Bug 652954 - Installation on fedora14 is a bit iffy, with ipa-server-install
Summary: Installation on fedora14 is a bit iffy, with ipa-server-install
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 1.2
Hardware: i686
OS: Linux
low
high
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-13 19:21 UTC by Alexander Rydekull
Modified: 2015-01-04 23:44 UTC (History)
4 users (show)

Fixed In Version: ipa-1.2.2-5.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-28 09:38:39 UTC


Attachments (Terms of Use)

Description Alexander Rydekull 2010-11-13 19:21:15 UTC
Description of problem:
Installation fails with bad error description:
[Errno 2] No such file or directory

Version-Release number of selected component (if applicable):
Installed Packages
Name        : ipa-server
Arch        : i686
Version     : 1.2.2
Release     : 4.fc14
Size        : 1.5 M
Repo        : installed
From repo   : fedora
Summary     : The IPA authentication server
URL         : http://www.freeipa.org/
License     : GPLv2
Description : IPA is an integrated solution to provide centrally managed Identity (machine,
            : user, virtual machines, groups, authentication credentials), Policy
            : (configuration settings, access control information) and Audit (events,
            : logs, analysis thereof). If you are installing an IPA server you need
            : to install this package (in other words, most people should NOT install
            : this package).
  
Actual results:
2010-11-13 16:40:19,023 DEBUG   [5/13]: configuring KDC
2010-11-13 16:40:19,031 DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
2010-11-13 16:40:19,362 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2010-11-13 16:40:19,370 DEBUG Backing up system configuration file '/etc/krb5.conf'
2010-11-13 16:40:19,374 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2010-11-13 16:40:19,388 DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
2010-11-13 16:40:19,390 DEBUG   -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist
2010-11-13 16:40:19,394 DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
2010-11-13 16:40:19,395 DEBUG   -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist
2010-11-13 16:40:19,397 DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
2010-11-13 16:40:19,403 DEBUG   -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist
2010-11-13 16:40:19,570 DEBUG [Errno 2] No such file or directory
  File "/usr/sbin/ipa-server-install", line 609, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 509, in main
    krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)

  File "/usr/lib/python2.7/site-packages/ipaserver/krbinstance.py", line 151, in create_instance
    self.start_creation("Configuring Kerberos KDC")

  File "/usr/lib/python2.7/site-packages/ipaserver/service.py", line 139, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/krbinstance.py", line 317, in __create_instance
    ipautil.run(args)

  File "/usr/lib/python2.7/site-packages/ipa/ipautil.py", line 90, in run
    p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)

  File "/usr/lib/python2.7/subprocess.py", line 672, in __init__
    errread, errwrite)

  File "/usr/lib/python2.7/subprocess.py", line 1201, in _execute_child
    raise child_exception


Expected results:
Configuring Kerberos KDC
  [1/13]: setting KDC account password
  [2/13]: adding sasl mappings to the directory
  [3/13]: adding kerberos entries to the DS
  [4/13]: adding default ACIs
  [5/13]: configuring KDC
  [6/13]: adding default keytypes
  [7/13]: creating a keytab for the directory
  [8/13]: creating a keytab for the machine
  [9/13]: exporting the kadmin keytab
  [10/13]: adding the password extension to the directory
  [11/13]: adding the kerberos master key to the directory
  [12/13]: starting the KDC
  [13/13]: configuring KDC to start on boot
done configuring krb5kdc.


Additional info:

Well, I'm not a python guy, so I took strace in use to figure it out. When looking at the log created by strace it became obvious that it was searching for tools under /usr/kerberos/sbin which simply doesnt exist.

The different packages install under /usr/sbin directly.

So, the workaround to fix it was simply:
# mkdir -p /usr/kerberos/sbin ; cd /usr/sbin ; for FILE in $(ls k*) ; do ln -s /usr/sbin/$FILE /usr/kerberos/sbin ; done

---

However, when I passed that small error I stumbled upon another one. 
It was trying to use /usr/lib/mozldap/ldappasswd when setting the admin password. But, this wasnt installed seeing as:

# yum deplist ipa-server | grep -c mozldap-tools
0

The fix, being the obvious:
# yum install mozldap-tools

Then my ipa-server-install went through perfectly :-)

Comment 1 Shawn 2010-11-13 22:24:33 UTC
The following got me through the install with ipa-server-1.2.2-4.fc14.x86_64



In the directory 
/usr/lib/python2.7/site-packages/ipaserver

The following two files and commands need to be corrected to change /usr/kerberos/sbin to /usr/sbin

installutils.py:    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])


krbinstance.py:            args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]

Comment 2 Rob Crittenden 2010-11-13 23:27:58 UTC
This is a partial duplicate, see bug https://bugzilla.redhat.com/show_bug.cgi?id=650725

I'll take a look at the dependencies issue.

Comment 3 Rob Crittenden 2010-11-17 21:30:52 UTC
Added dependency on mozldap-tools to ipa-server. I'm guessing this is because 389-ds-base is using openldap-client tools now.


Note You need to log in before you can comment on or make changes to this bug.