > I was able to install from the copr repo now as well. Thank you!
> >
> > However I wasn't able to finish the install:
> >
> > [23/27]: configure certmonger for renewals
> > [24/27]: configure certificate renewals
> > [error] DBusException: org.fedorahosted.certmonger.bad_arg: The location
> > "/etc/pki/pki-tomcat/alias" could not be accessed due to insufficient
> > permissions.
> >
> >
> > Don't know if you need the command for how I was installing ipa. But here
> > is the line from my anseible playbook.
> > shell: ipa-server-install -a {{ adminpassword }} --hostname={{ servername
> > }} -r {{ realm }} -p {{ directorypassword }} -n {{ domain }} --setup-dns
> > --forwarder={{ dnsforwarder }} -U creates={{ slapd }}
> >
> > On Wed, Nov 19, 2014 at 11:23 AM, Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
> >
> > > On 11/19/2014 11:57 AM, Tamas Papp wrote:
> > > > I am good in waiting;)
> > > >
> > > > Thanks for the prompt reply.
> > >
> > > Ok Tamas, I think we *finally* got somewhere. Can you please try the
> > > mkosek/freeipa Copr repo now?
> > >
> > > I was able to install upstream "freeipa-server" 4.1.1 package on my
> > > RHEL-7.0
> > > machine (should be the same for CentOS) and run ipa-server-install:
> > >
> > > # yum install freeipa-server --enablerepo=mkosek-freeipa
> > > ...
> > > Resolving Dependencies
> > > --> Running transaction check
> > > ---> Package freeipa-server.x86_64 0:4.1.1-1.2.el7.centos will be
> installed
> > > ...
> > > Transaction Summary
> > >
> > >
> ========================================================================================================
> > > Install 1 Package (+338 Dependent packages)
> > > Upgrade ( 11 Dependent packages)
> > >
> > > Total download size: 146 M
> > > ...
> > >
> > > # rpm -q freeipa-server
> > > freeipa-server-4.1.1-1.2.el7.centos.x86_64
> > >
> > > # ipa-server-install --setup-dns
> > >
> > > # kinit admin
> > > Password for admin at EXAMPLE.COM <mailto:admin at EXAMPLE.COM>:
> > >
> > > Thanks,
> > > Martin
> > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go To http://freeipa.org for more info on the project
> > >
> >
>
>
More information about the Freeipa-users
mailing list