Bug 1026434
Summary: | ipa-server-install crashes when AD subpackage is not installed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Namita Soman <nsoman> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | mpolovka, nsoman, rcritten, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.3.3-2.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 11:58:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Kosek
2013-11-04 16:05:29 UTC
Bumping severity, this affects tests. Fixed upstream: master: 989493979da3ef1136a9b346cace5689ef22eed8 ipa-3-3: 90ac36c780d6e5d0bcb26f8c7f153d35af1db70f Verified. Version :: ipa-server-3.3.3-3.el7.x86_64 Test Results :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: BZ1026434 - ipa-server-install crashes when AD subpackage is not installed :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: package ipa-server-trust-ad is not installed :: [ PASS ] :: Checking for the non-presence of ipa-server-trust-ad rpm :: [ PASS ] :: Running 'ipa-server-install --setup-dns --forwarder=192.168.122.1 --hostname=rhel7-1.testrelm.com --mkhomedir -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123 -U > /tmp/tmpout.ipaserverinstall_BZ1026434.out 2>&1' (Expected 0, got 0) The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) Warning: skipping DNS resolution of host rhel7-1.testrelm.com Using reverse zone 122.168.192.in-addr.arpa. The IPA Master Server will be configured with: Hostname: rhel7-1.testrelm.com IP address: 192.168.122.71 Domain name: testrelm.com Realm name: TESTRELM.COM BIND DNS server will be configured to serve IPA domain with: Forwarders: 192.168.122.1 Reverse zone: 122.168.192.in-addr.arpa. Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance [3/38]: adding default schema [4/38]: enabling memberof plugin [5/38]: enabling winsync plugin [6/38]: configuring replication version plugin [7/38]: enabling IPA enrollment plugin [8/38]: enabling ldapi [9/38]: configuring uniqueness plugin [10/38]: configuring uuid plugin [11/38]: configuring modrdn plugin [12/38]: configuring DNS plugin [13/38]: enabling entryUSN plugin [14/38]: configuring lockout plugin [15/38]: creating indices [16/38]: enabling referential integrity plugin [17/38]: configuring certmap.conf [18/38]: configure autobind for root [19/38]: configure new location for managed entries [20/38]: configure dirsrv ccache [21/38]: enable SASL mapping fallback [22/38]: restarting directory server [23/38]: adding default layout [24/38]: adding delegation layout [25/38]: creating container for managed entries [26/38]: configuring user private groups [27/38]: configuring netgroups from hostgroups [28/38]: creating default Sudo bind user [29/38]: creating default Auto Member layout [30/38]: adding range check plugin [31/38]: creating default HBAC rule allow_all [32/38]: initializing group membership [33/38]: adding master entry [34/38]: configuring Posix uid/gid generation [35/38]: adding replication acis [36/38]: enabling compatibility plugin [37/38]: tuning directory server [38/38]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/22]: creating certificate server user [2/22]: configuring certificate server instance [3/22]: stopping certificate server instance to update CS.cfg [4/22]: disabling nonces [5/22]: set up CRL publishing [6/22]: starting certificate server instance [7/22]: creating RA agent certificate database [8/22]: importing CA chain to RA certificate database [9/22]: fixing RA database permissions [10/22]: setting up signing cert profile [11/22]: set certificate subject base [12/22]: enabling Subject Key Identifier [13/22]: enabling CRL and OCSP extensions for certificates [14/22]: setting audit signing renewal to 2 years [15/22]: configuring certificate server to start on boot [16/22]: restarting certificate server [17/22]: requesting RA certificate from CA [18/22]: issuing RA agent certificate [19/22]: adding RA agent as a trusted user [20/22]: configure certificate renewals [21/22]: configure Server-Cert certificate renewal [22/22]: Configure HTTP to proxy connections Done configuring certificate server (pki-tomcatd). Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds [1/10]: adding sasl mappings to the directory [2/10]: adding kerberos container to the directory [3/10]: configuring KDC [4/10]: initialize kerberos container [5/10]: adding default ACIs [6/10]: creating a keytab for the directory [7/10]: creating a keytab for the machine [8/10]: adding the password extension to the directory [9/10]: starting the KDC [10/10]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Configuring the web interface (httpd): Estimated time 1 minute [1/14]: setting mod_nss port to 443 [2/14]: setting mod_nss password file [3/14]: enabling mod_nss renegotiate [4/14]: adding URL rewriting rules [5/14]: configuring httpd [6/14]: setting up ssl [7/14]: setting up browser autoconfig [8/14]: publish CA cert [9/14]: creating a keytab for httpd [10/14]: clean up any existing httpd ccache [11/14]: configuring SELinux for httpd [12/14]: configure httpd ccache [13/14]: restarting httpd [14/14]: configuring httpd to start on boot Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Configuring DNS (named) [1/11]: adding DNS container [2/11]: setting up our zone [3/11]: setting up reverse zone [4/11]: setting up our own record [5/11]: setting up records for other masters [6/11]: setting up CA record [7/11]: setting up kerberos principal [8/11]: setting up named.conf [9/11]: restarting named [10/11]: configuring named to start on boot [11/11]: changing resolv.conf to point to ourselves Done configuring DNS (named). Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files Restarting the web server ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password :: [ PASS ] :: Running 'cat /tmp/tmpout.ipaserverinstall_BZ1026434.out' (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmpout.ipaserverinstall_BZ1026434.out' should not contain 'adtrustinstance' :: [ PASS ] :: BZ1026434 not found This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |