Bug 524311 - ipa-server-install fails adding default schema
Summary: ipa-server-install fails adding default schema
Keywords:
Status: CLOSED DUPLICATE of bug 516853
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 2.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 431020
TreeView+ depends on / blocked
 
Reported: 2009-09-18 19:38 UTC by Jenny Severance
Modified: 2015-01-04 23:40 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-01 13:47:03 UTC


Attachments (Terms of Use)

Description Jenny Severance 2009-09-18 19:38:45 UTC
Description of problem:

Installation Output:

[root@jennyv2 yum.repos.d]# ipa-server-install

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup the IPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure TurboGears

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [jennyv2.bos.redhat.com]: 

The domain name has been calculated based on the host name.

Please confirm the domain name [bos.redhat.com]: 

The IPA Master Server will be configured with
Hostname:    jennyv2.bos.redhat.com
IP address:  10.16.0.47
Domain name: bos.redhat.com

The server must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [BOS.REDHAT.COM]: 
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: 
Password (confirm): 

The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.

IPA admin password: 
Password (confirm): 


The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server:
  [1/18]: creating directory server user
  [2/18]: creating directory server instance
root        : CRITICAL failed to restart ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmppU1D4c' returned non-zero exit status 1
  [3/18]: adding default schema
Unexpected error - see ipaserver-install.log for details:
 [Errno 2] No such file or directory: '/etc/dirsrv/slapd-BOS-REDHAT-COM//schema/05rfc2247.ldif'


DS errors log:

	Red Hat-Directory/8.1.0 B2009.111.1829
	<host>:<port> (/etc/dirsrv/slapd-BOS-REDHAT-COM)

[18/Sep/2009:15:14:15 -0400] - could not open config file "/etc/dirsrv/slapd-BOS-REDHAT-COM/slapd-collations.conf" - absolute path?
[18/Sep/2009:15:14:15 -0400] schema - No schema files were found in the directory /etc/dirsrv/slapd-BOS-REDHAT-COM/schema
[18/Sep/2009:15:14:15 -0400] dse - Please edit the file to correct the reported problems and then restart the server.
	Red Hat-Directory/8.1.0 B2009.111.1829
	<host>:<port> (/etc/dirsrv/slapd-BOS-REDHAT-COM)

[18/Sep/2009:15:32:26 -0400] - could not open config file "/etc/dirsrv/slapd-BOS-REDHAT-COM/slapd-collations.conf" - absolute path?
[18/Sep/2009:15:32:26 -0400] schema - No schema files were found in the directory /etc/dirsrv/slapd-BOS-REDHAT-COM/schema
[18/Sep/2009:15:32:26 -0400] dse - Please edit the file to correct the reported problems and then restart the server.



Version-Release number of selected component (if applicable):
ipa-server-2.0-4.20090918.el5ipa

How reproducible:
always

Steps to Reproduce:
1. yum -y install ipa-server ipa-admintools bind caching-nameserver expect krb5-workstation bind-dyndb-ldap ipa-client
2. ipa-server-install 
  
Actual results:


Expected results:


Additional info:

Comment 1 Jenny Severance 2009-09-18 20:39:43 UTC
issue is caused by existing directory server information on the machine - lowering bug priority as it is not a blocker if you clean up the directory server after an ipa-server-install --uninstall

However, this should not happen, either the un-install needs to clean up properly and the install needs to handle it properly.

Comment 2 Dmitri Pal 2009-09-18 21:08:54 UTC
Is this an IPA or DS bug then?

Comment 3 Rob Crittenden 2009-09-23 12:53:05 UTC
What cleanup do you mean?

The base assumption for IPA has always been that this is a vanilla machine.

Comment 4 Jenny Severance 2009-09-23 12:59:12 UTC
Hi Rob:
The ipa-server-install --uninstalll and subsequent yum erase ipa-server, should have cleaned up the directory server.  I didn't install a directory server on the machine before another ipa install attempt.
Jenny

Comment 5 Rob Crittenden 2009-09-23 13:58:33 UTC
The ipa-server-install --uninstall should have remove all remnants of the DS instance and you'd have gotten a warning on the next install if it hadn't (it just looks for things named /etc/dirsrv/slapd-*, not contents of it).

So it may have been something else.

Comment 7 Yi Zhang 2009-09-29 16:32:58 UTC

output of running "ipa-server-install" on rhel 5.4 i386 host

>> Configuring ntpd
>>   [1/4]: stopping ntpd
>>   [2/4]: writing configuration
>>   [3/4]: configuring ntpd to start on boot
>>   [4/4]: starting ntpd
>> done configuring ntpd.
>> Configuring directory server:
>>   [1/19]: creating directory server user
>>   [2/19]: creating directory server instance
>>   [3/19]: adding default schema
>> Unexpected error - see ipaserver-install.log for details:
>>  [Errno 2] No such file or directory:
>> '/etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM//schema/05rfc2247.ldif'

Comment 9 Rob Crittenden 2009-09-29 16:59:47 UTC
Can you confirm the version of DS?

After it fails, what are the contents of /etc/dirsrv/slapd-<INSTANCE>/schema?

