1364377 – ipa-server-install fails with failed to create ds instance

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1364377 - ipa-server-install fails with failed to create ds instance

Summary: ipa-server-install fails with failed to create ds instance

Keywords:
Status:	CLOSED DUPLICATE of bug 1316580
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Noriko Hosoi
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-05 08:33 UTC by Jan Pazdziora
Modified:	2022-03-13 14:05 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-08-11 15:26:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jan Pazdziora 2016-08-05 08:33:50 UTC

Description of problem:

Configuring IdM with ipa-server-install fails with

  [error] RuntimeError: failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(Server): ERROR    failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Version-Release number of selected component (if applicable):

389-ds-base-1.3.5.10-6.el7.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. Run /usr/sbin/ipa-server-install --setup-dns --forwarder=10.11.12.13 --hostname=ipa.example.test -r EXAMPLE.TEST -n example.test -p Secret123 -a Secret123 -U

Actual results:


Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
  [1/47]: creating directory server user
  [2/47]: creating directory server instance
  [error] RuntimeError: failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(Server): ERROR    failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Expected results:

No error.

Additional info:

The ipaserver-install.log ends with

2016-08-05T08:16:55Z DEBUG calling setup-ds.pl
2016-08-05T08:16:55Z DEBUG Starting external process
2016-08-05T08:16:55Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc
2016-08-05T08:26:58Z DEBUG Process finished, return code=1
2016-08-05T08:26:58Z DEBUG stdout=Process returned 256
[16/08/05:04:26:58] - [Setup] Info Could not start the directory server using command '/bin/systemctl start dirsrv'.  The last line from the error log was '[05/Aug/2016:04:16:57.952525880 -0400] import userRoot: Import complete.  Processed 1 entries in 1 seconds. (1.00 entries/sec)
'.  Error: Unknown error 256
Could not start the directory server using command '/bin/systemctl start dirsrv'.  The last line from the error log was '[05/Aug/2016:04:16:57.952525880 -0400] import userRoot: Import complete.  Processed 1 entries in 1 seconds. (1.00 entries/sec)
'.  Error: Unknown error 256
[16/08/05:04:26:58] - [Setup] Fatal Error: Could not create directory server instance 'EXAMPLE-TEST'.
Error: Could not create directory server instance 'EXAMPLE-TEST'.
[16/08/05:04:26:58] - [Setup] Fatal Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'


2016-08-05T08:26:58Z DEBUG stderr=Process returned 256

2016-08-05T08:26:58Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 547, in __create_instance
    raise RuntimeError("failed to create ds instance %s" % e)
RuntimeError: failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1

2016-08-05T08:26:58Z DEBUG   [error] RuntimeError: failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
2016-08-05T08:26:58Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
    for nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1358, in main
    install(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 266, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 748, in install
    hbac_allow=not options.no_hbac_allow)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 341, in create_instance
    self.start_creation(runtime=60)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 547, in __create_instance
    raise RuntimeError("failed to create ds instance %s" % e)

2016-08-05T08:26:58Z DEBUG The ipa-server-install command failed, exception: RuntimeError: failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
2016-08-05T08:26:58Z ERROR failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpNrnoDc' returned non-zero exit status 1
2016-08-05T08:26:58Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Comment 2 Jan Pazdziora 2016-08-05 08:35:06 UTC

This is regression against 389-ds-base-1.3.5.10-5.el7.x86_64.

Comment 5 Jan Pazdziora 2016-08-05 08:37:35 UTC

There are also new AVC denials that I did not see before. They are about SSSD but neither SSSD nor selinux-policy version changed from working installations:

type=AVC msg=audit(1470385620.907:199): avc:  denied  { write } for  pid=21669 comm="sssd" path="/etc/sssd/sssd.conf" dev="dm-0" ino=68557311 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file
type=AVC msg=audit(1470385620.907:199): avc:  denied  { create } for  pid=21669 comm="sssd" name="sssd.conf" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file
type=AVC msg=audit(1470385620.907:199): avc:  denied  { add_name } for  pid=21669 comm="sssd" name="sssd.conf" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir
type=AVC msg=audit(1470385620.907:199): avc:  denied  { write } for  pid=21669 comm="sssd" name="sssd" dev="dm-0" ino=68005492 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir
type=AVC msg=audit(1470385620.907:200): avc:  denied  { setattr } for  pid=21669 comm="sssd" name="sssd.conf" dev="dm-0" ino=68557311 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=file
type=AVC msg=audit(1470385621.493:201): avc:  denied  { create } for  pid=21670 comm="sssd" name="sbus-monitor" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file
type=AVC msg=audit(1470385621.493:202): avc:  denied  { setattr } for  pid=21670 comm="sssd" name="sbus-monitor" dev="dm-0" ino=598583 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file
type=AVC msg=audit(1470385621.493:203): avc:  denied  { getattr } for  pid=21670 comm="sssd" path="/var/lib/sss/pipes/private/sbus-monitor" dev="dm-0" ino=598583 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file
type=AVC msg=audit(1470385621.505:204): avc:  denied  { write } for  pid=21679 comm="sssd_be" name="sbus-monitor" dev="dm-0" ino=598583 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=sock_file

Comment 9 Noriko Hosoi 2016-08-10 23:36:46 UTC

Hi Jan,

Hopefully, 389-ds-base-1.3.5.10-7.el7 fixes your problem, too...

We got 3 bug reports on the day 389-ds-base-1.3.5.10-6.el7 was built and ready for testing...

Just in case -7 works for you, since this bug is not acked yet and it is a regression introduced by bug 1316580 which is being implemented for rhel-7.3, could you please close this bug as a duplicate of bug 1316580?

Thanks & sorry for blocking your test.
--noriko

Comment 11 Jan Pazdziora 2016-08-11 06:02:09 UTC

I confirm that installations with 389-ds-base-1.3.5.10-7.el7.x86_64 pass.

Comment 12 Noriko Hosoi 2016-08-11 15:26:56 UTC

(In reply to Jan Pazdziora from comment #11)
> I confirm that installations with 389-ds-base-1.3.5.10-7.el7.x86_64 pass.

Thank you so much, Jan!!

Closing this bug as dup of bz1316580.

*** This bug has been marked as a duplicate of bug 1316580 ***

Note You need to log in before you can comment on or make changes to this bug.