I have a feeling that there is something broken with your image. Could you try installing Centos from ISO?
On 16 May 2017 at 22:37, Robert L. Harris <robert.l.har...@gmail.com> wrote: > > I left SELinux enabled, no change, still streaming the same error: > > [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize > failed. Certificate database: /etc/httpd/alias. > [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error: > -8038 SEC_ERROR_NOT_INITIALIZED > [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS > database exist? > > > > On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.hol...@gmail.com> > wrote: > >> Yea, I would try installing IPA then making the changes that you want. I >> think SELinux should be left enabled however. It makes admin super fun! :) >> >> >> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.har...@gmail.com> >> wrote: >> >>> >>> I did disable selinux as it gave errors setting up my standard users, >>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable >>> selinux and then try again. >>> >>> >>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <andrew.hol...@gmail.com> >>> wrote: >>> >>>> This is pretty weird. FreeIPA installation normally works. >>>> >>>> Has the operating system image been changed or optimised somehow? >>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from >>>> the ISO? >>>> >>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.har...@gmail.com> >>>> wrote: >>>> >>>>> >>>>> 2 Gigs, it's a VM. The VM didn't report any memory issues ( no >>>>> alarms on VMWare ) >>>>> >>>>> >>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway < >>>>> andrew.hol...@gmail.com> wrote: >>>>> >>>>>> Hallo, >>>>>> >>>>>> How much memory do you have on the machine. I have a sneaking >>>>>> suspicion that you're running out. >>>>>> >>>>>> Ta, >>>>>> >>>>>> Andrew >>>>>> >>>>>> On 16 May 2017 at 17:16, Robert L. Harris <robert.l.har...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> Last night I rolled back my snapshot. Here's what I have after the >>>>>>> yum install >>>>>>> >>>>>>> "minimal" install of Centos7 + basic build. >>>>>>> {0}:/var/log>cat /etc/*elease >>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>> NAME="CentOS Linux" >>>>>>> VERSION="7 (Core)" >>>>>>> ID="centos" >>>>>>> ID_LIKE="rhel fedora" >>>>>>> VERSION_ID="7" >>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)" >>>>>>> ANSI_COLOR="0;31" >>>>>>> CPE_NAME="cpe:/o:centos:centos:7" >>>>>>> HOME_URL="https://www.centos.org/" >>>>>>> BUG_REPORT_URL="https://bugs.centos.org/" >>>>>>> >>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7" >>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7" >>>>>>> REDHAT_SUPPORT_PRODUCT="centos" >>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7" >>>>>>> >>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>> CentOS Linux release 7.3.1611 (Core) >>>>>>> >>>>>>> >>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb' >>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64 >>>>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch >>>>>>> ipa-common-4.4.0-14.el7.centos.7.noarch >>>>>>> perl-HTTP-Tiny-0.033-3.el7.noarch >>>>>>> python-iniparse-0.4-9.el7.noarch >>>>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch >>>>>>> pam_krb5-2.4.8-6.el7.x86_64 >>>>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64 >>>>>>> python-ipaddress-1.0.16-2.el7.noarch >>>>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch >>>>>>> krb5-libs-1.14.1-27.el7_3.x86_64 >>>>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 >>>>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64 >>>>>>> krb5-workstation-1.14.1-27.el7_3.x86_64 >>>>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64 >>>>>>> >>>>>>> Tried to pull an exact client. The "yum install ipa-server" went >>>>>>> fine: >>>>>>> >>>>>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server >>>>>>> ipa-server-4.4.0-14.el7.centos.7.x86_64 >>>>>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch >>>>>>> >>>>>>> >>>>>>> "ipa-server-install" ran clean but has been stuck for 2 days: >>>>>>> >>>>>>> Restarting the directory server >>>>>>> Restarting the KDC >>>>>>> Please add records in this file to your DNS system: >>>>>>> /tmp/ipa.system.records.qLsLyx.db >>>>>>> Restarting the web server >>>>>>> Configuring client side components >>>>>>> Using existing certificate '/etc/ipa/ca.crt'. >>>>>>> Client hostname: ipa.rdlg.net >>>>>>> Realm: RDLG.NET >>>>>>> DNS Domain: rdlg.net >>>>>>> IPA Server: ipa.rdlg.net >>>>>>> BaseDN: dc=rdlg,dc=net >>>>>>> >>>>>>> Skipping synchronizing time with NTP server. >>>>>>> New SSSD config will be created >>>>>>> Configured sudoers in /etc/nsswitch.conf >>>>>>> Configured /etc/sssd/sssd.conf >>>>>>> trying https://ipa.rdlg.net/ipa/json >>>>>>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json' >>>>>>> >>>>>>> Checking the /var/log/httpd/error.log has 2 days of just this: >>>>>>> >>>>>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182] NSS_Initialize >>>>>>> failed. Certificate database: /etc/httpd/alias. >>>>>>> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library >>>>>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED >>>>>>> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the NSS >>>>>>> database exist? >>>>>>> >>>>>>> >>>>>>> Robert >>>>>>> >>>>>>> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <rcrit...@redhat.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Robert L. Harris wrote: >>>>>>>> > >>>>>>>> > Hmmm >>>>>>>> > >>>>>>>> > {0}:/var/log>ls >>>>>>>> > anaconda btmp dmesg grubby maillog ppp >>>>>>>> secure >>>>>>>> > tallylog wtmp >>>>>>>> > audit cron dmesg.old grubby_prune_debug messages rhsm >>>>>>>> spooler >>>>>>>> > tuned yum.log >>>>>>>> > boot.log cups firewalld lastlog ntpstats samba >>>>>>>> sssd >>>>>>>> > vmware-vmsvc.log >>>>>>>> > >>>>>>>> > >>>>>>>> > root@ipa >>>>>>>> > {1}:/var/log>rpm -q -l http >>>>>>>> > package http is not installed >>>>>>>> > >>>>>>>> > root@ipa >>>>>>>> > {1}:/var/log>rpm -q -a | grep -i http >>>>>>>> > perl-HTTP-Tiny-0.033-3.el7.noarch >>>>>>>> > >>>>>>>> > root@ipa >>>>>>>> > {0}:/var/log>rpm -q -a | grep -i tomcat >>>>>>>> > >>>>>>>> > >>>>>>>> > Doesn't look like an httpd was installed as a dependancy? >>>>>>>> >>>>>>>> I find this very hard to believe given that it go so far as to >>>>>>>> configure >>>>>>>> things in Apache, restart it, etc. What version of [free]ipa-server >>>>>>>> is >>>>>>>> installed? How did you install it and from what repo? >>>>>>>> >>>>>>>> rob >>>>>>>> >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <mba...@redhat.com >>>>>>>> > <mailto:mba...@redhat.com>> wrote: >>>>>>>> > >>>>>>>> > That's weird, it should be super fast, anything in >>>>>>>> > /var/log/httpd/error_log? >>>>>>>> > >>>>>>>> > >>>>>>>> > On 11.05.2017 22:23, Robert L. Harris wrote: >>>>>>>> >> >>>>>>>> >> Odd, must have clicked reply instead of reply-all. >>>>>>>> >> >>>>>>>> >> Anyway, I did the revert and re-install. Actual install went >>>>>>>> >> through fine then the "ipa-server-install" ran until this: >>>>>>>> >> >>>>>>>> >> [8/9]: restoring configuration >>>>>>>> >> [9/9]: starting directory server >>>>>>>> >> Done. >>>>>>>> >> Restarting the directory server >>>>>>>> >> Restarting the KDC >>>>>>>> >> Please add records in this file to your DNS system: >>>>>>>> >> /tmp/ipa.system.records.v5Jwrt.db >>>>>>>> >> Restarting the web server >>>>>>>> >> Configuring client side components >>>>>>>> >> Using existing certificate '/etc/ipa/ca.crt'. >>>>>>>> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >> Realm: RDLG.NET <http://RDLG.NET> >>>>>>>> >> DNS Domain: rdlg.net <http://rdlg.net> >>>>>>>> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >> BaseDN: dc=rdlg,dc=net >>>>>>>> >> >>>>>>>> >> Skipping synchronizing time with NTP server. >>>>>>>> >> New SSSD config will be created >>>>>>>> >> Configured sudoers in /etc/nsswitch.conf >>>>>>>> >> Configured /etc/sssd/sssd.conf >>>>>>>> >> trying https://ipa.rdlg.net/ipa/json >>>>>>>> >> Forwarding 'schema' to json server ' >>>>>>>> https://ipa.rdlg.net/ipa/json' >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> It's been sitting there for a while ( 4 hours? ) I don't see >>>>>>>> >> anyting in the ipaserver-install.log, but it's here: >>>>>>>> >> https://pastebin.com/biK1Dmv7 >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti < >>>>>>>> mba...@redhat.com >>>>>>>> >> <mailto:mba...@redhat.com>> wrote: >>>>>>>> >> >>>>>>>> >> Please keep freeipa-users in CC >>>>>>>> >> >>>>>>>> >> Snapshot is always better, so I suggest to use it. >>>>>>>> Otherwise >>>>>>>> >> there is an option --ignore-last-of-role to unblock >>>>>>>> >> uninstallation. >>>>>>>> >> >>>>>>>> >> Martin >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> On 11.05.2017 16:00, Robert L. Harris wrote: >>>>>>>> >>> >>>>>>>> >>> Looks like you hit it, apache didn't have a group: >>>>>>>> >>> >>>>>>>> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at Thu >>>>>>>> >>> 2017-05-11 07:48:27 MDT. -- >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> systemd[1]: Starting The Apache HTTP Server... >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO KDC >>>>>>>> proxy >>>>>>>> >>> enabled >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> httpd[28809]: AH00544: httpd: bad group name apache >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> systemd[1]: httpd.service: main process exited, >>>>>>>> code=exited, >>>>>>>> >>> status=1/FAILURE >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> kill[28812]: kill: cannot find process "" >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> systemd[1]: httpd.service: control process exited, >>>>>>>> >>> code=exited status=1 >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> systemd[1]: Failed to start The Apache HTTP Server. >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> systemd[1]: Unit httpd.service entered failed state. >>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net> >>>>>>>> >>> systemd[1]: httpd.service failed. >>>>>>>> >>> >>>>>>>> >>> Thanks, didn't know that command. I tried to continue >>>>>>>> the >>>>>>>> >>> process: >>>>>>>> >>> >>>>>>>> >>> {0}:/root>ipa-server-install >>>>>>>> >>> >>>>>>>> >>> The log file for this installation can be found in >>>>>>>> >>> /var/log/ipaserver-install.log >>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR >>>>>>>> IPA >>>>>>>> >>> server is already configured on this system. >>>>>>>> >>> If you want to reinstall the IPA server, please >>>>>>>> uninstall it >>>>>>>> >>> first using 'ipa-server-install --uninstall'. >>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server): ERROR >>>>>>>> The >>>>>>>> >>> ipa-server-install command failed. See >>>>>>>> >>> /var/log/ipaserver-install.log for more information >>>>>>>> >>> >>>>>>>> >>> root@ipa >>>>>>>> >>> {1}:/root>ipa-server-install --uninstall >>>>>>>> >>> >>>>>>>> >>> This is a NON REVERSIBLE operation and will delete all >>>>>>>> data >>>>>>>> >>> and configuration! >>>>>>>> >>> >>>>>>>> >>> Are you sure you want to continue with the uninstall >>>>>>>> >>> procedure? [no]: yes >>>>>>>> >>> ipa : ERROR Server removal aborted: Deleting >>>>>>>> this >>>>>>>> >>> server is not allowed as it would leave your >>>>>>>> installation >>>>>>>> >>> without a CA.. >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> This is a VM and I took a snapshot right before I >>>>>>>> started the >>>>>>>> >>> install, so I can revert, just make sure ti add the >>>>>>>> apache >>>>>>>> >>> user before starting the install. Or if you have a >>>>>>>> better >>>>>>>> >>> command to continue the clean-up/install..... >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti >>>>>>>> >>> <mba...