[Freeipa-users] Saltstack and ipa-install on Centos7 failing
Andrew Holway
andrew.holway at gmail.com
Fri Mar 13 14:24:23 UTC 2015
Hi Dimitri
type=AVC msg=audit(1426243559.181:623): avc: *denied* { create } for
pid=2740 comm="ns-slapd" name="imports"
scontext=system_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=AVC msg=audit(1426243559.388:625): avc: *denied* { create } for
pid=2754 comm="ns-slapd" name="imports"
scontext=system_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
I cant find the name of the tool that scans the audit log and proposes
boolean changes. So much of this stuff seems to be GUI tools.
On 13 March 2015 at 14:15, Dmitri Pal <dpal at redhat.com> wrote:
> On 03/13/2015 07:43 AM, Andrew Holway wrote:
>
> Hallo
>
> I have a quite odd situation. I am using saltstack to set up freeipa
> servers on Centos 7 but I am getting the following error:
>
> failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent
> --logfile - -f /tmp/tmp5witgD' returned non-zero exit status 1
>
> Saltstack outputs the command it is trying to run:
>
> ipa-server-install -a password --realm CLOUD.DOMAIN.DE -P password -p
> password -n cloud.domain.de --setup-dns --unattended --no-forwarders
>
> However if I run this command manually on a clean machine it works fine.
>
> It works on Centos 6.
>
>
>
> It usually means that you have different privileges and context when you
> are running command manually and via SaltStack.
> There is probably a different user and a different SELinux context.
> Do you see any AVC denials?
>
> It really seems that you have two DS instances going on the same machine.
> I suspewt that when run manually as root you sort of override the lock and
> things go through but when you do it via SaltStack it is different.
>
> Why do you need two DS instances?
>
>
>
>
>
> I see this in the slapd error log:
>
> [root at freeipa-2 slapd-CLOUD-NATIVE-INSTRUMENTS-DE]# cat errors
> 389-Directory/1.3.1.6 B2014.219.1825
> freeipa-2.cloud.native-instruments.de:389
> (/etc/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE)
>
> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create
> /var/lock/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE/imports, Netscape
> Portable Runtime error -5966 (Access Denied.)
> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts
> with other slapd processes
> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create
> /var/lock/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE/imports, Netscape
> Portable Runtime error -5966 (Access Denied.)
> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts
> with other slapd processes
> [root at freeipa-2 slapd-CLOUD-NATIVE-INSTRUMENTS-DE]# cat errors | sed
> s/NATIVE-INSTRUMENTS/DOMAIN/g
> 389-Directory/1.3.1.6 B2014.219.1825
> freeipa-2.cloud.native-instruments.de:389
> (/etc/dirsrv/slapd-CLOUD-DOMAIN-DE)
>
> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create
> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime
> error -5966 (Access Denied.)
> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts
> with other slapd processes
> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create
> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime
> error -5966 (Access Denied.)
> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts
> with other slapd processes
>
>
>
>
>
>
>
> ipaserver-install.log
>
> 015-03-13T10:45:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:57Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-03-13T10:45:57Z DEBUG httpd is not configured
> 2015-03-13T10:45:57Z DEBUG kadmin is not configured
> 2015-03-13T10:45:57Z DEBUG dirsrv is not configured
> 2015-03-13T10:45:57Z DEBUG pki-cad is not configured
> 2015-03-13T10:45:57Z DEBUG pki-tomcatd is not configured
> 2015-03-13T10:45:57Z DEBUG install is not configured
> 2015-03-13T10:45:57Z DEBUG krb5kdc is not configured
> 2015-03-13T10:45:57Z DEBUG ntpd is not configured
> 2015-03-13T10:45:57Z DEBUG named is not configured
> 2015-03-13T10:45:57Z DEBUG ipa_memcached is not configured
> 2015-03-13T10:45:57Z DEBUG filestore is tracking no files
> 2015-03-13T10:45:57Z DEBUG Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2015-03-13T10:45:57Z DEBUG /usr/sbin/ipa-server-install was invoked with
> options: {'reverse_zone': None, 'mkhomedir': False, 'create_sshfp': True,
> 'conf_sshd': True, 'conf_ntp': True, 'subject': None, 'no_forwarders':
> True, 'ui_redirect': True, 'domain_name': 'cloud.domain.de', 'idmax': 0,
> 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None,
> 'unattended': True, 'trust_sshfp': False, 'external_ca_file': None,
> 'no_host_dns': False, 'http_pkcs12': None, 'realm_name': 'CLOUD.DOMAIN.DE',
> 'forwarders': None, 'idstart': 1544400000, 'external_ca': False,
> 'ip_address': None, 'conf_ssh': True, 'zonemgr': None, 'root_ca_file':
> None, 'setup_dns': True, 'host_name': None, 'debug': False,
> 'external_cert_file': None, 'uninstall': False}
> 2015-03-13T10:45:57Z DEBUG missing options might be asked for
> interactively later
>
> 2015-03-13T10:45:57Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-03-13T10:45:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:57Z DEBUG Starting external process
> 2015-03-13T10:45:57Z DEBUG args=/bin/systemctl is-enabled chronyd.service
> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:57Z DEBUG stdout=enabled
>
> 2015-03-13T10:45:57Z DEBUG stderr=
> 2015-03-13T10:45:57Z DEBUG Starting external process
> 2015-03-13T10:45:57Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:57Z DEBUG stdout=VirtualHost configuration:
> *:8443 is a NameVirtualHost
> default server freeipa-2.cloud.domain.de
> (/etc/httpd/conf.d/nss.conf:86)
> port 8443 namevhost freeipa-2.cloud.domain.de
> (/etc/httpd/conf.d/nss.conf:86)
> port 8443 namevhost freeipa-2.cloud.domain.de
> (/etc/httpd/conf.d/nss.conf:86)
>
> 2015-03-13T10:45:57Z DEBUG stderr=
> 2015-03-13T10:45:57Z DEBUG Check if freeipa-2.cloud.domain.de is a
> primary hostname for localhost
> 2015-03-13T10:45:57Z DEBUG Primary hostname for localhost:
> freeipa-2.cloud.domain.de
> 2015-03-13T10:45:57Z DEBUG will use host_name: freeipa-2.cloud.domain.de
>
> 2015-03-13T10:45:57Z DEBUG Starting external process
> 2015-03-13T10:45:57Z DEBUG args=/sbin/ip -family inet -oneline address show
> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:57Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host
> lo\ valid_lft forever preferred_lft forever
> 2: eth0 inet 10.16.1.100/24 brd 10.16.1.255 scope global dynamic eth0\
> valid_lft 2770sec preferred_lft 2770sec
>
> 2015-03-13T10:45:57Z DEBUG stderr=
> 2015-03-13T10:45:57Z DEBUG will use dns_forwarders: ()
>
> 2015-03-13T10:45:57Z DEBUG importing all plugin modules in
> '/usr/lib/python2.7/site-packages/ipalib/plugins'...
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'
> 2015-03-13T10:45:57Z DEBUG Starting external process
> 2015-03-13T10:45:57Z DEBUG args=klist -V
> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:57Z DEBUG stdout=Kerberos 5 version 1.11.3
>
> 2015-03-13T10:45:57Z DEBUG stderr=
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py'
> 2015-03-13T10:45:57Z DEBUG importing all plugin modules in
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins'...
