[Freeipa-users] (no subject)
Rob Crittenden
rcritten at redhat.com
Fri Nov 27 23:14:39 UTC 2015
Martin Štefany wrote:
> Hello,
>
> I remember experiencing this, but I'm not sure of solution. I think it's
> related to apache (httpd) and his group.
>
> My notes for IPA installation on CentOS 7.x say:
>
> # groupadd -g 48 apache
> # yum -y install ipa-server bind bind-dyndb-ldap
> # usermod -g apache apache
> # ipa-server-install...
>
> CentOS is somehow not creating group apache for apache user and then
> assuming root which is then causing problems with apache later. Pre-
> creating such group before installing httpd and then usermod-ing user
> apache might solve it.
>
> Did you get any warnings while running:
> # yum install -y ipa-server bind bind-dyndb-ldap ?
>
>
> If possible, try installation from scratch with my notes on fresh
> system. If not:
>
> # systemctl stop apache # if it runs
> # groupadd -g 48 apache # I use 48 as apache's UID tends to be also
> 48, or use 'groupadd -r apache' instead
> # usermod -g apache apache
> # ipa-server-install...
>
Sounds unlikely to me. If indeed it did happen you'd need to file a bug
against Apache to create its own uid/gid, which I'm pretty certain it
already does.
In any case, dogtag doesn't run in Apache so it would be unlikely to
blow up in the CA installer.
cating the contents of a directory into one log is not at all helpful,
especially given that you missed all the important bits in the
subdirectories beneath it. This is just a mishmash of stuff. We need to
see /var/log/pki/pki-tomcat/ca/debug.
/var/log/ipaserver-install.log might also be useful to see though it
probably just records in a more verbose way the fact that pkispawn failed.
rob
More information about the Freeipa-users
mailing list