On Sat, 10 Mar 2012, Stephen Ingram wrote:
> I'm testing the new FreeIPA 2.1.90 rc1 on a fresh Fedora 17 alpha this
> weekend. I started by installing the freeipa-server package and the
> dns packages hoping they would pull in all of the dependencies.
> 1. I received the error message:
> 2012-03-11T01:52:51Z DEBUG stderr=Can't locate File/Slurp.pm in @INC (@INC
> ins: /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5/vendor_perl
> /share/perl5/vendor_perl /usr/lib/perl5 /usr/share/perl5 .) at
> /usr/bin/pkicreate line 25.
> Adding the package perl-File-Slurp-9999.19-3.fc17.noarch.rpm seemed to
> fix the problem.
Known issue. We are waiting for dogtag packages being rebuilt. The
last time they've been built for F17/Rawhide, there was regression in
'file' package that caused to not recognize auto dependencies in perl
> 2. I also noticed that the ipa-server-install --uninstall was not
> exiting properly.
> Adding the missing package, perl-XML-LibXML-1.90-1.fc17.i686.rpm (and
> dependencies) allowed a proper uninstall.
> 3. Now, I've run into the same issue as Dan Scott
> with the CA instance. The log complains loudly about not being able to
> assign the selinux context for the dogtag ports, however, I'm not sure
> that caused the error. I think the real cause of the error is that the
> dogtag server cannot be started so when the ipa install script tries
> to configure the CA, it fails since it can't connect to the server.
> Trying to start the server manually, I get:
> Mar 10 18:39:38 f17a pkicontrol: chown: changing ownership of
> `/var/run/pki-ca.pid': Operation not permitted
> Mar 10 18:39:38 f17a pkicontrol: touch: cannot touch
> `/var/log/pki-ca/catalina.out': Permission denied
> All of these seem to be owned by root:
> -rw-r--r--. root root system_u:object_r:pki_ca_var_run_t:s0 pki-ca.pid
> -rw-r--r--. root root system_u:object_r:pki_ca_log_t:s0
SELinux policy in existing dogtag packages is broken. It is already
fixed in the development tree but no new package is available yet as I
said above. As SELinux policy for dogtag is broken, appropriate
operations that pkicreate was supposed to perform went wrong.
> As I'm still not to up on the new systemd stuff, I'm not sure what to
> do next. Any suggestions?
Please try with permissive mode and clear VM.
/ Alexander Bokovoy
Freeipa-users mailing list