With development repo: ============================= [root@regular-guest ~]# rpm -q freeipa-server pki-silent pki-ca 389-ds-base freeipa-server-2.1.90.rc1-0.fc16.x86_64 pki-silent-9.0.19-1.fc16.noarch pki-ca-9.0.19-1.fc16.noarch 389-ds-base-1.2.10.6-1.fc16.x86_64 ============================= Running the ipa-server-install ============== ipa-server-install --setup-dns --forwarder=10.x.y.z -r FOO.BAR.COM -p testpwd -P testpwd -a testpwd -U . . . Configuring directory server for the CA: Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance ipa : CRITICAL failed to restart ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpElBwGd' returned non-zero exit status 1 [3/3]: restarting directory server ipa : CRITICAL Failed to restart the directory server. See the installation log for details. ============== => Attempting to start dirsrv manually <= ============== [root@regular-guest slapd-PKI-IPA]# service dirsrv start Redirecting to /bin/systemctl start dirsrv.service Job failed. See system logs and 'systemctl status' for details. ============== [root@regular-guest slapd-PKI-IPA]# service dirsrv status Redirecting to /bin/systemctl status dirsrv.service dirsrv.service - 389 Directory Server PKI-IPA.service. Loaded: loaded (/lib/systemd/system/dirsrv@.service; enabled) Active: failed CGroup: name=systemd:/system/dirsrv@.service/PKI-IPA.service [root@regular-guest slapd-PKI-IPA]# ============== => Log Info from dirsrv: <= ============== [root@regular-guest slapd-PKI-IPA]# ls access access.rotationinfo audit audit.rotationinfo errors errors.rotationinfo ============== [root@regular-guest slapd-PKI-IPA]# tail errors [02/May/2012:04:46:03 -0400] - slapd shutting down - closing down internal subsystems and plugins [02/May/2012:04:46:03 -0400] - Waiting for 4 database threads to stop [02/May/2012:04:46:03 -0400] - All database threads now stopped [02/May/2012:04:46:03 -0400] - slapd stopped. [02/May/2012:05:02:24 -0400] - Shutting down due to possible conflicts with other slapd processes [02/May/2012:05:02:25 -0400] - Shutting down due to possible conflicts with other slapd processes [02/May/2012:05:02:39 -0400] - Shutting down due to possible conflicts with other slapd processes [02/May/2012:05:04:15 -0400] - Shutting down due to possible conflicts with other slapd processes [02/May/2012:05:04:16 -0400] - Shutting down due to possible conflicts with other slapd processes [03/May/2012:02:10:02 -0400] - Shutting down due to possible conflicts with other slapd processes ============== [root@regular-guest slapd-PKI-IPA]# ps -ef | grep -i slapd root 30048 29891 0 02:11 pts/0 00:00:00 grep --color=auto -i slapd [root@regular-guest slapd-PKI-IPA]# ============== => Log info from ipaserver <= ============== [root@regular-guest slapd-PKI-IPA]# tail -20 /var/log/ipaserver-install.log 2012-05-02T09:04:15Z DEBUG args=/bin/systemctl --system daemon-reload 2012-05-02T09:04:15Z DEBUG stdout= 2012-05-02T09:04:15Z DEBUG stderr= 2012-05-02T09:04:15Z DEBUG args=/usr/sbin/selinuxenabled 2012-05-02T09:04:15Z DEBUG stdout= 2012-05-02T09:04:15Z DEBUG stderr= 2012-05-02T09:04:15Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv.systemd 2012-05-02T09:04:15Z DEBUG stdout= 2012-05-02T09:04:15Z DEBUG stderr= 2012-05-02T09:04:16Z DEBUG args=/bin/systemctl --system daemon-reload 2012-05-02T09:04:16Z DEBUG stdout= 2012-05-02T09:04:16Z DEBUG stderr= 2012-05-02T09:04:16Z DEBUG args=/bin/systemctl restart dirsrv 2012-05-02T09:04:16Z DEBUG stdout= 2012-05-02T09:04:16Z DEBUG stderr= 2012-05-02T09:04:16Z DEBUG args=/bin/systemctl is-active dirsrv 2012-05-02T09:04:16Z DEBUG stdout=deactivating 2012-05-02T09:04:16Z DEBUG stderr= 2012-05-02T09:04:16Z CRITICAL Failed to restart the directory server. See the installation log for details. [root@regular-guest slapd-PKI-IPA]# ==============
Could you try this with 389-ds-base-1.2.10.8 from updates-testing? If it solves the issue for you, please provide karma in Bodhi.