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_idranges.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_pacs.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_services.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py'
> 2015-03-13T10:45:57Z DEBUG importing plugin module
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py'
> 2015-03-13T10:45:58Z DEBUG Adding DS group dirsrv
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/usr/sbin/groupadd -r dirsrv
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Done adding DS group
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-enabled chronyd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=enabled
>
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active chronyd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=active
>
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl stop chronyd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl disable chronyd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=rm
> '/etc/systemd/system/multi-user.target.wants/chronyd.service'
>
> 2015-03-13T10:45:58Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Configuring NTP daemon (ntpd)
> 2015-03-13T10:45:58Z DEBUG [1/4]: stopping ntpd
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active ntpd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=3
> 2015-03-13T10:45:58Z DEBUG stdout=unknown
>
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl stop ntpd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds
> 2015-03-13T10:45:58Z DEBUG [2/4]: writing configuration
> 2015-03-13T10:45:58Z DEBUG Backing up system configuration file
> '/etc/ntp.conf'
> 2015-03-13T10:45:58Z DEBUG Saving Index File to
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-03-13T10:45:58Z DEBUG Backing up system configuration file
> '/etc/sysconfig/ntpd'
> 2015-03-13T10:45:58Z DEBUG Saving Index File to
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds
> 2015-03-13T10:45:58Z DEBUG [3/4]: configuring ntpd to start on boot
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-enabled ntpd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=1
> 2015-03-13T10:45:58Z DEBUG stdout=disabled
>
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl enable ntpd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=ln -s
> '/usr/lib/systemd/system/ntpd.service'
> '/etc/systemd/system/multi-user.target.wants/ntpd.service'
>
> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds
> 2015-03-13T10:45:58Z DEBUG [4/4]: starting ntpd
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl start ntpd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active ntpd.service
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=active
>
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds
> 2015-03-13T10:45:58Z DEBUG Done configuring NTP daemon (ntpd).
> 2015-03-13T10:45:58Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Configuring directory server (dirsrv):
> Estimated time 1 minute
> 2015-03-13T10:45:58Z DEBUG [1/38]: creating directory server user
> 2015-03-13T10:45:58Z DEBUG Adding DS user dirsrv
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/usr/sbin/useradd -g dirsrv -c DS System
> User -d /var/lib/dirsrv -s /sbin/nologin -M -r dirsrv
> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:58Z DEBUG stdout=
> 2015-03-13T10:45:58Z DEBUG stderr=
> 2015-03-13T10:45:58Z DEBUG Done adding DS user
> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds
> 2015-03-13T10:45:58Z DEBUG [2/38]: creating directory server instance
> 2015-03-13T10:45:58Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2015-03-13T10:45:58Z DEBUG Backing up system configuration file
> '/etc/sysconfig/dirsrv'
> 2015-03-13T10:45:58Z DEBUG Saving Index File to
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2015-03-13T10:45:58Z DEBUG
> dn: dc=cloud,dc=domain,dc=de
> objectClass: top
> objectClass: domain
> objectClass: pilotObject
> dc: cloud
> info: IPA V2.0
>
> 2015-03-13T10:45:58Z DEBUG writing inf template
> 2015-03-13T10:45:58Z DEBUG
> [General]
> FullMachineName= freeipa-2.cloud.domain.de
> SuiteSpotUserID= dirsrv
> SuiteSpotGroup= dirsrv
> ServerRoot= /usr/lib64/dirsrv
> [slapd]
> ServerPort= 389
> ServerIdentifier= CLOUD-DOMAIN-DE
> Suffix= dc=cloud,dc=domain,dc=de
> RootDN= cn=Directory Manager
> InstallLdifFile= /var/lib/dirsrv/boot.ldif
> inst_dir= /var/lib/dirsrv/scripts-CLOUD-DOMAIN-DE
>
> 2015-03-13T10:45:58Z DEBUG calling setup-ds.pl
> 2015-03-13T10:45:58Z DEBUG Starting external process
> 2015-03-13T10:45:58Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile
> - -f /tmp/tmp5witgD
> 2015-03-13T10:45:59Z DEBUG Process finished, return code=1
> 2015-03-13T10:45:59Z DEBUG stdout=[15/03/13:10:45:59] - [Setup] Info Could
> not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 256. Output:
> importing data ...
> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create
> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime
> error -5966 (Access Denied.)
> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts
> with other slapd processes
>
> Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 256.
