Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1197838 - realm crash during kickstart
Summary: realm crash during kickstart
Keywords:
Status: CLOSED DUPLICATE of bug 1197218
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 22
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: IPA Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:755ef70308544a72015a055eddb...
Depends On: 1197290
Blocks: F22AlphaBlocker
TreeView+ depends on / blocked
 
Reported: 2015-03-02 17:26 UTC by Stephen Gallagher
Modified: 2015-03-02 19:26 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1197290
Environment:
Last Closed: 2015-03-02 17:34:44 UTC
Type: ---


Attachments (Terms of Use)

Description Stephen Gallagher 2015-03-02 17:26:09 UTC
+++ This bug was initially created as a clone of Bug #1197290 +++

Recent packaging enhancements to SSSD resulted in the 'sssd' metapackage only pulling in the python 3 version of python-sssdconfig, which cannot be used by authconfig/realmd in Fedora 22. Recommendation is to require python-sssdconfig instead of python3-sssdconfig in Fedora 22. In Fedora 23, it is fine to make the switch.




Description of problem:


Version-Release number of selected component:
anaconda-22.20.1-1

The following was filed automatically by anaconda:
anaconda 22.20.1-1 exception report
Traceback (most recent call first):
  File "/usr/lib64/python2.7/site-packages/pyanaconda/kickstart.py", line 569, in execute
    rc = iutil.execWithRedirect("realm", argv)[0]
  File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 112, in doConfiguration
    ksdata.realm.execute(storage, ksdata, instClass)
  File "/usr/lib64/python2.7/threading.py", line 766, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 238, in run
    threading.Thread.run(self, *args, **kwargs)
TypeError: 'int' object has no attribute '__getitem__'

Additional info:
addons:         com_redhat_kdump
cmdline:        /usr/bin/python2  /sbin/anaconda
cmdline_file:   method=http://dl.fedoraproject.org/pub/alt/stage/22_Alpha_TC7/Server/x86_64/os/ ks=file:/fedora0.ks console=tty0 console=ttyS0,115200
executable:     /sbin/anaconda
hashmarkername: anaconda
kernel:         4.0.0-0.rc1.git0.1.fc22.x86_64
product:        Fedora"
release:        Cannot get release name.
type:           anaconda
version:        Fedora

--- Additional comment from Scott Poore on 2015-02-27 22:24:20 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:21 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:22 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:23 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:24 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:25 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:26 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:27 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:28 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:29 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:31 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:32 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:33 EST ---



--- Additional comment from Scott Poore on 2015-02-27 22:24:34 EST ---



--- Additional comment from Scott Poore on 2015-02-27 23:08:29 EST ---

Failure occurred testing kickstart with realm join.  I am able to join successfully after a kickstart but, not when realm is included in ks.cfg.  

Something to note (not sure if it's related though) is that when I do successfully join an IPA domain using realmd after kickstart, I do have to install python-sssdconfig.

[root@fedora0 ~]# realm join -v --one-time-password=MyPassword example.test
 * Resolving: _ldap._tcp.example.test
 * Performing LDAP DSE lookup on: 192.168.122.201
 * Successfully discovered: example.test
 * Required files: /usr/sbin/ipa-client-install, /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd
 * LANG=C /usr/sbin/ipa-client-install --domain example.test --realm EXAMPLE.TEST --mkhomedir --enable-dns-updates --unattended --force-join --password MyPassword --force-ntpd
There was a problem importing one of the required Python modules. The
error was:

    No module named SSSDConfig

 ! Running ipa-client-install failed
realm: Couldn't join realm: Running ipa-client-install failed

[root@fedora0 ~]# dnf -y install python-sssdconfig
Using metadata from Sat Feb 28 03:46:08 2015
Dependencies resolved.
=======================================================================================================
 Package                     Arch             Version                  Repository                 Size
=======================================================================================================
Installing:
 python-sssdconfig           noarch           1.12.4-2.fc22            updates-testing            96 k

