[Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
bahan w
bahanw042014 at gmail.com
Mon Jun 1 07:47:33 UTC 2015
Hello everyone.
I modified the /etc/selinux/config file :
#########################################################
# This file controls the state of SELinux on the system.
# SELINUX=disabled
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
#########################################################
Then I rebooted.
#########################################################
reboot
#########################################################
Here is the result of getenforce :
#########################################################
Permissive
#########################################################
I removed the ipa-server that I had and I tried te 3.0.0-42 :
#########################################################
yum install ipa-server-3.0.0-42.el6.x86_64
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ipa-server.x86_64 0:3.0.0-42.el6 will be installed
--> Processing Dependency: ipa-client = 3.0.0-42.el6 for package:
ipa-server-3.0.0-42.el6.x86_64
--> Processing Dependency: ipa-admintools = 3.0.0-42.el6 for package:
ipa-server-3.0.0-42.el6.x86_64
--> Processing Dependency: ipa-python = 3.0.0-42.el6 for package:
ipa-server-3.0.0-42.el6.x86_64
--> Processing Dependency: ipa-server-selinux = 3.0.0-42.el6 for package:
ipa-server-3.0.0-42.el6.x86_64
--> Running transaction check
---> Package ipa-admintools.x86_64 0:3.0.0-42.el6 will be installed
---> Package ipa-client.x86_64 0:3.0.0-42.el6 will be installed
---> Package ipa-python.x86_64 0:3.0.0-42.el6 will be installed
---> Package ipa-server-selinux.x86_64 0:3.0.0-42.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch
Version Repository Size
======================================================================================================================================
Installing:
ipa-server x86_64
3.0.0-42.el6 standard 1.1 M
Installing for dependencies:
ipa-admintools x86_64
3.0.0-42.el6 standard 67 k
ipa-client x86_64
3.0.0-42.el6 standard 145 k
ipa-python x86_64
3.0.0-42.el6 standard 928 k
ipa-server-selinux x86_64
3.0.0-42.el6 standard 66 k
Transaction Summary
======================================================================================================================================
Install 5 Package(s)
Total download size: 2.3 M
Installed size: 9.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/5):
ipa-admintools-3.0.0-42.el6.x86_64.rpm
| 67 kB 00:00
(2/5):
ipa-client-3.0.0-42.el6.x86_64.rpm
| 145 kB 00:00
(3/5):
ipa-python-3.0.0-42.el6.x86_64.rpm
| 928 kB 00:00
(4/5):
ipa-server-3.0.0-42.el6.x86_64.rpm
| 1.1 MB 00:00
(5/5):
ipa-server-selinux-3.0.0-42.el6.x86_64.rpm
| 66 kB 00:00
--------------------------------------------------------------------------------------------------------------------------------------
Total
6.8 MB/s | 2.3 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing :
ipa-python-3.0.0-42.el6.x86_64
1/5
Installing :
ipa-client-3.0.0-42.el6.x86_64
2/5
Installing :
ipa-admintools-3.0.0-42.el6.x86_64
3/5
Installing :
ipa-server-3.0.0-42.el6.x86_64
4/5
Installing :
ipa-server-selinux-3.0.0-42.el6.x86_64
5/5
libsepol.print_missing_requirements: ipa_dogtag's global requirements were
not met: type/attribute pki_ca_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule: Failed!
Verifying :
ipa-server-3.0.0-42.el6.x86_64
1/5
Verifying :
ipa-server-selinux-3.0.0-42.el6.x86_64
2/5
Verifying :
ipa-python-3.0.0-42.el6.x86_64
3/5
Verifying :
ipa-client-3.0.0-42.el6.x86_64
4/5
Verifying :
ipa-admintools-3.0.0-42.el6.x86_64
5/5
Installed:
ipa-server.x86_64 0:3.0.0-42.el6
Dependency Installed:
ipa-admintools.x86_64 0:3.0.0-42.el6 ipa-client.x86_64
0:3.0.0-42.el6 ipa-python.x86_64 0:3.0.0-42.el6
ipa-server-selinux.x86_64 0:3.0.0-42.el6
Complete!
#########################################################
The errors linked with dogtag is still there.
Now, when I tried to run the ipa-server-install command here is what I have
:
#########################################################
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30
seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname MYHOST -cs_port
9445 -client_certdb_dir /tmp/tmp-nbZ4fw -client_certdb_pwd XXXXXXXX
-preop_pin WJUMtgRhyvooPs1kHhyQ -domain_name IPA -admin_user admin
-admin_email root at localhost -admin_password XXXXXXXX -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=MYREALM -ldap_host MYHOST -ldap_port 7389 -bind_dn
cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name
ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYREALM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYREALM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=MYREALM
-ca_server_cert_subject_name CN=MYHOST,O=MYREALM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=MYREALM
-ca_sign_cert_subject_name CN=Certificate Authority,O=MYREALM -external
false -clone false' returned non-zero exit status 255
Configuration of CA failed
#########################################################
And here is what I found in the ipasrever-install.log :
#########################################################
2015-06-01T07:38:43Z DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:385)
at java.net.Socket.connect(Socket.java:546)
at java.net.Socket.connect(Socket.java:495)
at java.net.Socket.<init>(Socket.java:392)
at java.net.Socket.<init>(Socket.java:235)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
2015-06-01T07:38:43Z CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname MYHOST -cs_port
9445 -client_certdb_dir /tmp/tmp-nbZ4fw -client_certdb_pwd XXXXXXXX
-preop_pin WJUMtgRhyvooPs1kHhyQ -domain_name IPA -admin_user admin
-admin_email root at localhost -admin_password XXXXXXXX -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=MYREALM -ldap_host MYHOST -ldap_port 7389 -bind_dn
cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name
ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYREALM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYREALM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=MYREALM
-ca_server_cert_subject_name CN=MYHOST,O=MYREALM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=MYREALM
-ca_sign_cert_subject_name CN=Certificate Authority,O=MYREALM -external
false -clone false' returned non-zero exit status 255
2015-06-01T07:38:43Z INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
614, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 942, in main
subject_base=options.subject)
File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
line 626, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
line 358, in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
line 888, in __configure_instance
raise RuntimeError('Configuration of CA failed')
2015-06-01T07:38:43Z INFO The ipa-server-install command failed, exception:
RuntimeError: Configuration of CA failed
#########################################################
I'm not really sure permissive mode with SELinux is helping in fact.
Best regards.
Bahan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150601/2dfa088a/attachment.htm>
More information about the Freeipa-users
mailing list