> Output: importing data ...
> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create
> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime
> error -5966 (Access Denied.)
> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts
> with other slapd processes
>
> [15/03/13:10:45:59] - [Setup] Fatal Error: Could not create directory
> server instance 'CLOUD-DOMAIN-DE'.
> Error: Could not create directory server instance 'CLOUD-DOMAIN-DE'.
> [15/03/13:10:45:59] - [Setup] Fatal Exiting . . .
> Log file is '-'
>
> Exiting . . .
> Log file is '-'
>
>
> 2015-03-13T10:45:59Z DEBUG stderr=
> 2015-03-13T10:45:59Z CRITICAL failed to create ds instance Command
> '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmp5witgD' returned
> non-zero exit status 1
> 2015-03-13T10:45:59Z DEBUG restarting ds instance
> 2015-03-13T10:45:59Z DEBUG Starting external process
> 2015-03-13T10:45:59Z DEBUG args=/bin/systemctl --system daemon-reload
> 2015-03-13T10:45:59Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:59Z DEBUG stdout=
> 2015-03-13T10:45:59Z DEBUG stderr=
> 2015-03-13T10:45:59Z DEBUG Starting external process
> 2015-03-13T10:45:59Z DEBUG args=/bin/systemctl restart
> dirsrv at CLOUD-DOMAIN-DE.service
> 2015-03-13T10:45:59Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:59Z DEBUG stdout=
> 2015-03-13T10:45:59Z DEBUG stderr=
> 2015-03-13T10:45:59Z DEBUG Starting external process
> 2015-03-13T10:45:59Z DEBUG args=/bin/systemctl is-active
> dirsrv at CLOUD-DOMAIN-DE.service
> 2015-03-13T10:45:59Z DEBUG Process finished, return code=0
> 2015-03-13T10:45:59Z DEBUG stdout=active
>
> 2015-03-13T10:45:59Z DEBUG stderr=
> 2015-03-13T10:45:59Z DEBUG wait_for_open_ports: localhost [389] timeout 300
> 2015-03-13T10:50:59Z CRITICAL Failed to restart the directory server ().
> See the installation log for details.
> 2015-03-13T10:50:59Z DEBUG done restarting ds instance
> 2015-03-13T10:50:59Z DEBUG duration: 301 seconds
> 2015-03-13T10:50:59Z DEBUG [3/38]: adding default schema
> 2015-03-13T10:50:59Z DEBUG duration: 0 seconds
> 2015-03-13T10:50:59Z DEBUG [4/38]: enabling memberof plugin
> 2015-03-13T10:50:59Z DEBUG wait_for_open_ports: freeipa-2.cloud.domain.de
> [389] timeout 10
> 2015-03-13T10:51:09Z DEBUG Could not connect to the Directory Server on
> freeipa-2.cloud.domain.de:
> 2015-03-13T10:51:09Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line
> 638, in run_script
> return_value = main_function()
>
> File "/usr/sbin/ipa-server-install", line 1059, in main
> hbac_allow=not options.hbac_allow)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
> 323, in create_instance
> self.start_creation(runtime=60)
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 364, in start_creation
> method()
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
> 501, in __add_memberof_module
> self._ldap_mod("memberof-conf.ldif")
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 152, in _ldap_mod
> self.ldap_connect()
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 99, in ldap_connect
> conn.do_simple_bind(bindpw=self.dm_password)
>
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1735, in do_simple_bind
> self.__bind_with_wait(self.conn.simple_bind_s, timeout, binddn, bindpw)
>
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1730, in __bind_with_wait
> self.__wait_for_connection(timeout)
>
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1719, in __wait_for_connection
> wait_for_open_ports(host, int(port), timeout)
>
> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
> 1096, in wait_for_open_ports
> raise socket.timeout()
>
> 2015-03-13T10:51:09Z DEBUG The ipa-server-install command failed,
> exception: timeout:
>
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150313/ba681773/attachment.htm>
More information about the Freeipa-users
mailing list