[Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname
White Hat
whitehat237 at gmail.com
Thu Aug 11 04:02:35 UTC 2016
When attempting to run ipa-replica-install I get a python error, No
module named ssl_match_hostname
This is on a CentOS 7.2 x86_64 testing box.
All available updates including kernel installed, and system rebooted
same day. Same error before and after patching and reboot.
Let me know if you want to see the yum history log info.
- Operating system version
[root at lcars site-packages]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root at lcars site-packages]# uname -a
Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
- Here are the installed packages. All were installed using yum.
[root at lcars site-packages]# yum list installed | awk '/backports|ipa-/'
ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.18 @updates
ipa-client.x86_64 4.2.0-15.0.1.el7.centos.18 @updates
ipa-python.x86_64 4.2.0-15.0.1.el7.centos.18 @updates
ipa-server.x86_64 4.2.0-15.0.1.el7.centos.18 @updates
ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.18 @updates
python-backports.noarch 1.0-6.el7 @anaconda
python-backports.x86_64 1.0-8.el7 installed
python-backports-ssl_match_hostname.noarch
I have the following repositories enabled:
base/7/x86_64
epel/x86_64
extras/7/x86_64
updates/7/x86_64
- Other threads on this issue suggest using pip to install
backports.ssl_match_hostname. I still get the same error after doing
that.
[root at lcars site-packages]# pip install backports.ssl_match_hostname
Requirement already satisfied (use --upgrade to upgrade):
backports.ssl_match_hostname in /usr/lib/python2.7/site-packages
[root at lcars site-packages]# pip install --upgrade backports.ssl_match_hostname
Requirement already up-to-date: backports.ssl_match_hostname in
/usr/lib/python2.7/site-packages
- Here's the actual attempt
[root at lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
--forwarder=4.2.2.1
/root/replica-info-lcars.internal.madisonrentals.biz.gpg
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd
Directory Manager (existing master) password:
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR No module
named ssl_match_hostname
Even when running the suggested ipa-server-install --uninstall, I
still receive the error about the missing module.
Here's what I have in /usr/lib/python2.7/site-packages
[root at lcars site-packages]# pwd
/usr/lib/python2.7/site-packages
[root at lcars site-packages]# ls | awk '/backports.ssl/'
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
- And here are the contents of each directory.
[root at lcars site-packages]# cd
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/
[root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
dependency_links.txt PKG-INFO SOURCES.txt top_level.txt
[root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
[root at lcars site-packages]# ls
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
dependency_links.txt installed-files.txt PKG-INFO SOURCES.txt top_level.txt
Another thread suggested that this can be caused by a missing
__init__.py file, however, creating this file in both directories
doesn't help.
A commit by Heimes may shed some light on this.
The commit is in regards to otptoken and states that:
"The otptoken plugin is the only module in FreeIPA that uses Python's ssl
module instead of NSS. The patch replaces ssl with NSSConnection. It
uses the default NSS database to lookup trust anchors. NSSConnection
uses NSS for hostname matching. The package
python-backports-ssl_match_hostname is no longer required."
The master IPA server is up and running with no issues.
An ipa connection between replica server and master reports that the
connection is working.
What else could I be missing?
Thanks,
Chris.
More information about the Freeipa-users
mailing list