| Summary: | ipa_server_install error configuring ipa_memcached | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Bill Quayle <bill.quayle> | ||||
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
| Status: | CLOSED WORKSFORME | QA Contact: | Kaleem <ksiddiqu> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.2 | CC: | bill.quayle, pvoborni, rcritten | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-09-13 15:51:56 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Bill Quayle
2016-09-07 20:42:55 UTC
This issue is not common. It may be just temporal glitch. First try uninstallation of this failed installation and re-run ipa-server-install ipa-server-install --uninstall If it will fail again then please attach /var/log/ipaserver-install.log (you may obfuscate info there) and releavant journal log: journalctl -u ipa_memcached.service Created attachment 1199139 [details]
ipa install log file
This is the log from the attempted re-install.
Uninstall resulted in errors, as well: # ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: y WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA ipa : ERROR 'getpwnam(): name not found: apache' I continued on with the re-install, despite this, but didn't get very far: # ipa-server-install The log file for this installation can be found in /var/log/ipaserver-install.log ipa.ipapython.install.cli.install_tool(Server): ERROR IPA server is already configured on this system. If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'. Bot issues are probably connected with httpd Could you attache relevant part of /var/log/httpd/error_log And if there is anything in: # journalctl -u httpd.service Sometimes running the uninstaller again helps. Also, does apache user exist? Was there any custom changes done on the machine related to Apache(httpd) configuration? e.g. any other "web application present?"? Are there any SELinux AVCs? # ausearch -m AVC No apache user, no httpd logs, and journalctl -u httpd.service output was just this: # journalctl -u httpd.service -- Logs begin at Wed 2016-09-07 15:44:02 CDT, end at Thu 2016-09-08 10:01:01 CDT. -- This was originally a fresh install of the OS. Attempted execution of the uninstaller resulted in identical behavior. Absence of apache user is probably the cause of the IPA's issues. Question is what caused it. Apache group and user can be added by: /usr/sbin/groupadd -g 48 -r apache /usr/sbin/useradd -c "Apache" -u 48 -g 48 -s /sbin/nologin -r -d /usr/share/httpd apache But it may uncover just another issue caused by the root cause(possibly not IPA issue) - and at that state the system might be unreliable or it would more thorough analysis which is not possible to do here. It may be better and easier to get fresh OS, fully upgrade it and try again. I did a yum erase httpd, which also removed ipa-server et. al. I then did a yum install ipa-server ipa-server-dns, which also installed httpd. Installation of httpd put apache user back local. Looks like the uninstall script needs some debugging when it gets into this situation. I then tried to run the ipa-server-install again, but it complained that it was already installed: The log file for this installation can be found in /var/log/ipaserver-install.log ipa.ipapython.install.cli.install_tool(Server): ERROR IPA server is already configured on this system. If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'. I then ran the uninstaller again, and it sat at this point for > 30 minutes: # ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: y WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached I pressed on, re-running the install. It took a long time to get through the ds creation, but appears to have succeeded. I have 14 additional installations of ipa to do to complete our deployment. If all are as convoluted as this, we will seek out another solution. It would be nice to check this situation but given that IdM/IPA is an integration solution which puts together number of various services which require various accounts and have quite a lot of other assumptions, it doesn't make much sense - IPA installer/uninstaller would need to verify "half" of the OS. From that reason, IPA installer tries to validate only variables provided by user or expected to be changed. Or other common issues. Given that it works for you now, and we don't know what cause it, and assuming that we cannot investigate the root cause(time costly for you), I'm closing this bug. |