@redhat.com <mailto:mba...@redhat.com>> wrote: >>>>>>>> >>> >>>>>>>> >>> Hello, >>>>>>>> >>> >>>>>>>> >>> comments inline >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> On 11.05.2017 06:06, Robert L. Harris wrote: >>>>>>>> >>>> >>>>>>>> >>>> Sigh... Sorry, it's been a long day, I thought I >>>>>>>> put >>>>>>>> >>>> that log in the first pastebin. It's in this one: >>>>>>>> >>>> https://pastebin.com/18PAXXNS >>>>>>>> >>> >>>>>>>> >>> Could you please provide journalctl -u httpd and >>>>>>>> >>> /var/log/httpd/error_log ? >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>>> >>>>>>>> >>>> Also, >>>>>>>> >>>> Anyone else get the constant spam when mailing >>>>>>>> this >>>>>>>> >>>> list? Got an address to block for it? >>>>>>>> >>> >>>>>>>> >>> Sorry for that, there is a bot mining public >>>>>>>> archives. We >>>>>>>> >>> plan to resolve this issue but it may take time as >>>>>>>> we are >>>>>>>> >>> not maintaining our mailman. >>>>>>>> >>> >>>>>>>> >>> Martin >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>>> >>>>>>>> >>>> Robert >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman >>>>>>>> >>>> <data...@gmail.com <mailto:data...@gmail.com>> >>>>>>>> wrote: >>>>>>>> >>>> >>>>>>>> >>>> Robert, did you look in >>>>>>>> >>>> /var/log/ipaserver-install.log as it says? >>>>>>>> >>>> >>>>>>>> >>>> Was there any other information? >>>>>>>> >>>> >>>>>>>> >>>> cheers >>>>>>>> >>>> L. >>>>>>>> >>>> >>>>>>>> >>>> ------ >>>>>>>> >>>> "Mission Statement: To provide hope and >>>>>>>> inspiration >>>>>>>> >>>> for collective action, to build collective >>>>>>>> power, to >>>>>>>> >>>> achieve collective transformation, rooted in >>>>>>>> grief >>>>>>>> >>>> and rage but pointed towards vision and >>>>>>>> dreams." >>>>>>>> >>>> >>>>>>>> >>>> - Patrice Cullors, /Black Lives Matter >>>>>>>> founder/ >>>>>>>> >>>> >>>>>>>> >>>> On 11 May 2017 at 13:24, Robert L. Harris >>>>>>>> >>>> <robert.l.har...@gmail.com >>>>>>>> >>>> <mailto:robert.l.har...@gmail.com>> wrote: >>>>>>>> >>>> >>>>>>>> >>>> Ok, I gave up on Ubuntu. I'm now trying >>>>>>>> the >>>>>>>> >>>> latest CentOS7. I built out a "minimal >>>>>>>> server" >>>>>>>> >>>> with some normal base packages which did >>>>>>>> include >>>>>>>> >>>> the freeipa-client but otherwise, just >>>>>>>> standard >>>>>>>> >>>> tools. Here's a pastebin of the output of >>>>>>>> the >>>>>>>> >>>> install: https://pastebin.com/zAWCgkUU >>>>>>>> >>>> >>>>>>>> >>>> Robert >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> -- >>>>>>>> >>>> Manage your subscription for the >>>>>>>> Freeipa-users >>>>>>>> >>>> mailing list: >>>>>>>> >>>> https://www.redhat.com/ >>>>>>>> mailman/listinfo/freeipa-users >>>>>>>> >>>> Go to http://freeipa.org for more info on >>>>>>>> the >>>>>>>> >>>> project >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> -- >>>>>>>> >>>> Manage your subscription for the Freeipa-users >>>>>>>> >>>> mailing list: >>>>>>>> >>>> https://www.redhat.com/ >>>>>>>> mailman/listinfo/freeipa-users >>>>>>>> >>>> Go to http://freeipa.org for more info on the >>>>>>>> project >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>> >>>>>>>> >>> -- >>>>>>>> >>> Martin Bašti >>>>>>>> >>> Software Engineer >>>>>>>> >>> Red Hat Czech >>>>>>>> >>> >>>>>>>> >> >>>>>>>> >> -- >>>>>>>> >> Martin Bašti >>>>>>>> >> Software Engineer >>>>>>>> >> Red Hat Czech >>>>>>>> >> >>>>>>>> > >>>>>>>> > -- >>>>>>>> > Martin Bašti >>>>>>>> > Software Engineer >>>>>>>> > Red Hat Czech >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Manage your subscription for the Freeipa-users mailing list: >>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>> Go to http://freeipa.org for more info on the project >>>>>>> >>>>>> >>>>>> >>>> >>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project