Bug 524311

Summary: ipa-server-install fails adding default schema
Product: [Retired] freeIPA Reporter: Jenny Severance <jgalipea>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED DUPLICATE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.0CC: benl, dpal, jgalipea, mgregg, mnagy, yzhang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-01 13:47:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020    

Description Jenny Severance 2009-09-18 19:38:45 UTC 
Description of problem:

Installation Output:

[root@jennyv2 yum.repos.d]# ipa-server-install

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup the IPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure TurboGears

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [jennyv2.bos.redhat.com]: 

The domain name has been calculated based on the host name.

Please confirm the domain name [bos.redhat.com]: 

The IPA Master Server will be configured with
Hostname:    jennyv2.bos.redhat.com
IP address:  10.16.0.47
Domain name: bos.redhat.com

The server must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [BOS.REDHAT.COM]: 
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: 
Password (confirm): 

The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.

IPA admin password: 
Password (confirm): 


The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server:
  [1/18]: creating directory server user
  [2/18]: creating directory server instance
root        : CRITICAL failed to restart ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmppU1D4c' returned non-zero exit status 1
  [3/18]: adding default schema
Unexpected error - see ipaserver-install.log for details:
 [Errno 2] No such file or directory: '/etc/dirsrv/slapd-BOS-REDHAT-COM//schema/05rfc2247.ldif'


DS errors log:

	Red Hat-Directory/8.1.0 B2009.111.1829
	<host>:<port> (/etc/dirsrv/slapd-BOS-REDHAT-COM)

[18/Sep/2009:15:14:15 -0400] - could not open config file "/etc/dirsrv/slapd-BOS-REDHAT-COM/slapd-collations.conf" - absolute path?
[18/Sep/2009:15:14:15 -0400] schema - No schema files were found in the directory /etc/dirsrv/slapd-BOS-REDHAT-COM/schema
[18/Sep/2009:15:14:15 -0400] dse - Please edit the file to correct the reported problems and then restart the server.
	Red Hat-Directory/8.1.0 B2009.111.1829
	<host>:<port> (/etc/dirsrv/slapd-BOS-REDHAT-COM)

[18/Sep/2009:15:32:26 -0400] - could not open config file "/etc/dirsrv/slapd-BOS-REDHAT-COM/slapd-collations.conf" - absolute path?
[18/Sep/2009:15:32:26 -0400] schema - No schema files were found in the directory /etc/dirsrv/slapd-BOS-REDHAT-COM/schema
[18/Sep/2009:15:32:26 -0400] dse - Please edit the file to correct the reported problems and then restart the server.



Version-Release number of selected component (if applicable):
ipa-server-2.0-4.20090918.el5ipa

How reproducible:
always

Steps to Reproduce:
1. yum -y install ipa-server ipa-admintools bind caching-nameserver expect krb5-workstation bind-dyndb-ldap ipa-client
2. ipa-server-install 
  
Actual results:


Expected results:


Additional info:
Comment 1 Jenny Severance 2009-09-18 20:39:43 UTC 
issue is caused by existing directory server information on the machine - lowering bug priority as it is not a blocker if you clean up the directory server after an ipa-server-install --uninstall

However, this should not happen, either the un-install needs to clean up properly and the install needs to handle it properly.
Comment 2 Dmitri Pal 2009-09-18 21:08:54 UTC 
Is this an IPA or DS bug then?
Comment 3 Rob Crittenden 2009-09-23 12:53:05 UTC 
What cleanup do you mean?

The base assumption for IPA has always been that this is a vanilla machine.
Comment 4 Jenny Severance 2009-09-23 12:59:12 UTC 
Hi Rob:
The ipa-server-install --uninstalll and subsequent yum erase ipa-server, should have cleaned up the directory server.  I didn't install a directory server on the machine before another ipa install attempt.
Jenny
Comment 5 Rob Crittenden 2009-09-23 13:58:33 UTC 
The ipa-server-install --uninstall should have remove all remnants of the DS instance and you'd have gotten a warning on the next install if it hadn't (it just looks for things named /etc/dirsrv/slapd-*, not contents of it).

So it may have been something else.
Comment 7 Yi Zhang 2009-09-29 16:32:58 UTC 

output of running "ipa-server-install" on rhel 5.4 i386 host

>> Configuring ntpd
>>   [1/4]: stopping ntpd
>>   [2/4]: writing configuration
>>   [3/4]: configuring ntpd to start on boot
>>   [4/4]: starting ntpd
>> done configuring ntpd.
>> Configuring directory server:
>>   [1/19]: creating directory server user
>>   [2/19]: creating directory server instance
>>   [3/19]: adding default schema
>> Unexpected error - see ipaserver-install.log for details:
>>  [Errno 2] No such file or directory:
>> '/etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM//schema/05rfc2247.ldif'
Comment 9 Rob Crittenden 2009-09-29 16:59:47 UTC 
Can you confirm the version of DS?

