Bug 971639 - freeipa-server install failed.
Summary: freeipa-server install failed.
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-07 02:23 UTC by fjayalat
Modified: 2013-06-11 07:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-06-11 07:05:52 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description fjayalat 2013-06-07 02:23:57 UTC
Description of problem:

TRying to setup IPA as per the following documentation.


https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication#Test_Results


Basic installation tests :

ipa-server-install -a Secret123 -p Secret123 --domain=bne.redhat.com --realm=BNE.REDHAT.COM --hostname dhcp-1-175.bne.redhat.com  -U

Fails with errors.


[20/36]: restarting directory server

ipa         : CRITICAL Failed to restart the directory server ([Errno -2] Name or service not known). See the installation log for details.

 [21/36]: adding default layout
ipa         : CRITICAL Failed to load bootstrap-template.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpcM41Si -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpHrGeXr' returned non-zero exit status 255
  [22/36]: adding delegation layout
ipa         : CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpFdnOgs -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpj_3gt0' returned non-zero exit status 255
  [23/36]: adding replication acis
ipa         : CRITICAL Failed to load replica-acis.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmppohs8Q -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpqgnwzx' returned non-zero exit status 255
  [24/36]: creating container for managed entries
ipa         : CRITICAL Failed to load managed-entries.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpfPQHzM -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmplAUgEx' returned non-zero exit status 255
  [25/36]: configuring user private groups
ipa         : CRITICAL Failed to load user_private_groups.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpqq4Mif -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpTrUWji' returned non-zero exit status 255
  [26/36]: configuring netgroups from hostgroups
ipa         : CRITICAL Failed to load host_nis_groups.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpxtdBOd -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpWfNLZ8' returned non-zero exit status 255
  [27/36]: creating default Sudo bind user
ipa         : CRITICAL Failed to load sudobind.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpoh4b3c -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpjvSf0P' returned non-zero exit status 255
  [28/36]: creating default Auto Member layout
ipa         : CRITICAL Failed to load automember.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpmZdOCf -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpXZCXor' returned non-zero exit status 255
  [29/36]: adding range check plugin
ipa         : CRITICAL Failed to load range-check-conf.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpXLmEH2 -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmp3CJsXy' returned non-zero exit status 255
  [30/36]: creating default HBAC rule allow_all
ipa         : CRITICAL Failed to load default-hbac.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpd4PyrZ -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpfARsMU' returned non-zero exit status 255
  [31/36]: initializing group membership
ipa         : CRITICAL Failed to load memberof-task.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpbfIHyr -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmp1aROmn' returned non-zero exit status 255
Can't contact LDAP server


iptables are turned off

hostname fully resolvable :

nslookup dhcp-1-175.bne.redhat.com
Server:		10.64.63.6
Address:	10.64.63.6#53

Name:	dhcp-1-175.bne.redhat.com
Address: 10.64.1.175



Version-Release number of selected component (if applicable):

Fedora release 18 (Spherical Cow)

rpm -qa | grep freeipa
freeipa-server-selinux-3.1.4-1.fc18.x86_64
freeipa-admintools-3.1.4-1.fc18.x86_64
freeipa-server-3.1.4-1.fc18.x86_64
freeipa-client-3.1.4-1.fc18.x86_64
freeipa-python-3.1.4-1.fc18.x86_64




How reproducible:



Steps to Reproduce:
1.Followed instructions in : 
https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication


2.Get environment script
wget http://npmccallum.fedorapeople.org/freeipa-otp/ipa-testday-env


3.# If you have mod_ssl installed, it will cause a conflict during environment install
yum remove mod_ssl

4.# Install FreeIPA 2FA test environment
bash ipa-testday-env install

5.yum install freeipa-server

6.ipa-server-install -a Secret123 -p Secret123 --domain=bne.redhat.com --realm=BNE.REDHAT.COM --hostname dhcp-1-175.bne.redhat.com  -U


Actual results:

[root@dhcp-1-175 ~]# ipa-server-install -a Secret123 -p Secret123 --domain=bne.redhat.com --realm=BNE.REDHAT.COM --hostname dhcp-1-175.bne.redhat.com  -U

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd


The IPA Master Server will be configured with:
Hostname:      dhcp-1-175.bne.redhat.com
IP address:    10.64.1.175
Domain name:   bne.redhat.com
Realm name:    BNE.REDHAT.COM

