[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Martin Bašti
mbasti at redhat.com
Fri May 12 07:17:07 UTC 2017
That's weird, it should be super fast, anything in /var/log/httpd/error_log?
On 11.05.2017 22:23, Robert L. Harris wrote:
>
> Odd, must have clicked reply instead of reply-all.
>
> Anyway, I did the revert and re-install. Actual install went through
> fine then the "ipa-server-install" ran until this:
>
> [8/9]: restoring configuration
> [9/9]: starting directory server
> Done.
> Restarting the directory server
> Restarting the KDC
> Please add records in this file to your DNS system:
> /tmp/ipa.system.records.v5Jwrt.db
> Restarting the web server
> Configuring client side components
> Using existing certificate '/etc/ipa/ca.crt'.
> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net>
> Realm: RDLG.NET <http://RDLG.NET>
> DNS Domain: rdlg.net <http://rdlg.net>
> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net>
> BaseDN: dc=rdlg,dc=net
>
> Skipping synchronizing time with NTP server.
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> trying https://ipa.rdlg.net/ipa/json
> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
>
>
> It's been sitting there for a while ( 4 hours? ) I don't see anyting
> in the ipaserver-install.log, but it's here: https://pastebin.com/biK1Dmv7
>
>
>
> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mbasti at redhat.com
> <mailto:mbasti at redhat.com>> wrote:
>
> Please keep freeipa-users in CC
>
> Snapshot is always better, so I suggest to use it. Otherwise there
> is an option --ignore-last-of-role to unblock uninstallation.
>
> Martin
>
>
> On 11.05.2017 16:00, Robert L. Harris wrote:
>>
>> Looks like you hit it, apache didn't have a group:
>>
>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu
>> 2017-05-11 07:48:27 MDT. --
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> systemd[1]:
>> Starting The Apache HTTP Server...
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC proxy enabled
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> httpd[28809]:
>> AH00544: httpd: bad group name apache
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> systemd[1]:
>> httpd.service: main process exited, code=exited, status=1/FAILURE
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> kill[28812]:
>> kill: cannot find process ""
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> systemd[1]:
>> httpd.service: control process exited, code=exited status=1
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> systemd[1]:
>> Failed to start The Apache HTTP Server.
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> systemd[1]:
>> Unit httpd.service entered failed state.
>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> systemd[1]:
>> httpd.service failed.
>>
>> Thanks, didn't know that command. I tried to continue the process:
>>
>> {0}:/root>ipa-server-install
>>
>> The log file for this installation can be found in
>> /var/log/ipaserver-install.log
>> ipa.ipapython.install.cli.install_tool(Server): ERROR IPA
>> server is already configured on this system.
>> If you want to reinstall the IPA server, please uninstall it
>> first using 'ipa-server-install --uninstall'.
>> ipa.ipapython.install.cli.install_tool(Server): ERROR The
>> ipa-server-install command failed. See
>> /var/log/ipaserver-install.log for more information
>>
>> root at ipa
>> {1}:/root>ipa-server-install --uninstall
>>
>> This is a NON REVERSIBLE operation and will delete all data and
>> configuration!
>>
>> Are you sure you want to continue with the uninstall procedure?
>> [no]: yes
>> ipa : ERROR Server removal aborted: Deleting this
>> server is not allowed as it would leave your installation without
>> a CA..
>>
>>
>>
>> This is a VM and I took a snapshot right before I started the
>> install, so I can revert, just make sure ti add the apache user
>> before starting the install. Or if you have a better command to
>> continue the clean-up/install.....
>>
>>
>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mbasti at redhat.com
>> <mailto:mbasti at redhat.com>> wrote:
>>
>> Hello,
>>
>> comments inline
>>
>>
>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>>
>>> Sigh... Sorry, it's been a long day, I thought I put that
>>> log in the first pastebin. It's in this one:
>>> https://pastebin.com/18PAXXNS
>>
>> Could you please provide journalctl -u httpd and
>> /var/log/httpd/error_log ?
>>
>>
>>
>>>
>>> Also,
>>> Anyone else get the constant spam when mailing this
>>> list? Got an address to block for it?
>>
>> Sorry for that, there is a bot mining public archives. We
>> plan to resolve this issue but it may take time as we are not
>> maintaining our mailman.
>>
>> Martin
>>
>>
>>>
>>> Robert
>>>
>>>
>>>
>>>
>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman
>>> <datakid at gmail.com <mailto:datakid at gmail.com>> wrote:
>>>
>>> Robert, did you look in /var/log/ipaserver-install.log
>>> as it says?
>>>
>>> Was there any other information?
>>>
>>> cheers
>>> L.
>>>
>>> ------
>>> "Mission Statement: To provide hope and inspiration for
>>> collective action, to build collective power, to achieve
>>> collective transformation, rooted in grief and rage but
>>> pointed towards vision and dreams."
>>>
>>> - Patrice Cullors, /Black Lives Matter founder/
>>>
>>> On 11 May 2017 at 13:24, Robert L. Harris
>>> <robert.l.harris at gmail.com
>>> <mailto:robert.l.harris at gmail.com>> wrote:
>>>
>>> Ok, I gave up on Ubuntu. I'm now trying the latest
>>> CentOS7. I built out a "minimal server" with some
>>> normal base packages which did include the
>>> freeipa-client but otherwise, just standard tools.
>>> Here's a pastebin of the output of the install:
>>> https://pastebin.com/zAWCgkUU
>>>
>>> Robert
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users
>>> mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>>
>>
>> --
>> Martin Bašti
>> Software Engineer
>> Red Hat Czech
>>
>
> --
> Martin Bašti
> Software Engineer
> Red Hat Czech
>
--
Martin Bašti
Software Engineer
Red Hat Czech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170512/a55124b4/attachment.htm>
More information about the Freeipa-users
mailing list