Transaction Summary
=======================================================================================================
Install  1 Package

Total download size: 96 k
Installed size: 219 k
Downloading Packages:
python-sssdconfig-1.12.4-2.fc22.noarch.rpm                              13 kB/s |  96 kB     00:07    
-------------------------------------------------------------------------------------------------------
Total                                                                  1.5 kB/s |  96 kB     01:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : python-sssdconfig-1.12.4-2.fc22.noarch                                             1/1 
  Verifying   : python-sssdconfig-1.12.4-2.fc22.noarch                                             1/1 

Installed:
  python-sssdconfig.noarch 1.12.4-2.fc22                                                               

Complete!

[root@fedora0 ~]# realm join -v --one-time-password=MyPassword example.test
 * Resolving: _ldap._tcp.example.test
 * Performing LDAP DSE lookup on: 192.168.122.201
 * Successfully discovered: example.test
 * Required files: /usr/sbin/ipa-client-install, /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd
 * LANG=C /usr/sbin/ipa-client-install --domain example.test --realm EXAMPLE.TEST --mkhomedir --enable-dns-updates --unattended --force-join --password MyPassword --force-ntpd
Discovery was successful!
Hostname: fedora0.example.test
Realm: EXAMPLE.TEST
DNS Domain: example.test
IPA Server: vm1.example.test
BaseDN: dc=example,dc=test
Synchronizing time with KDC...
Downloading the CA certificate via HTTP, this is INSECURE
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=EXAMPLE.TEST
    Issuer:      CN=Certificate Authority,O=EXAMPLE.TEST
    Valid From:  Wed Feb 11 23:46:12 2015 UTC
    Valid Until: Sun Feb 11 23:46:12 2035 UTC

Enrolled in IPA realm EXAMPLE.TEST
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.TEST
trying https://vm1.example.test/ipa/json
Forwarding 'ping' to json server 'https://vm1.example.test/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://vm1.example.test/ipa/json'
Systemwide CA database updated.
Added CA certificates to the default NSS database.
DNS server record set to: fedora0.example.test -> 192.168.122.30
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Forwarding 'host_mod' to json server 'https://vm1.example.test/ipa/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring example.test as NIS domain.

Client configuration complete.
 * /usr/bin/systemctl enable sssd.service
 * /usr/bin/systemctl restart sssd.service
 * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
 * Successfully enrolled machine in realm

[root@fedora0 ~]# id admin@example.test
uid=252400000(admin@example.test) gid=252400000(admins@example.test) groups=252400000(admins@example.test)

[root@fedora0 ~]#

--- Additional comment from Scott Poore on 2015-03-02 11:19:56 EST ---

I forgot to mention that this was seen running the kickstart via virt-install.  I don't think that affects things but, it's more information.

qemu-img create -f qcow2 -o preallocation=metadata $DISKIMAGE 8G
virt-install --connect=qemu:///system \
    --network=bridge:virbr0 \
    --initrd-inject=/tmp/${VMNAME}.ks \
    --extra-args="ks=file:/${VMNAME}.ks $EXTRAARGS" \
    --name=$VMNAME \
    --disk path=$DISKIMAGE,format=qcow2,size=8 \
    --ram 1024 \
    --vcpus=1 \
    --check-cpu \
    --hvm \
    --location=$OSIMG \
    --nographics

with ${VMNAME}.ks being the ks.cfg included from comment #6.

