Bug 728614
Summary: | el61 - ipa-replica-install does not check for dbus, fails on certmonger | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Marc Sauton <msauton> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 6.1 | CC: | benl, dpal, grajaiya, jgalipea, mkosek |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.1.1-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: ipa-replica-install does not ensure that the dbus service is running so tracking certificates with certmonger returns an error.
Consequence: Replica installation fails.
Fix: Make sure messagebus is running prior to starting certmonger.
Result: Replica installation succeeds.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2011-12-06 18:29:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marc Sauton
2011-08-05 19:36:27 UTC
master: 1ec531469ee0cf91ed9e150307d93e5ab12aa2a6 ipa-2-1: 704732630cbb466c00b0d49a88a016ed7f861c63 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: ipa-replica-install does not ensure that the dbus service is running so tracking certificates with certmonger returns an error. Consequence: Replica installation fails. Fix: Make sure messagebus is running prior to starting certmonger. Result: Replica installation succeeds. IPA SERVER1: [root@ipaqavma ~]# ipa-server-install --realm=IDM.LAB.BOS.REDHAT.COM --domain=idm.lab.bos.redhat.com --ds-password=Secret123 --master-password=Secret123 --admin-password=Secret123 --hostname=ipaqavma.idm.lab.bos.redhat.com --ip-address=10.16.98.178 --setup-dns --forwarder=10.14.7.221 --zonemgr=gsr --idstart=100 --unattended [root@ipaqavma ~]# ipa-replica-prepare ipaqavmc.idm.lab.bos.redhat.com --ip-address=10.16.98.180 Directory Manager (existing master) password: Preparing replica for ipaqavmc.idm.lab.bos.redhat.com from ipaqavma.idm.lab.bos.redhat.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-ipaqavmc.idm.lab.bos.redhat.com.gpg Adding DNS records for ipaqavmc.idm.lab.bos.redhat.com Using reverse zone 98.16.10.in-addr.arpa. [root@ipaqavma ~]# IPA SERVER2: [root@ipaqavmc ~]# ipa-replica-install /var/lib/ipa/replica-info-ipaqavmc.idm.lab.bos.redhat.com.gpg Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'ipaqavma.idm.lab.bos.redhat.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin.BOS.REDHAT.COM password: Execute check on remote master Check connection from master to remote replica 'ipaqavmc.idm.lab.bos.redhat.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK Connection from master to replica is OK. Connection check OK Configuring ntpd [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd done configuring ntpd. Configuring directory server: Estimated time 1 minute [1/29]: creating directory server user [2/29]: creating directory server instance [3/29]: adding default schema [4/29]: enabling memberof plugin [5/29]: enabling referential integrity plugin [6/29]: enabling winsync plugin [7/29]: configuring replication version plugin [8/29]: enabling IPA enrollment plugin [9/29]: enabling ldapi [10/29]: configuring uniqueness plugin [11/29]: configuring uuid plugin [12/29]: configuring modrdn plugin [13/29]: enabling entryUSN plugin [14/29]: configuring lockout plugin [15/29]: creating indices [16/29]: configuring ssl for ds instance [17/29]: configuring certmap.conf [18/29]: configure autobind for root [19/29]: configure new location for managed entries [20/29]: restarting directory server [21/29]: setting up initial replication Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress Update succeeded [22/29]: adding replication acis [23/29]: setting Auto Member configuration [24/29]: initializing group membership [25/29]: adding master entry [26/29]: configuring Posix uid/gid generation [27/29]: enabling compatibility plugin Restarting IPA to initialize updates before performing deletes: [1/2]: stopping directory server [2/2]: starting directory server done configuring dirsrv. [28/29]: tuning directory server [29/29]: configuring directory to start on boot done configuring dirsrv. Configuring Kerberos KDC: Estimated time 30 seconds [1/9]: adding sasl mappings to the directory [2/9]: writing stash file from DS [3/9]: configuring KDC [4/9]: creating a keytab for the directory [5/9]: creating a keytab for the machine [6/9]: adding the password extension to the directory [7/9]: enable GSSAPI for replication [8/9]: starting the KDC [9/9]: configuring KDC to start on boot done configuring krb5kdc. Configuring ipa_kpasswd [1/2]: starting ipa_kpasswd [2/2]: configuring ipa_kpasswd to start on boot done configuring ipa_kpasswd. Configuring the web interface: Estimated time 1 minute [1/12]: disabling mod_ssl in httpd [2/12]: setting mod_nss port to 443 [3/12]: setting mod_nss password file [4/12]: enabling mod_nss renegotiate [5/12]: adding URL rewriting rules [6/12]: configuring httpd [7/12]: setting up ssl [8/12]: publish CA cert [9/12]: creating a keytab for httpd [10/12]: configuring SELinux for httpd [11/12]: restarting httpd [12/12]: configuring httpd to start on boot done configuring httpd. Applying LDAP updates Restarting IPA to initialize updates before performing deletes: [1/2]: stopping directory server [2/2]: starting directory server done configuring dirsrv. [root@ipaqavmc ~]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING HTTP Service: RUNNING [root@ipaqavmc ~]# [root@ipaqavmc ~]# grep messagebus /var/log/* /var/log/ipareplica-install.log:2011-11-08 01:54:34,987 DEBUG args=/sbin/service messagebus start /var/log/ipareplica-install.log:2011-11-08 01:55:29,506 DEBUG args=/sbin/service messagebus start [root@ipaqavmc ~]# /etc/init.d/messagebus status messagebus (pid 1355) is running... [root@ipaqavmc ~]# [root@ipaqavmc ~]# ipa user-add shanks --first=shanks --last=r --password Password: Enter Password again to verify: ------------------- Added user "shanks" ------------------- User login: shanks First name: shanks Last name: r Full name: shanks r Display name: shanks r Initials: sr Home directory: /home/shanks GECOS field: shanks r Login shell: /bin/sh Kerberos principal: shanks.BOS.REDHAT.COM UID: 100100 GID: 100100 Keytab: True Password: True [root@ipaqavmc ~]# IPA SERVER1: [root@ipaqavma ~]# ipa user-find shanks -------------- 1 user matched -------------- User login: shanks First name: shanks Last name: r Home directory: /home/shanks Login shell: /bin/sh UID: 100100 GID: 100100 Account disabled: False Keytab: True Password: True ---------------------------- Number of entries returned 1 ---------------------------- [root@ipaqavma ~]# Verified. [root@ipaqavma ~]# rpm -qi ipa-server | head Name : ipa-server Relocations: (not relocatable) Version : 2.1.3 Vendor: Red Hat, Inc. Release : 9.el6 Build Date: Mon 07 Nov 2011 03:00:54 PM EST Install Date: Tue 08 Nov 2011 01:32:36 AM EST Build Host: x86-001.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.1.3-9.el6.src.rpm Size : 3382131 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server [root@ipaqavma ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |