Bug 652954

Summary: Installation on fedora14 is a bit iffy, with ipa-server-install
Product: [Retired] freeIPA Reporter: Alexander Rydekull <rydekull>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED UPSTREAM QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: low    
Version: 1.2CC: benl, dpal, jgalipea, jvillain
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: ipa-1.2.2-5.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:38:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Rydekull 2010-11-13 19:21:15 UTC 
Description of problem:
Installation fails with bad error description:
[Errno 2] No such file or directory

Version-Release number of selected component (if applicable):
Installed Packages
Name        : ipa-server
Arch        : i686
Version     : 1.2.2
Release     : 4.fc14
Size        : 1.5 M
Repo        : installed
From repo   : fedora
Summary     : The IPA authentication server
URL         : http://www.freeipa.org/
License     : GPLv2
Description : IPA is an integrated solution to provide centrally managed Identity (machine,
            : user, virtual machines, groups, authentication credentials), Policy
            : (configuration settings, access control information) and Audit (events,
            : logs, analysis thereof). If you are installing an IPA server you need
            : to install this package (in other words, most people should NOT install
            : this package).
  
Actual results:
2010-11-13 16:40:19,023 DEBUG   [5/13]: configuring KDC
2010-11-13 16:40:19,031 DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
2010-11-13 16:40:19,362 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2010-11-13 16:40:19,370 DEBUG Backing up system configuration file '/etc/krb5.conf'
2010-11-13 16:40:19,374 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2010-11-13 16:40:19,388 DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
2010-11-13 16:40:19,390 DEBUG   -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist
2010-11-13 16:40:19,394 DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
2010-11-13 16:40:19,395 DEBUG   -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist
2010-11-13 16:40:19,397 DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
2010-11-13 16:40:19,403 DEBUG   -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist
2010-11-13 16:40:19,570 DEBUG [Errno 2] No such file or directory
  File "/usr/sbin/ipa-server-install", line 609, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 509, in main
    krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)

  File "/usr/lib/python2.7/site-packages/ipaserver/krbinstance.py", line 151, in create_instance
    self.start_creation("Configuring Kerberos KDC")

  File "/usr/lib/python2.7/site-packages/ipaserver/service.py", line 139, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/krbinstance.py", line 317, in __create_instance
    ipautil.run(args)

  File "/usr/lib/python2.7/site-packages/ipa/ipautil.py", line 90, in run
    p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)

  File "/usr/lib/python2.7/subprocess.py", line 672, in __init__
    errread, errwrite)

  File "/usr/lib/python2.7/subprocess.py", line 1201, in _execute_child
    raise child_exception


Expected results:
Configuring Kerberos KDC
  [1/13]: setting KDC account password
  [2/13]: adding sasl mappings to the directory
  [3/13]: adding kerberos entries to the DS
  [4/13]: adding default ACIs
  [5/13]: configuring KDC
  [6/13]: adding default keytypes
  [7/13]: creating a keytab for the directory
  [8/13]: creating a keytab for the machine
  [9/13]: exporting the kadmin keytab
  [10/13]: adding the password extension to the directory
  [11/13]: adding the kerberos master key to the directory
  [12/13]: starting the KDC
  [13/13]: configuring KDC to start on boot
done configuring krb5kdc.


Additional info:

Well, I'm not a python guy, so I took strace in use to figure it out. When looking at the log created by strace it became obvious that it was searching for tools under /usr/kerberos/sbin which simply doesnt exist.

The different packages install under /usr/sbin directly.

So, the workaround to fix it was simply:
# mkdir -p /usr/kerberos/sbin ; cd /usr/sbin ; for FILE in $(ls k*) ; do ln -s /usr/sbin/$FILE /usr/kerberos/sbin ; done

---

However, when I passed that small error I stumbled upon another one. 
It was trying to use /usr/lib/mozldap/ldappasswd when setting the admin password. But, this wasnt installed seeing as:

# yum deplist ipa-server | grep -c mozldap-tools
0

The fix, being the obvious:
# yum install mozldap-tools

Then my ipa-server-install went through perfectly :-)
Comment 1 Shawn 2010-11-13 22:24:33 UTC 
The following got me through the install with ipa-server-1.2.2-4.fc14.x86_64



In the directory 
/usr/lib/python2.7/site-packages/ipaserver

The following two files and commands need to be corrected to change /usr/kerberos/sbin to /usr/sbin

installutils.py:    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])


krbinstance.py:            args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
Comment 2 Rob Crittenden 2010-11-13 23:27:58 UTC 
This is a partial duplicate, see bug https://bugzilla.redhat.com/show_bug.cgi?id=650725

I'll take a look at the dependencies issue.
Comment 3 Rob Crittenden 2010-11-17 21:30:52 UTC 
Added dependency on mozldap-tools to ipa-server. I'm guessing this is because 389-ds-base is using openldap-client tools now.