On Sat, 10 Mar 2012, Stephen Ingram wrote:

> I'm testing the new FreeIPA 2.1.90 rc1 on a fresh Fedora 17 alpha this
> weekend. I started by installing the freeipa-server package and the
> dns packages hoping they would pull in all of the dependencies.
> 1. I received the error message:
> 2012-03-11T01:52:51Z DEBUG stderr=Can't locate File/Slurp.pm in @INC (@INC 
> conta
> ins: /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5/vendor_perl 
> /usr
> /share/perl5/vendor_perl /usr/lib/perl5 /usr/share/perl5 .) at
> /usr/bin/pkicreate line 25.
> Adding the package perl-File-Slurp-9999.19-3.fc17.noarch.rpm seemed to
> fix the problem.
Known issue. We are waiting for dogtag packages being rebuilt. The 
last time they've been built for F17/Rawhide, there was regression in 
'file' package that caused to not recognize auto dependencies in perl 

> 2. I also noticed that the ipa-server-install --uninstall was not
> exiting properly.
> Adding the missing package, perl-XML-LibXML-1.90-1.fc17.i686.rpm (and
> dependencies) allowed a proper uninstall.
Same here.

> 3. Now, I've run into the same issue as Dan Scott
> (https://www.redhat.com/archives/freeipa-users/2012-February/msg00301.html)
> with the CA instance. The log complains loudly about not being able to
> assign the selinux context for the dogtag ports, however, I'm not sure
> that caused the error. I think the real cause of the error is that the
> dogtag server cannot be started so when the ipa install script tries
> to configure the CA, it fails since it can't connect to the server.
> Trying to start the server manually, I get:
> Mar 10 18:39:38 f17a pkicontrol[1325]: chown: changing ownership of
> `/var/run/pki-ca.pid': Operation not permitted
> Mar 10 18:39:38 f17a pkicontrol[1325]: touch: cannot touch
> `/var/log/pki-ca/catalina.out': Permission denied
> All of these seem to be owned by root:
> -rw-r--r--. root root system_u:object_r:pki_ca_var_run_t:s0 pki-ca.pid
> -rw-r--r--. root root system_u:object_r:pki_ca_log_t:s0
> /var/log/pki-ca/catalina.out
SELinux policy in existing dogtag packages is broken. It is already 
fixed in the development tree but no new package is available yet as I 
said above. As SELinux policy for dogtag is broken, appropriate 
operations that pkicreate was supposed to perform went wrong.

> As I'm still not to up on the new systemd stuff, I'm not sure what to
> do next. Any suggestions?
Please try with permissive mode and clear VM.

/ Alexander Bokovoy

Freeipa-users mailing list

Reply via email to