[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

Robert L. Harris robert.l.harris at gmail.com
Fri May 12 16:36:13 UTC 2017 

Hmmm

{0}:/var/log>ls
anaconda  btmp  dmesg      grubby              maillog   ppp    secure
tallylog          wtmp
audit     cron  dmesg.old  grubby_prune_debug  messages  rhsm   spooler
 tuned             yum.log
boot.log  cups  firewalld  lastlog             ntpstats  samba  sssd
vmware-vmsvc.log


root at ipa
{1}:/var/log>rpm -q -l http
package http is not installed

root at ipa
{1}:/var/log>rpm -q -a | grep -i http
perl-HTTP-Tiny-0.033-3.el7.noarch

root at ipa
{0}:/var/log>rpm -q -a | grep -i tomcat


Doesn't look like an httpd was installed as a dependancy?





On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mbasti at redhat.com> wrote:

> That's weird, it should be super fast, anything in
> /var/log/httpd/error_log?
>
> On 11.05.2017 22:23, Robert L. Harris wrote:
>
>
> Odd, must have clicked reply instead of reply-all.
>
> Anyway, I did the revert and re-install.  Actual install went through fine
> then the "ipa-server-install" ran until this:
>
>   [8/9]: restoring configuration
>   [9/9]: starting directory server
> Done.
> Restarting the directory server
> Restarting the KDC
> Please add records in this file to your DNS system:
> /tmp/ipa.system.records.v5Jwrt.db
> Restarting the web server
> Configuring client side components
> Using existing certificate '/etc/ipa/ca.crt'.
> Client hostname: ipa.rdlg.net
> Realm: RDLG.NET
> DNS Domain: rdlg.net
> IPA Server: ipa.rdlg.net
> BaseDN: dc=rdlg,dc=net
>
> Skipping synchronizing time with NTP server.
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> trying https://ipa.rdlg.net/ipa/json
> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
>
>
> It's been sitting there for a while ( 4 hours? )  I don't see anyting in
> the ipaserver-install.log, but it's here:  https://pastebin.com/biK1Dmv7
>
>
>
> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mbasti at redhat.com> wrote:
>
>> Please keep freeipa-users in CC
>>
>> Snapshot is always better, so I suggest to use it. Otherwise there is an
>> option --ignore-last-of-role to unblock uninstallation.
>>
>> Martin
>>
>> On 11.05.2017 16:00, Robert L. Harris wrote:
>>
>>
>> Looks like you hit it, apache didn't have a group:
>>
>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu 2017-05-11
>> 07:48:27 MDT. --
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: Starting The Apache HTTP
>> Server...
>> May 10 20:36:00 ipa.rdlg.net ipa-httpd-kdcproxy[28808]: ipa         :
>> INFO     KDC proxy enabled
>> May 10 20:36:00 ipa.rdlg.net httpd[28809]: AH00544: httpd: bad group
>> name apache
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: main process
>> exited, code=exited, status=1/FAILURE
>> May 10 20:36:00 ipa.rdlg.net kill[28812]: kill: cannot find process ""
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service: control process
>> exited, code=exited status=1
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: Failed to start The Apache HTTP
>> Server.
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: Unit httpd.service entered
>> failed state.
>> May 10 20:36:00 ipa.rdlg.net systemd[1]: httpd.service failed.
>>
>> Thanks, didn't know that command.  I tried to continue the process:
>>
>> {0}:/root>ipa-server-install
>>
>> The log file for this installation can be found in
>> /var/log/ipaserver-install.log
>> ipa.ipapython.install.cli.install_tool(Server): ERROR    IPA server is
>> already configured on this system.
>> If you want to reinstall the IPA server, please uninstall it first using
>> 'ipa-server-install --uninstall'.
>> ipa.ipapython.install.cli.install_tool(Server): ERROR    The
>> ipa-server-install command failed. See /var/log/ipaserver-install.log for
>> more information
>>
>> root at ipa
>> {1}:/root>ipa-server-install  --uninstall
>>
>> This is a NON REVERSIBLE operation and will delete all data and
>> configuration!
>>
>> Are you sure you want to continue with the uninstall procedure? [no]: yes
>> ipa         : ERROR    Server removal aborted: Deleting this server is
>> not allowed as it would leave your installation without a CA..
>>
>>
>>
>> This is a VM and I took a snapshot right before I started the install, so
>> I can revert, just make sure ti add the apache user before starting the
>> install.  Or if you have a better command to continue the
>> clean-up/install.....
>>
>>
>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti <mbasti at redhat.com> wrote:
>>
>>> Hello,
>>>
>>> comments inline
>>>
>>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>>
>>>
>>> Sigh... Sorry, it's been a long day, I thought I put that log in the
>>> first pastebin.  It's in this one:  https://pastebin.com/18PAXXNS
>>>
>>>
>>> Could you please provide journalctl -u httpd and
>>> /var/log/httpd/error_log ?
>>>
>>>
>>>
>>>
>>> Also,
>>>    Anyone else get the constant spam when mailing this list?  Got an
>>> address to block for it?
>>>
>>>
>>> Sorry for that, there is a bot mining public archives. We plan to
>>> resolve this issue but it may take time as we are not maintaining our
>>> mailman.
>>>
>>> Martin
>>>
>>>
>>>
>>> Robert
>>>
>>>
>>>
>>>
>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman <datakid at gmail.com>
>>> wrote:
>>>
>>>> Robert, did you look in /var/log/ipaserver-install.log as it says?
>>>>
>>>> Was there any other information?
>>>>
>>>> cheers
>>>> L.
>>>>
>>>> ------
>>>> "Mission Statement: To provide hope and inspiration for collective
>>>> action, to build collective power, to achieve collective transformation,
>>>> rooted in grief and rage but pointed towards vision and dreams."
>>>>
>>>>  - Patrice Cullors, *Black Lives Matter founder*
>>>>
>>>> On 11 May 2017 at 13:24, Robert L. Harris <robert.l.harris at gmail.com>
>>>> wrote:
>>>>
>>>>> Ok,  I gave up on Ubuntu.  I'm now trying the latest CentOS7.  I built
>>>>> out a "minimal server" with some normal base packages which did include the
>>>>> freeipa-client but otherwise, just standard tools.  Here's a pastebin of
>>>>> the output of the install:  https://pastebin.com/zAWCgkUU
>>>>>
>>>>> Robert
>>>>>
>>>>>
>>>>> --
>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>> Go to http://freeipa.org for more info on the project
>>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>>
>>>
>>> --
>>> Martin Bašti
>>> Software Engineer
>>> Red Hat Czech
>>>
>>>
>> --
>> Martin Bašti
>> Software Engineer
>> Red Hat Czech
>>
>>
> --
> Martin Bašti
> Software Engineer
> Red Hat Czech
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170512/89e3b75a/attachment.htm>

More information about the Freeipa-users mailing list