[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Rob Crittenden
rcritten at redhat.com
Fri May 12 17:14:21 UTC 2017
Robert L. Harris wrote:
>
> Hmmm
>
> {0}:/var/log>ls
> anaconda btmp dmesg grubby maillog ppp secure
> tallylog wtmp
> audit cron dmesg.old grubby_prune_debug messages rhsm spooler
> tuned yum.log
> boot.log cups firewalld lastlog ntpstats samba sssd
> vmware-vmsvc.log
>
>
> root at ipa
> {1}:/var/log>rpm -q -l http
> package http is not installed
>
> root at ipa
> {1}:/var/log>rpm -q -a | grep -i http
> perl-HTTP-Tiny-0.033-3.el7.noarch
>
> root at ipa
> {0}:/var/log>rpm -q -a | grep -i tomcat
>
>
> Doesn't look like an httpd was installed as a dependancy?
I find this very hard to believe given that it go so far as to configure
things in Apache, restart it, etc. What version of [free]ipa-server is
installed? How did you install it and from what repo?
rob
>
>
>
>
>
> On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mbasti at redhat.com
> <mailto:mbasti at redhat.com>> wrote:
>
> That's weird, it should be super fast, anything in
> /var/log/httpd/error_log?
>
>
> On 11.05.2017 22:23, Robert L. Harris wrote:
>>
>> Odd, must have clicked reply instead of reply-all.
>>
>> Anyway, I did the revert and re-install. Actual install went
>> through fine then the "ipa-server-install" ran until this:
>>
>> [8/9]: restoring configuration
>> [9/9]: starting directory server
>> Done.
>> Restarting the directory server
>> Restarting the KDC
>> Please add records in this file to your DNS system:
>> /tmp/ipa.system.records.v5Jwrt.db
>> Restarting the web server
>> Configuring client side components
>> Using existing certificate '/etc/ipa/ca.crt'.
>> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net>
>> Realm: RDLG.NET <http://RDLG.NET>
>> DNS Domain: rdlg.net <http://rdlg.net>
>> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net>
>> BaseDN: dc=rdlg,dc=net
>>
>> Skipping synchronizing time with NTP server.
>> New SSSD config will be created
>> Configured sudoers in /etc/nsswitch.conf
>> Configured /etc/sssd/sssd.conf
>> trying https://ipa.rdlg.net/ipa/json
>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json'
>>
>>
>> It's been sitting there for a while ( 4 hours? ) I don't see
>> anyting in the ipaserver-install.log, but it's here:
>> https://pastebin.com/biK1Dmv7
>>
>>
>>
>> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <mbasti at redhat.com
>> <mailto:mbasti at redhat.com>> wrote:
>>
>> Please keep freeipa-users in CC
>>
>> Snapshot is always better, so I suggest to use it. Otherwise
>> there is an option --ignore-last-of-role to unblock
>> uninstallation.
>>
>> Martin
>>
>>
>> On 11.05.2017 16:00, Robert L. Harris wrote:
>>>
>>> Looks like you hit it, apache didn't have a group:
>>>
>>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu
>>> 2017-05-11 07:48:27 MDT. --
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> systemd[1]: Starting The Apache HTTP Server...
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC proxy
>>> enabled
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> httpd[28809]: AH00544: httpd: bad group name apache
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> systemd[1]: httpd.service: main process exited, code=exited,
>>> status=1/FAILURE
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> kill[28812]: kill: cannot find process ""
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> systemd[1]: httpd.service: control process exited,
>>> code=exited status=1
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> systemd[1]: Failed to start The Apache HTTP Server.
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> systemd[1]: Unit httpd.service entered failed state.
>>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>> systemd[1]: httpd.service failed.
>>>
>>> Thanks, didn't know that command. I tried to continue the
>>> process:
>>>
>>> {0}:/root>ipa-server-install
>>>
>>> The log file for this installation can be found in
>>> /var/log/ipaserver-install.log
>>> ipa.ipapython.install.cli.install_tool(Server): ERROR IPA
>>> server is already configured on this system.
>>> If you want to reinstall the IPA server, please uninstall it
>>> first using 'ipa-server-install --uninstall'.
>>> ipa.ipapython.install.cli.install_tool(Server): ERROR The
>>> ipa-server-install command failed. See
>>> /var/log/ipaserver-install.log for more information
>>>
>>> root at ipa
>>> {1}:/root>ipa-server-install --uninstall
>>>
>>> This is a NON REVERSIBLE operation and will delete all data
>>> and configuration!
>>>
>>> Are you sure you want to continue with the uninstall
>>> procedure? [no]: yes
>>> ipa : ERROR Server removal aborted: Deleting this
>>> server is not allowed as it would leave your installation
>>> without a CA..
>>>
>>>
>>>
>>> This is a VM and I took a snapshot right before I started the
>>> install, so I can revert, just make sure ti add the apache
>>> user before starting the install. Or if you have a better
>>> command to continue the clean-up/install.....
>>>
>>>
>>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti
>>> <mbasti at redhat.com <mailto:mbasti at redhat.com>> wrote:
>>>
>>> Hello,
>>>
>>> comments inline
>>>
>>>
>>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>>>
>>>> Sigh... Sorry, it's been a long day, I thought I put
>>>> that log in the first pastebin. It's in this one:
>>>> https://pastebin.com/18PAXXNS
>>>
>>> Could you please provide journalctl -u httpd and
>>> /var/log/httpd/error_log ?
>>>
>>>
>>>
>>>>
>>>> Also,
>>>> Anyone else get the constant spam when mailing this
>>>> list? Got an address to block for it?
>>>
>>> Sorry for that, there is a bot mining public archives. We
>>> plan to resolve this issue but it may take time as we are
>>> not maintaining our mailman.
>>>
>>> Martin
>>>
>>>
>>>>
>>>> Robert
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman
>>>> <datakid at gmail.com <mailto:datakid at gmail.com>> wrote:
>>>>
>>>> Robert, did you look in
>>>> /var/log/ipaserver-install.log as it says?
>>>>
>>>> Was there any other information?
>>>>
>>>> cheers
>>>> L.
>>>>
>>>> ------
>>>> "Mission Statement: To provide hope and inspiration
>>>> for collective action, to build collective power, to
>>>> achieve collective transformation, rooted in grief
>>>> and rage but pointed towards vision and dreams."
>>>>
>>>> - Patrice Cullors, /Black Lives Matter founder/
>>>>
>>>> On 11 May 2017 at 13:24, Robert L. Harris
>>>> <robert.l.harris at gmail.com
>>>> <mailto:robert.l.harris at gmail.com>> wrote:
>>>>
>>>> Ok, I gave up on Ubuntu. I'm now trying the
>>>> latest CentOS7. I built out a "minimal server"
>>>> with some normal base packages which did include
>>>> the freeipa-client but otherwise, just standard
>>>> tools. Here's a pastebin of the output of the
>>>> install: https://pastebin.com/zAWCgkUU
>>>>
>>>> Robert
>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users
>>>> mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the
>>>> project
>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users
>>>> mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>>
>>>>
>>>
>>> --
>>> Martin Bašti
>>> Software Engineer
>>> Red Hat Czech
>>>
>>
>> --
>> Martin Bašti
>> Software Engineer
>> Red Hat Czech
>>
>
> --
> Martin Bašti
> Software Engineer
> Red Hat Czech
>
>
>
More information about the Freeipa-users
mailing list