[Freeipa-users] Fedora 20 upstream repo ipa-server-install fails

John Obaterspok john.obaterspok at gmail.com
Wed Mar 25 10:46:28 UTC 2015 

Hi Jan,

See:
https://www.redhat.com/archives/freeipa-users/2015-February/msg00131.html
https://www.redhat.com/archives/freeipa-users/2014-October/msg00362.html

-- john

2015-03-24 17:58 GMT+01:00 Jan Pazdziora <jpazdziora at redhat.com>:

>
> Hello,
>
> after enabling
>
>
> https://copr.fedoraproject.org/coprs/mkosek/freeipa/repo/fedora-20/mkosek-freeipa-fedora-20.repo
>
> I've installed
>
>         freeipa-server bind bind-dyndb-ldap
>
> and run
>
>         ipa-server-install --domain example.test
>
> The process failed at
>
>   [3/7]: setting up kerberos principal
>   [4/7]: setting up SoftHSM
>   [error] CalledProcessError: Command ''/usr/bin/softhsm2-util'
> '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX
> '--so-pin' XXXXXXXX' returned non-zero exit status 1
> Unexpected error - see /var/log/ipaserver-install.log for details:
> CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token'
> '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX'
> returned non-zero exit status 1
>
> and the log file ends with
>
> 2015-03-24T16:49:51Z DEBUG Saving SO PIN to /etc/ipa/dnssec/softhsm_pin_so
> 2015-03-24T16:49:51Z DEBUG Initializing tokens
> 2015-03-24T16:49:51Z DEBUG Starting external process
> 2015-03-24T16:49:51Z DEBUG args='/usr/bin/softhsm2-util' '--init-token'
> '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX
> 2015-03-24T16:49:51Z DEBUG Process finished, return code=1
> 2015-03-24T16:49:51Z DEBUG stdout=
> 2015-03-24T16:49:51Z DEBUG stderr=ERROR: Could not load the library.
>
> 2015-03-24T16:49:51Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 382, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 372, in run_step
>     method()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
> line 293, in __setup_softhsm
>     ipautil.run(command, nolog=(pin, pin_so,))
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 346,
> in run
>     raise CalledProcessError(p.returncode, arg_string, stdout)
> CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token'
> '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX'
> returned non-zero exit status 1
>
> 2015-03-24T16:49:51Z DEBUG   [error] CalledProcessError: Command
> ''/usr/bin/softhsm2-util' '--init-token' '--slot' '0' '--label' 'ipaDNSSEC'
> '--pin' XXXXXXXX '--so-pin' XXXXXXXX' returned non-zero exit status 1
> 2015-03-24T16:49:51Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line
> 642, in run_script
>     return_value = main_function()
>
>   File "/usr/sbin/ipa-server-install", line 1302, in main
>     dnskeysyncd.create_instance(api.env.host, api.env.realm)
>
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
> line 146, in create_instance
>     self.start_creation()
>
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 382, in start_creation
>     run_step(full_msg, method)
>
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 372, in run_step
>     method()
>
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
> line 293, in __setup_softhsm
>     ipautil.run(command, nolog=(pin, pin_so,))
>
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 346,
> in run
>     raise CalledProcessError(p.returncode, arg_string, stdout)
>
> 2015-03-24T16:49:51Z DEBUG The ipa-server-install command failed,
> exception: CalledProcessError: Command ''/usr/bin/softhsm2-util'
> '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX
> '--so-pin' XXXXXXXX' returned non-zero exit status 1
>
> I've found discussion at
>
>
> https://www.redhat.com/archives/freeipa-users/2014-October/msg00362.html
>
> which seems related but it seems the issue is back or was never
> properly addressed.
>
> Attempt to run the command manually fails as well:
>
> # SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf /usr/bin/softhsm2-util
> '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX
> '--so-pin' XXXXXXXX
> ERROR: Could not load the library.
>
> I see the same bug both on host and in container.
>
> --
> Jan Pazdziora
> Principal Software Engineer, Identity Management Engineering, Red Hat
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150325/3cf689a7/attachment.htm>

More information about the Freeipa-users mailing list