Comment 1 Lukas Slebodnik 2015-03-02 17:34:10 UTC
(In reply to Stephen Gallagher from comment #0)
> +++ This bug was initially created as a clone of Bug #1197290 +++
> 
> Recent packaging enhancements to SSSD resulted in the 'sssd' metapackage
> only pulling in the python 3 version of python-sssdconfig, which cannot be
> used by authconfig/realmd in Fedora 22. Recommendation is to require
> python-sssdconfig instead of python3-sssdconfig in Fedora 22. In Fedora 23,
> it is fine to make the switch.
> 
> 
> 
> 
> Description of problem:
> 
> 
> Version-Release number of selected component:
> anaconda-22.20.1-1
> 
> The following was filed automatically by anaconda:
> anaconda 22.20.1-1 exception report
> Traceback (most recent call first):
>   File "/usr/lib64/python2.7/site-packages/pyanaconda/kickstart.py", line
> 569, in execute
>     rc = iutil.execWithRedirect("realm", argv)[0]
>   File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 112,
> in doConfiguration
>     ksdata.realm.execute(storage, ksdata, instClass)
>   File "/usr/lib64/python2.7/threading.py", line 766, in run
>     self.__target(*self.__args, **self.__kwargs)
>   File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 238,
> in run
>     threading.Thread.run(self, *args, **kwargs)
> TypeError: 'int' object has no attribute '__getitem__'
> 
> Additional info:
> addons:         com_redhat_kdump
> cmdline:        /usr/bin/python2  /sbin/anaconda
> cmdline_file:  
> method=http://dl.fedoraproject.org/pub/alt/stage/22_Alpha_TC7/Server/x86_64/
> os/ ks=file:/fedora0.ks console=tty0 console=ttyS0,115200
> executable:     /sbin/anaconda
> hashmarkername: anaconda
> kernel:         4.0.0-0.rc1.git0.1.fc22.x86_64
> product:        Fedora"
> release:        Cannot get release name.
> type:           anaconda
> version:        Fedora
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:20 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:21 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:22 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:23 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:24 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:25 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:26 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:27 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:28 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:29 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:31 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:32 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:33 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 22:24:34 EST ---
> 
> 
> 
> --- Additional comment from Scott Poore on 2015-02-27 23:08:29 EST ---
> 
> Failure occurred testing kickstart with realm join.  I am able to join
> successfully after a kickstart but, not when realm is included in ks.cfg.  
> 
> Something to note (not sure if it's related though) is that when I do
> successfully join an IPA domain using realmd after kickstart, I do have to
> install python-sssdconfig.
> 
> [root@fedora0 ~]# realm join -v --one-time-password=MyPassword example.test
>  * Resolving: _ldap._tcp.example.test
>  * Performing LDAP DSE lookup on: 192.168.122.201
>  * Successfully discovered: example.test
>  * Required files: /usr/sbin/ipa-client-install, /usr/sbin/oddjobd,
> /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd
>  * LANG=C /usr/sbin/ipa-client-install --domain example.test --realm
> EXAMPLE.TEST --mkhomedir --enable-dns-updates --unattended --force-join
> --password MyPassword --force-ntpd
> There was a problem importing one of the required Python modules. The
> error was:
> 
>     No module named SSSDConfig
> 
>  ! Running ipa-client-install failed
> realm: Couldn't join realm: Running ipa-client-install failed
FreeIPA will not be ported to python2 very soon therefore package freeipa-client should explicitly require python-sssdconfig.

Comment 2 Lukas Slebodnik 2015-03-02 17:34:44 UTC

*** This bug has been marked as a duplicate of bug 1197218 ***

Comment 3 Scott Poore 2015-03-02 17:46:37 UTC
This is the Fedora Release Alpha Criteria that I think applies to this bug:

https://fedoraproject.org/wiki/Fedora_22_Alpha_Release_Criteria#Remote_authentication

Comment 4 Petr Schindler 2015-03-02 19:26:00 UTC
This is just for keeping things in order and for the case if this bug would be reopened and unduped.

Discussed at today's blocker review meeting [1].

This bug was accepted as Alpha Blocker - This bug is a clear violation of the Alpha criterion: "It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain."

http://meetbot.fedoraproject.org/fedora-blocker-review/2015-03-02/


Note You need to log in before you can comment on or make changes to this bug.