On Sat, 10 Mar 2012, Stephen Ingram wrote: > I'm testing the new FreeIPA 2.1.90 rc1 on a fresh Fedora 17 alpha this > weekend. I started by installing the freeipa-server package and the > dns packages hoping they would pull in all of the dependencies. > > 1. I received the error message: > > 2012-03-11T01:52:51Z DEBUG stderr=Can't locate File/Slurp.pm in @INC (@INC > conta > ins: /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5/vendor_perl > /usr > /share/perl5/vendor_perl /usr/lib/perl5 /usr/share/perl5 .) at > /usr/bin/pkicreate line 25. > > Adding the package perl-File-Slurp-9999.19-3.fc17.noarch.rpm seemed to > fix the problem. Known issue. We are waiting for dogtag packages being rebuilt. The last time they've been built for F17/Rawhide, there was regression in 'file' package that caused to not recognize auto dependencies in perl executables.
> 2. I also noticed that the ipa-server-install --uninstall was not > exiting properly. > > Adding the missing package, perl-XML-LibXML-1.90-1.fc17.i686.rpm (and > dependencies) allowed a proper uninstall. Same here. > 3. Now, I've run into the same issue as Dan Scott > (https://www.redhat.com/archives/freeipa-users/2012-February/msg00301.html) > with the CA instance. The log complains loudly about not being able to > assign the selinux context for the dogtag ports, however, I'm not sure > that caused the error. I think the real cause of the error is that the > dogtag server cannot be started so when the ipa install script tries > to configure the CA, it fails since it can't connect to the server. > > Trying to start the server manually, I get: > > Mar 10 18:39:38 f17a pkicontrol: chown: changing ownership of > `/var/run/pki-ca.pid': Operation not permitted > Mar 10 18:39:38 f17a pkicontrol: touch: cannot touch > `/var/log/pki-ca/catalina.out': Permission denied > > All of these seem to be owned by root: > > -rw-r--r--. root root system_u:object_r:pki_ca_var_run_t:s0 pki-ca.pid > -rw-r--r--. root root system_u:object_r:pki_ca_log_t:s0 > /var/log/pki-ca/catalina.out SELinux policy in existing dogtag packages is broken. It is already fixed in the development tree but no new package is available yet as I said above. As SELinux policy for dogtag is broken, appropriate operations that pkicreate was supposed to perform went wrong. > As I'm still not to up on the new systemd stuff, I'm not sure what to > do next. Any suggestions? Please try with permissive mode and clear VM. -- / Alexander Bokovoy _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users