Actually, the errors log messages make it look like there could be a left over lock file from a previous install. Was this a truly clean system, or were you performing a new IPA install on a system that you had IPA installed on in the past? You can check what files you have in the following locations?: /var/run/dirsrv /var/lock/dirsrv/slapd-PKI-IPA/server /var/lock/dirsrv/slapd-PKI-IPA/exports /var/lock/dirsrv/slapd-PKI-IPA/imports
Nathan, Yes, it was truly clean system when I tried first. However, now, dirsrv seems to start just fine with the below versions, but there is a different issue of CA config failing (being handled in a different bz(818123) Here is the version info: [root@regular-guest export]# rpm -q 389-ds-base pki-ca pki-selinux freeipa-server 389-ds-base-1.2.10.8-1.fc16.x86_64 pki-ca-9.0.20-1.fc16.noarch pki-selinux-9.0.20-1.fc16.noarch freeipa-server-2.1.90.rc1-0.fc16.x86_64 [root@regular-guest export]# =============================== [root@regular-guest export]# ls /var/run/dirsrv/ slapd-PKI-IPA.pid slapd-PKI-IPA.startpid slapd-PKI-IPA.stats [root@regular-guest export]# ls /var/loc local/ lock/ [root@regular-guest export]# ls /var/lock/dirsrv/slapd-PKI-IPA/ exports imports server [root@regular-guest export]# ls /var/lock/dirsrv/slapd-PKI-IPA/server/ 18516 [root@regular-guest export]# ls /var/lock/dirsrv/slapd-PKI-IPA/exports/ [root@regular-guest export]# ls /var/lock/dirsrv/slapd-PKI-IPA/imports/ [root@regular-guest export]# =============================== [root@regular-guest dirsrv]#ipa-server-install --setup-dns --no-forwarders -r ENGLAB.PNQ.TEST.COM -p testpwd -P testpwd -a testpwd -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the FreeIPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. Warning: skipping DNS resolution of host regular-guest.englab.pnq.redhat.com The domain name has been calculated based on the host name. Using reverse zone 201.65.10.in-addr.arpa. The IPA Master Server will be configured with: Hostname: regular-guest.englab.pnq.redhat.com IP address: 10.65.201.202 Domain name: englab.pnq.redhat.com Realm name: ENGLAB.PNQ.TEST.COM BIND DNS server will be configured to serve IPA domain with: Forwarders: No forwarders Reverse zone: 201.65.10.in-addr.arpa. Configuring ntpd [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd done configuring ntpd. Configuring directory server for the CA: Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server done configuring pkids. Configuring certificate server: Estimated time 3 minutes 30 seconds [1/16]: creating certificate server user [2/16]: configuring certificate server instance ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'regular-guest.englab.pnq.redhat.com' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-t8gRZ4' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'HyE1i9gtNi3fp64ClH7K' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=ENGLAB.PNQ.TEST.COM' '-ldap_host' 'regular-guest.englab.pnq.redhat.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=ENGLAB.PNQ.TEST.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=ENGLAB.PNQ.TEST.COM' '-ca_server_cert_subject_name' 'CN=regular-guest.englab.pnq.redhat.com,O=ENGLAB.PNQ.TEST.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=ENGLAB.PNQ.TEST.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=ENGLAB.PNQ.TEST.COM' '-external' 'false' '-clone' 'false'' returned non-zero exit status 255 Unexpected error - see ipaserver-install.log for details: Configuration of CA failed [root@regular-guest dirsrv]# pwd /etc/dirsrv [root@regular-guest dirsrv]# cd /var/log/dirsrv/slapd-PKI-IPA/ [root@regular-guest slapd-PKI-IPA]# ls access access.rotationinfo audit audit.rotationinfo errors errors.rotationinfo [root@regular-guest slapd-PKI-IPA]# tail errors [16/May/2012:06:16:23 -0400] - I'm resizing my cache now...cache was 1658949632 and is now 8000000 [16/May/2012:06:16:24 -0400] - slapd started. Listening on All Interfaces port 7389 for LDAP requests [16/May/2012:06:16:25 -0400] - slapd shutting down - signaling operation threads [16/May/2012:06:16:25 -0400] - slapd shutting down - waiting for 29 threads to terminate [16/May/2012:06:16:25 -0400] - slapd shutting down - closing down internal subsystems and plugins [16/May/2012:06:16:25 -0400] - Waiting for 4 database threads to stop [16/May/2012:06:16:26 -0400] - All database threads now stopped [16/May/2012:06:16:26 -0400] - slapd stopped. [16/May/2012:06:16:27 -0400] - 389-Directory/1.2.10.8 B2012.124.1454 starting up [16/May/2012:06:16:27 -0400] - slapd started. Listening on All Interfaces port 7389 for LDAP requests '[root@regular-guest slapd-PKI-IPA]# ==============================================================================
The CA issue is definitely something different. In the DS code, the only reasons for getting the error mentioned in this bug report is if a lock file already exists, or if we are unable to access it (directory doesn't exist, permissions, etc.). Since this is not currently reproducible, I propose that we close this and re-open it if you encounter the issue again. If the issue is reproduced, I'd like the system left in the failure state so we can see why the issue is occurring. Does this sound OK with you?
IPA 2.2.0 isn't going to be supported in Fedora 16, the server anyway, so I'd try to reproduce this on F-17 using the final 2.2.0 release instead of the beta. The dogtag installer changed so that pki-ca >= 9.0.18 no longer works with the beta code.
Can you try reproducing this with 2.2.0? I'm inclined to close this as notabug.
CLosign this as WORKSFORME. Please reopen it if there is still an issue.