On (08/11/16 10:29), 郑磊 wrote:
>Hello everyone,
>
>I have successfully set up the FreeIPA environment on Ubuntu when selinux is
>disable. But when selinux is enable, there is a configuring ipa-otpd error
>occurred.
>
>The ipaserver-install.log shows following informations:
>2016-11-08T01:55:18Z DEBUG [1/2]: starting ipa-otpd
>2016-11-08T01:55:18Z DEBUG Starting external process
>2016-11-08T01:55:18Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket
>2016-11-08T01:55:18Z DEBUG Process finished, return code=3
>2016-11-08T01:55:18Z DEBUG stdout=inactive
>
>2016-11-08T01:55:18Z DEBUG stderr=
>2016-11-08T01:55:18Z DEBUG Loading StateFile from
>'/var/lib/ipa/sysrestore/sysrestore.state'
>2016-11-08T01:55:18Z DEBUG Saving StateFile to
>'/var/lib/ipa/sysrestore/sysrestore.state'
>2016-11-08T01:55:18Z DEBUG Starting external process
>2016-11-08T01:55:18Z DEBUG args=/bin/systemctl restart ipa-otpd.socket
>2016-11-08T01:55:18Z DEBUG Process finished, return code=1
>2016-11-08T01:55:18Z DEBUG stdout=
>2016-11-08T01:55:18Z DEBUG stderr=Job for ipa-otpd.socket failed. See
>"systemctl status ipa-otpd.socket" and "journalctl -xe" for details.
>
>2016-11-08T01:55:18Z DEBUG Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 447, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 437, in run_step
> method()
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 585, in __start
> self.restart()
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 347, in restart
> self.service.restart(instance_name, capture_output=capture_output,
> wait=wait)
> File "/usr/lib/python2.7/dist-packages/ipaplatform/base/services.py", line
> 301, in restart
> skip_output=not capture_output)
> File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 479, in
> run
> raise CalledProcessError(p.returncode, arg_string, str(output))
>CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned
>non-zero exit status 1
>
>2016-11-08T01:55:18Z DEBUG [error] CalledProcessError: Command
>'/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1
>2016-11-08T01:55:18Z DEBUG File
>"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
> return_value = self.run()
> File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 318,
> in run
> cfgr.run()
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 310,
> in run
> self.execute()
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 332,
> in execute
> for nothing in self._executor():
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372,
> in __runner
> self._handle_exception(exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394,
> in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362,
> in __runner
> step()
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359,
> in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81,
> in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59,
> in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 586,
> in _configure
> next(executor)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372,
> in __runner
> self._handle_exception(exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 449,
> in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394,
> in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 446,
> in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394,
> in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362,
> in __runner
> step()
> File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359,
> in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81,
> in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59,
> in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line
> 63, in _install
> for nothing in self._installer(self.parent):
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
> line 1513, in main
> install(self)
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
> line 267, in decorated
> func(installer)
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
> line 944, in install
> ipautil.realm_to_suffix(realm_name))
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 579, in create_instance
> self.start_creation("Configuring %s" % self.service_name)
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 447, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 437, in run_step
> method()
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 585, in __start
> self.restart()
> File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
> 347, in restart
> self.service.restart(instance_name, capture_output=capture_output,
> wait=wait)
> File "/usr/lib/python2.7/dist-packages/ipaplatform/base/services.py", line
> 301, in restart
> skip_output=not capture_output)
> File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 479, in
> run
> raise CalledProcessError(p.returncode, arg_string, str(output))
>
>2016-11-08T01:55:18Z DEBUG The ipa-server-install command failed, exception:
>CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned
>non-zero exit status 1
>2016-11-08T01:55:18Z ERROR Command '/bin/systemctl restart ipa-otpd.socket'
>returned non-zero exit status 1
>2016-11-08T01:55:18Z ERROR The ipa-server-install command failed. See
>/var/log/ipaserver-install.log for more information
>
>the ipa-otpd.socket status is as follows:
>root@ipaserver:~# systemctl status ipa-otpd.socket
>● ipa-otpd.socket - ipa-otpd socket
> Loaded: loaded (/lib/systemd/system/ipa-otpd.socket; disabled; vendor
> preset: enabled)
> Active: failed (Result: exit-code) since 二 2016-11-08 09:55:18 CST; 26min
> ago
> Listen: /var/run/krb5kdc/DEFAULT.socket (Stream)
> Accepted: 0; Connected: 0
> Process: 19864 ExecStopPre=/usr/bin/unlink /var/run/krb5kdc/DEFAULT.socket
> (code=exited, status=1/FAILURE)
>
>11月 08 09:55:18 ipaserver.test.com systemd[1]: Starting ipa-otpd socket.
>11月 08 09:55:18 ipaserver.test.com unlink[19864]: /usr/bin/unlink: Unable to
>remove '/var/run/krb5kdc/DEFAULT.socket' links: no such files or directories
>11月 08 09:55:18 ipaserver.test.com systemd[1]: ipa-otpd.socket: Control
>process exited, code=exited status=1
>11月 08 09:55:18 ipaserver.test.com systemd[1]: Failed to listen on ipa-otpd
>socket.
>11月 08 09:55:18 ipaserver.test.com systemd[1]: ipa-otpd.socket: Unit entered
>failed state.
>I found that the file or directory is automatically created when
>ipa-otpd.socket is started.
>
>Is there anyone help me?
>
Are you sure it's caused by SELinux?
IIRC Ubuntu has apparmor and not SELinux.
And BTW this mail thread should have beed on freeipa-users and
not on devel.
LS
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