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/36]: creating directory server user
  [2/36]: creating directory server instance
ipa         : CRITICAL Failed to restart the directory server ([Errno -2] Name or service not known). See the installation log for details.
  [3/36]: adding default schema
  [4/36]: enabling memberof plugin
  [5/36]: enabling winsync plugin
  [6/36]: configuring replication version plugin
  [7/36]: enabling IPA enrollment plugin
  [8/36]: enabling ldapi
  [9/36]: configuring uniqueness plugin
  [10/36]: configuring uuid plugin
  [11/36]: configuring modrdn plugin
  [12/36]: configuring DNS plugin
  [13/36]: enabling entryUSN plugin
  [14/36]: configuring lockout plugin
  [15/36]: creating indices
  [16/36]: enabling referential integrity plugin
  [17/36]: configuring certmap.conf
  [18/36]: configure autobind for root
  [19/36]: configure new location for managed entries
  [20/36]: restarting directory server
ipa         : CRITICAL Failed to restart the directory server ([Errno -2] Name or service not known). See the installation log for details.
  [21/36]: adding default layout
ipa         : CRITICAL Failed to load bootstrap-template.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpcM41Si -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpHrGeXr' returned non-zero exit status 255
  [22/36]: adding delegation layout
ipa         : CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpFdnOgs -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpj_3gt0' returned non-zero exit status 255
  [23/36]: adding replication acis
ipa         : CRITICAL Failed to load replica-acis.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmppohs8Q -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpqgnwzx' returned non-zero exit status 255
  [24/36]: creating container for managed entries
ipa         : CRITICAL Failed to load managed-entries.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpfPQHzM -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmplAUgEx' returned non-zero exit status 255
  [25/36]: configuring user private groups
ipa         : CRITICAL Failed to load user_private_groups.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpqq4Mif -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpTrUWji' returned non-zero exit status 255
  [26/36]: configuring netgroups from hostgroups
ipa         : CRITICAL Failed to load host_nis_groups.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpxtdBOd -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpWfNLZ8' returned non-zero exit status 255
  [27/36]: creating default Sudo bind user
ipa         : CRITICAL Failed to load sudobind.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpoh4b3c -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpjvSf0P' returned non-zero exit status 255
  [28/36]: creating default Auto Member layout
ipa         : CRITICAL Failed to load automember.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpmZdOCf -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpXZCXor' returned non-zero exit status 255
  [29/36]: adding range check plugin
ipa         : CRITICAL Failed to load range-check-conf.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpXLmEH2 -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmp3CJsXy' returned non-zero exit status 255
  [30/36]: creating default HBAC rule allow_all
ipa         : CRITICAL Failed to load default-hbac.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpd4PyrZ -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmpfARsMU' returned non-zero exit status 255
  [31/36]: initializing group membership
ipa         : CRITICAL Failed to load memberof-task.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpbfIHyr -H ldap://dhcp-1-175.bne.redhat.com:389 -x -D cn=Directory Manager -y /tmp/tmp1aROmn' returned non-zero exit status 255
Can't contact LDAP server



Expected results:

install to complete successfully.


Additional info:

Comment 2 Martin Kosek 2013-06-07 07:03:59 UTC
One note at the beginning, the test day is targeted on Fedora 19 as FreeIPA OTP feature is only available there.

Still, ipa-server-install should not crash. This seems to be the reason of the whole failure:

  [2/36]: creating directory server instance
ipa         : CRITICAL Failed to restart the directory server ([Errno -2] Name or service not known). See the installation log for details.

I am afraid that we cannot do much more without either ipaserver-install.log or dirsrv errors log. Can you please try to run the installation one more time and retrieve it? Otherwise I would need to close it for a lack of information as I just tried ipa-server-install with most up-to-date Fedora 18 and it succeeded.

Comment 3 Alexander Bokovoy 2013-06-07 07:26:28 UTC
Fedora 18 is not sufficient for testing FreeIPA 3.2. There are multiple dependencies that are only available for Fedora 19, including ABI break between Kerberos KDB driver interfaces.

Sorry, but chasing this failure in Fedora 18 environment is not going to be helpful to anyone and will only waste time for all of us.

Comment 4 Martin Kosek 2013-06-07 08:10:28 UTC
Right. I only planned to investigate the issue when this is a general FreeIPA install issue on Fedora 18 as this is still a supported Fedora version. We cannot of course support a mixture of Fedora 18 and Fedora 19 bits if this is the case.

Comment 5 Martin Kosek 2013-06-11 07:05:52 UTC
I am closing this Bugzilla as there was an unsupported environment (Fedora 19 Test Day tested on Fedora 18).

fjayalat, if you experience an installation error with vanilla Fedora 18 FreeIPA packages again, please feel free to reopen the bug (with provided logs) and we will look into this issue.


Note You need to log in before you can comment on or make changes to this bug.