[Freeipa-users] freeipa-server from copr repo

Tamas Papp tompos at martos.bme.hu
Wed Nov 19 20:23:52 UTC 2014


hi Martin,

Much better:)
Unfortunately not perfect yet.

[...]
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
ipa         : ERROR    Named service failed to start (Command 
''/bin/systemctl' 'restart' 'named-pkcs11.service'' returned non-zero 
exit status 1)
named service failed to start

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files

Restarting the web server
Unexpected error - see /var/log/ipaserver-install.log for details:
CalledProcessError: Command ''/bin/systemctl' 'restart' 'ipa.service'' 
returned non-zero exit status 1


This helped:

chmod 777 /var/named/dyndb-ldap/ipa/

Probably chown or chgrp named would be just enough.


Cheers,
tamas

On 11/19/2014 05:41 PM, Martin Kosek wrote:
> It is highly probable the issue is caused by SELinux (check for AVCs in /var/log/audit/audit.log).
>
> Can you try with SELinux permissive? We specifically did not build selinux-policy as we do not think we should be the ones maintaining it for CentOS.
>
> HTH,
> Martin
>
> ----- Original Message -----
>> From: "Bill Peck" <bill at pecknet.com>
>> To: "Martin Kosek" <mkosek at redhat.com>
>> Cc: "Tamas Papp" <tompos at martos.bme.hu>, freeipa-users at redhat.com
>> Sent: Wednesday, November 19, 2014 5:34:10 PM
>> Subject: Re: [Freeipa-users] freeipa-server from copr repo
>>
>> Hi Marin,
>>
>> I was able to install from the copr repo now as well.  Thank you!
>>
>> However I wasn't able to finish the install:
>>
>>    [23/27]: configure certmonger for renewals
>>    [24/27]: configure certificate renewals
>>    [error] DBusException: org.fedorahosted.certmonger.bad_arg: The location
>> "/etc/pki/pki-tomcat/alias" could not be accessed due to insufficient
>> permissions.
>>
>>
>> Don't know if you need the command for how I was installing ipa.  But here
>> is the line from my anseible playbook.
>> shell: ipa-server-install -a {{ adminpassword }} --hostname={{ servername
>> }} -r {{ realm }} -p {{ directorypassword }} -n {{ domain }} --setup-dns
>> --forwarder={{ dnsforwarder }} -U creates={{ slapd }}
>>
>> On Wed, Nov 19, 2014 at 11:23 AM, Martin Kosek <mkosek at redhat.com> wrote:
>>
>>> On 11/19/2014 11:57 AM, Tamas Papp wrote:
>>>> I am good in waiting;)
>>>>
>>>> Thanks for the prompt reply.
>>> Ok Tamas, I think we *finally* got somewhere. Can you please try the
>>> mkosek/freeipa Copr repo now?
>>>
>>> I was able to install upstream "freeipa-server" 4.1.1 package on my
>>> RHEL-7.0
>>> machine (should be the same for CentOS) and run ipa-server-install:
>>>
>>> # yum install freeipa-server --enablerepo=mkosek-freeipa
>>> ...
>>> Resolving Dependencies
>>> --> Running transaction check
>>> ---> Package freeipa-server.x86_64 0:4.1.1-1.2.el7.centos will be installed
>>> ...
>>> Transaction Summary
>>>
>>> ========================================================================================================
>>> Install  1 Package  (+338 Dependent packages)
>>> Upgrade             (  11 Dependent packages)
>>>
>>> Total download size: 146 M
>>> ...
>>>
>>> # rpm -q freeipa-server
>>> freeipa-server-4.1.1-1.2.el7.centos.x86_64
>>>
>>> # ipa-server-install --setup-dns
>>>
>>> # kinit admin
>>> Password for admin at EXAMPLE.COM:
>>>
>>> Thanks,
>>> Martin
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go To http://freeipa.org for more info on the project
>>>




More information about the Freeipa-users mailing list