[Freeipa-users] Unable to Install IPA

Martin Kosek mkosek at redhat.com
Tue Mar 3 14:27:16 UTC 2015 

I do not think these are related, this should be just mod_ssl, thinking that
port 443 does not use SSL (slightly related bug -
https://bugzilla.redhat.com/show_bug.cgi?id=1023168). If you uninstall mod_ssl,
the warning should disappear.

I see Endi just replied in other part of this thread, so let us continue there.

Martin

On 03/03/2015 02:42 PM, Hadoop Solutions wrote:
> Hi Martin,
> 
> please find the below HTTPD error logs
> 
> 
> [Sun Mar 01 04:27:57 2015] [notice] SELinux policy enabled; httpd running
> as context unconfined_u:system_r:httpd_t:s0
> [Sun Mar 01 04:27:57 2015] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Sun Mar 01 04:27:57 2015] [warn] Init: (
> sv2lxbdp2kfstd02.corp.equinix.com:443) You configured HTTP(80) on the
> standard HTTPS(443) port!
> [Sun Mar 01 04:29:02 2015] [notice] SELinux policy enabled; httpd running
> as context unconfined_u:system_r:httpd_t:s0
> [Sun Mar 01 04:29:02 2015] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Sun Mar 01 04:29:03 2015] [warn] Init: (
> sv2lxbdp2kfstd02.corp.equinix.com:443) You configured HTTP(80) on the
> standard HTTPS(443) port!
> 
> 
> 
> Thanks,
> Shaik
> 
> On 3 March 2015 at 20:06, Martin Kosek <mkosek at redhat.com> wrote:
> 
>> On 02/28/2015 07:18 AM, Rob Crittenden wrote:
>>> Hadoop Solutions wrote:
>>>> Hi Rob,
>>>>
>>>> please find the attached log of /var/log/ipaserver-install.log
>>>>
>>>> kindly let me know the solution for this..
>>>
>>> Can you see if you have any SElinux failures?
>>>
>>> # ausearch -m AVC -ts recent
>>>
>>> I see some SELinux errors in the log. Not sure if this is it or not but
>>> for some reason the dogtag SELinux policy doesn't always install
>>> correctly. The fix seems to be to re-install the pki-selinux package.
>>>
>>> You'll also need to run pkiremove manually after running
>>> ipa-server-install --uninstall. It doesn't always record the fact that a
>>> service install is attempted and fails.
>>>
>>> # pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force
>>>
>>> rob
>>
>> With regards to PKI and SELinux, I can only recall that pki-selinux package
>> required the most up to date selinux-policy package, otherwise it printed
>> SELinux related error during installation.
>>
>> Your bug also reminds me of
>> https://fedorahosted.org/pki/ticket/1282
>> which was caused by HTTPD not having some of the modules (AJP proxy module)
>> enabled. Can you please check /var/log/httpd/error_log if there are any
>> related
>> interesting error messages?
>>
>> Thanks,
>> Martin
>>
>

More information about the Freeipa-users mailing list