[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

Robert L. Harris robert.l.harris at gmail.com
Thu May 11 20:23:15 UTC 2017 

Odd, must have clicked reply instead of reply-all.

Anyway, I did the revert and re-install.  Actual install went through fine
then the "ipa-server-install" ran until this:

  [8/9]: restoring configuration
  [9/9]: starting directory server
Done.
Restarting the directory server
Restarting the KDC
Please add records in this file to your DNS system:
/tmp/ipa.system.records.v5Jwrt.db
Restarting the web server
Configuring client side components
Using existing certificate '/etc/ipa/ca.crt'.
Client hostname: ipa.rdlg.net
Realm: RDLG.NET
DNS Domain: rdlg.net
IPA Server: ipa.rdlg.net
BaseDN: dc=rdlg,dc=net

Skipping synchronizing time with NTP server.
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://ipa.rdlg.net/ipa/json
Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'


It's been sitting there for a while ( 4 hours? )  I don't see anyting in
the ipaserver-install.log, but it's here:  https://pastebin.com/biK1Dmv7



On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mbasti at redhat.com> wrote:

> Please keep freeipa-users in CC
>
> Snapshot is always better, so I suggest to use it. Otherwise there is an
> option --ignore-last-of-role to unblock uninstallation.
>
> Martin
>
> On 11.05.2017 16:00, Robert L. Harris wrote:
>
>
> Looks like you hit it, apache didn't have a group:
>
> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu 2017-05-11
> 07:48:27 MDT. --
> May 10 20:36:00 ipa.rdlg.net systemd[1]: Starting The Apache HTTP
> Server...
> May 10 20:36:00 ipa.rdlg.net ipa-httpd-kdcproxy[28808]: ipa         :
> INFO     KDC proxy enabled
> May 10 20:36:00 ipa.rdlg.net httpd[28809]: AH00544: httpd: bad group name
> apache
> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: main process
> exited, code=exited, status=1/FAILURE
> May 10 20:36:00 ipa.rdlg.net kill[28812]: kill: cannot find process ""
> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: control process
> exited, code=exited status=1
> May 10 20:36:00 ipa.rdlg.net systemd[1]: Failed to start The Apache HTTP
> Server.
> May 10 20:36:00 ipa.rdlg.net systemd[1]: Unit httpd.service entered
> failed state.
> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service failed.
>
> Thanks, didn't know that command.  I tried to continue the process:
>
> {0}:/root>ipa-server-install
>
> The log file for this installation can be found in
> /var/log/ipaserver-install.log
> ipa.ipapython.install.cli.install_tool(Server): ERROR    IPA server is
> already configured on this system.
> If you want to reinstall the IPA server, please uninstall it first using
> 'ipa-server-install --uninstall'.
> ipa.ipapython.install.cli.install_tool(Server): ERROR    The
> ipa-server-install command failed. See /var/log/ipaserver-install.log for
> more information
>
> root at ipa
> {1}:/root>ipa-server-install  --uninstall
>
> This is a NON REVERSIBLE operation and will delete all data and
> configuration!
>
> Are you sure you want to continue with the uninstall procedure? [no]: yes
> ipa         : ERROR    Server removal aborted: Deleting this server is not
> allowed as it would leave your installation without a CA..
>
>
>
> This is a VM and I took a snapshot right before I started the install, so
> I can revert, just make sure ti add the apache user before starting the
> install.  Or if you have a better command to continue the
> clean-up/install.....
>
>
> On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mbasti at redhat.com> wrote:
>
>> Hello,
>>
>> comments inline
>>
>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>
>>
>> Sigh... Sorry, it's been a long day, I thought I put that log in the
>> first pastebin.  It's in this one:  https://pastebin.com/18PAXXNS
>>
>>
>> Could you please provide journalctl -u httpd and /var/log/httpd/error_log
>> ?
>>
>>
>>
>>
>> Also,
>>    Anyone else get the constant spam when mailing this list?  Got an
>> address to block for it?
>>
>>
>> Sorry for that, there is a bot mining public archives. We plan to resolve
>> this issue but it may take time as we are not maintaining our mailman.
>>
>> Martin
>>
>>
>>
>> Robert
>>
>>
>>
>>
>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman <datakid at gmail.com>
>> wrote:
>>
>>> Robert, did you look in /var/log/ipaserver-install.log as it says?
>>>
>>> Was there any other information?
>>>
>>> cheers
>>> L.
>>>
>>> ------
>>> "Mission Statement: To provide hope and inspiration for collective
>>> action, to build collective power, to achieve collective transformation,
>>> rooted in grief and rage but pointed towards vision and dreams."
>>>
>>>  - Patrice Cullors, *Black Lives Matter founder*
>>>
>>> On 11 May 2017 at 13:24, Robert L. Harris <robert.l.harris at gmail.com>
>>> wrote:
>>>
>>>> Ok,  I gave up on Ubuntu.  I'm now trying the latest CentOS7.  I built
>>>> out a "minimal server" with some normal base packages which did include the
>>>> freeipa-client but otherwise, just standard tools.  Here's a pastebin of
>>>> the output of the install:  https://pastebin.com/zAWCgkUU
>>>>
>>>> Robert
>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>>
>>
>>
>> --
>> Martin Bašti
>> Software Engineer
>> Red Hat Czech
>>
>>
> --
> Martin Bašti
> Software Engineer
> Red Hat Czech
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170511/7fee8121/attachment.htm>

More information about the Freeipa-users mailing list