After it fails, what are the contents of /etc/dirsrv/slapd-<INSTANCE>/schema?
Comment 10 Yi Zhang 2009-09-30 17:41:06 UTC 
[root@mv32a-vm ~]# rpm -qi redhat-ds-base
Name        : redhat-ds-base               Relocations: (not relocatable)
Version     : 9.0.0                             Vendor: Red Hat, Inc.
Release     : 20090929.el5dsrv              Build Date: Tue 29 Sep 2009 01:14:02 AM PDT
Install Date: Tue 29 Sep 2009 08:40:43 AM PDT      Build Host: x86-001.build.bos.redhat.com
Group       : System Environment/Daemons    Source RPM: redhat-ds-base-9.0.0-20090929.el5dsrv.src.rpm
Size        : 5120406                          License: GPLv2 with exceptions
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.redhat.com/directory_server/
Summary     : Red Hat Directory Server (base)
Description :
Red Hat Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.


======================

ls /etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/schema/ -l
total 508
-r-------- 1 dirsrv root 25308 Sep 29 08:49 00core.ldif
-r-------- 1 dirsrv root 17547 Sep 29 08:49 01core389.ldif
-r-------- 1 dirsrv root 32135 Sep 29 08:49 02common.ldif
-r-------- 1 dirsrv root  2620 Sep 29 08:49 05rfc2927.ldif
-r-------- 1 dirsrv root  5908 Sep 29 08:49 05rfc4523.ldif
-r-------- 1 dirsrv root 10119 Sep 29 08:49 05rfc4524.ldif
-r-------- 1 dirsrv root  4705 Sep 29 08:49 06inetorgperson.ldif
-r-------- 1 dirsrv root  9211 Sep 29 08:49 10rfc2307.ldif
-r-------- 1 dirsrv root  6385 Sep 29 08:49 20subscriber.ldif
-r-------- 1 dirsrv root  4624 Sep 29 08:49 25java-object.ldif
-r-------- 1 dirsrv root 13376 Sep 29 08:49 30ns-common.ldif
-r-------- 1 dirsrv root  8374 Sep 29 08:49 50ns-admin.ldif
-r-------- 1 dirsrv root  2866 Sep 29 08:49 50ns-certificate.ldif
-r-------- 1 dirsrv root 18313 Sep 29 08:49 50ns-directory.ldif
-r-------- 1 dirsrv root 10576 Sep 29 08:49 50ns-mail.ldif
-r-------- 1 dirsrv root  4776 Sep 29 08:49 50ns-value.ldif
-r-------- 1 dirsrv root  2865 Sep 29 08:49 50ns-web.ldif
-r-------- 1 dirsrv root  1129 Sep 29 08:49 60autofs.ldif
-rw-r--r-- 1 root   root 17259 Sep 29 08:49 60basev2.ldif
-r-------- 1 dirsrv root  3311 Sep 29 08:49 60eduperson.ldif
-rw-r--r-- 1 root   root  4156 Sep 29 08:49 60ipaconfig.ldif
-rw-r--r-- 1 root   root 18404 Sep 29 08:49 60kerberos.ldif
-r-------- 1 dirsrv root  6856 Sep 29 08:49 60mozilla.ldif
-r-------- 1 dirsrv root   741 Sep 29 08:49 60nss-ldap.ldif
-r-------- 1 dirsrv root  4036 Sep 29 08:49 60pam-plugin.ldif
-rw-r--r-- 1 root   root  5407 Sep 29 08:49 60policyv2.ldif
-r-------- 1 dirsrv root  3552 Sep 29 08:49 60pureftpd.ldif
-rw-r--r-- 1 root   root 15832 Sep 29 08:49 60radius.ldif
-r-------- 1 dirsrv root  3497 Sep 29 08:49 60rfc2739.ldif
-r-------- 1 dirsrv root 15368 Sep 29 08:49 60rfc3712.ldif
-r-------- 1 dirsrv root  2040 Sep 29 08:49 60sabayon.ldif
-rw-r--r-- 1 root   root 13652 Sep 29 08:49 60samba.ldif
-r-------- 1 dirsrv root  1970 Sep 29 08:49 60sudo.ldif
-r-------- 1 dirsrv root  1281 Sep 29 08:49 60trust.ldif
-rw------- 1 dirsrv root  2210 Sep 29 08:49 99user.ldif
Comment 11 Rob Crittenden 2009-09-30 17:54:45 UTC 
IPA doesn't work with DS 9.0 yet. You have to use 8.1.
Comment 12 Yi Zhang 2009-09-30 18:00:00 UTC 
I accidentally have DS90 in my repo directory. I removed it and try ds80 now.
Comment 13 Yi Zhang 2009-09-30 21:11:08 UTC 
ipa install success when DS8.1 is used. 

Shall I close this bug?
Comment 14 Jenny Severance 2009-10-01 12:32:41 UTC 
I think we can, I don't think we would ever see this in the wild - just in our test environments.
Comment 15 Chandrasekar Kannan 2009-10-01 13:18:41 UTC 
why not ?. 389-ds-base with schema updates is already out in the wild. any gutsy ipa server user thats building from source and attempting to use it the newer 389-ds-base will see it ?.
Comment 16 Jenny Severance 2009-10-01 13:22:14 UTC 
I didn't think of that - so let's not close
Comment 17 Rob Crittenden 2009-10-01 13:47:03 UTC 
If this is the only problem then it is a duplicate, closing.

*** This bug has been marked as a duplicate of bug 516853 ***