Comment 10 Yi Zhang 2009-09-30 17:41:06 UTC
[root@mv32a-vm ~]# rpm -qi redhat-ds-base
Name        : redhat-ds-base               Relocations: (not relocatable)
Version     : 9.0.0                             Vendor: Red Hat, Inc.
Release     : 20090929.el5dsrv              Build Date: Tue 29 Sep 2009 01:14:02 AM PDT
Install Date: Tue 29 Sep 2009 08:40:43 AM PDT      Build Host: x86-001.build.bos.redhat.com
Group       : System Environment/Daemons    Source RPM: redhat-ds-base-9.0.0-20090929.el5dsrv.src.rpm
Size        : 5120406                          License: GPLv2 with exceptions
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.redhat.com/directory_server/
Summary     : Red Hat Directory Server (base)
Description :
Red Hat Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.


======================

ls /etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/schema/ -l
total 508
-r-------- 1 dirsrv root 25308 Sep 29 08:49 00core.ldif
-r-------- 1 dirsrv root 17547 Sep 29 08:49 01core389.ldif
-r-------- 1 dirsrv root 32135 Sep 29 08:49 02common.ldif
-r-------- 1 dirsrv root  2620 Sep 29 08:49 05rfc2927.ldif
-r-------- 1 dirsrv root  5908 Sep 29 08:49 05rfc4523.ldif
-r-------- 1 dirsrv root 10119 Sep 29 08:49 05rfc4524.ldif
-r-------- 1 dirsrv root  4705 Sep 29 08:49 06inetorgperson.ldif
-r-------- 1 dirsrv root  9211 Sep 29 08:49 10rfc2307.ldif
-r-------- 1 dirsrv root  6385 Sep 29 08:49 20subscriber.ldif
-r-------- 1 dirsrv root  4624 Sep 29 08:49 25java-object.ldif
-r-------- 1 dirsrv root 13376 Sep 29 08:49 30ns-common.ldif
-r-------- 1 dirsrv root  8374 Sep 29 08:49 50ns-admin.ldif
-r-------- 1 dirsrv root  2866 Sep 29 08:49 50ns-certificate.ldif
-r-------- 1 dirsrv root 18313 Sep 29 08:49 50ns-directory.ldif
-r-------- 1 dirsrv root 10576 Sep 29 08:49 50ns-mail.ldif
-r-------- 1 dirsrv root  4776 Sep 29 08:49 50ns-value.ldif
-r-------- 1 dirsrv root  2865 Sep 29 08:49 50ns-web.ldif
-r-------- 1 dirsrv root  1129 Sep 29 08:49 60autofs.ldif
-rw-r--r-- 1 root   root 17259 Sep 29 08:49 60basev2.ldif
-r-------- 1 dirsrv root  3311 Sep 29 08:49 60eduperson.ldif
-rw-r--r-- 1 root   root  4156 Sep 29 08:49 60ipaconfig.ldif
-rw-r--r-- 1 root   root 18404 Sep 29 08:49 60kerberos.ldif
-r-------- 1 dirsrv root  6856 Sep 29 08:49 60mozilla.ldif
-r-------- 1 dirsrv root   741 Sep 29 08:49 60nss-ldap.ldif
-r-------- 1 dirsrv root  4036 Sep 29 08:49 60pam-plugin.ldif
-rw-r--r-- 1 root   root  5407 Sep 29 08:49 60policyv2.ldif
-r-------- 1 dirsrv root  3552 Sep 29 08:49 60pureftpd.ldif
-rw-r--r-- 1 root   root 15832 Sep 29 08:49 60radius.ldif
-r-------- 1 dirsrv root  3497 Sep 29 08:49 60rfc2739.ldif
-r-------- 1 dirsrv root 15368 Sep 29 08:49 60rfc3712.ldif
-r-------- 1 dirsrv root  2040 Sep 29 08:49 60sabayon.ldif
-rw-r--r-- 1 root   root 13652 Sep 29 08:49 60samba.ldif
-r-------- 1 dirsrv root  1970 Sep 29 08:49 60sudo.ldif
-r-------- 1 dirsrv root  1281 Sep 29 08:49 60trust.ldif
-rw------- 1 dirsrv root  2210 Sep 29 08:49 99user.ldif

Comment 11 Rob Crittenden 2009-09-30 17:54:45 UTC
IPA doesn't work with DS 9.0 yet. You have to use 8.1.

Comment 12 Yi Zhang 2009-09-30 18:00:00 UTC
I accidentally have DS90 in my repo directory. I removed it and try ds80 now.

Comment 13 Yi Zhang 2009-09-30 21:11:08 UTC
ipa install success when DS8.1 is used. 

Shall I close this bug?

Comment 14 Jenny Severance 2009-10-01 12:32:41 UTC
I think we can, I don't think we would ever see this in the wild - just in our test environments.

Comment 15 Chandrasekar Kannan 2009-10-01 13:18:41 UTC
why not ?. 389-ds-base with schema updates is already out in the wild. any gutsy ipa server user thats building from source and attempting to use it the newer 389-ds-base will see it ?.

Comment 16 Jenny Severance 2009-10-01 13:22:14 UTC
I didn't think of that - so let's not close

Comment 17 Rob Crittenden 2009-10-01 13:47:03 UTC
If this is the only problem then it is a duplicate, closing.

*** This bug has been marked as a duplicate of bug 516853 ***


Note You need to log in before you can comment on or make changes to this bug.