Good news!
To clarify on the selinux-policy side. By not maintaining it for the CentOS I
meant that FreeIPA Copr should not maintain system policy for any system, not
just SELinux.
Ideally, it should have a SELinux policy module that would be compiled for
SELinux only and that would only contain the additional policy required by IPA
on top of 7.0.
But this is not a priority for now & we do not have enough capacity for it ATM.
But if anyone wishes to contribute that part, doors are open :-)
Martin
On 11/19/2014 05:56 PM, Bill Peck wrote:
Hi Martin,
Yes, setting selinux to permissive allowed me to install and configure IPA 4.1
on CentOS 7.
:-)
On Wed, Nov 19, 2014 at 11:41 AM, Martin Kosek <[email protected]
<mailto:[email protected]>> wrote:
It is highly probable the issue is caused by SELinux (check for AVCs in
/var/log/audit/audit.log).
Can you try with SELinux permissive? We specifically did not build
selinux-policy as we do not think we should be the ones maintaining it for
CentOS.
HTH,
Martin
----- Original Message -----
> From: "Bill Peck" <[email protected] <mailto:[email protected]>>
> To: "Martin Kosek" <[email protected] <mailto:[email protected]>>
> Cc: "Tamas Papp" <[email protected] <mailto:[email protected]>>,
[email protected] <mailto:[email protected]>
> Sent: Wednesday, November 19, 2014 5:34:10 PM
> Subject: Re: [Freeipa-users] freeipa-server from copr repo
>
> Hi Marin,
>
> I was able to install from the copr repo now as well. Thank you!
>
> However I wasn't able to finish the install:
>
> [23/27]: configure certmonger for renewals
> [24/27]: configure certificate renewals
> [error] DBusException: org.fedorahosted.certmonger.bad_arg: The
location
> "/etc/pki/pki-tomcat/alias" could not be accessed due to insufficient
> permissions.
>
>
> Don't know if you need the command for how I was installing ipa. But
here
> is the line from my anseible playbook.
> shell: ipa-server-install -a {{ adminpassword }} --hostname={{ servername
> }} -r {{ realm }} -p {{ directorypassword }} -n {{ domain }} --setup-dns
> --forwarder={{ dnsforwarder }} -U creates={{ slapd }}
>
> On Wed, Nov 19, 2014 at 11:23 AM, Martin Kosek <[email protected]
<mailto:[email protected]>> wrote:
>
> > On 11/19/2014 11:57 AM, Tamas Papp wrote:
> > > I am good in waiting;)
> > >
> > > Thanks for the prompt reply.
> >
> > Ok Tamas, I think we *finally* got somewhere. Can you please try the
> > mkosek/freeipa Copr repo now?
> >
> > I was able to install upstream "freeipa-server" 4.1.1 package on my
> > RHEL-7.0
> > machine (should be the same for CentOS) and run ipa-server-install:
> >
> > # yum install freeipa-server --enablerepo=mkosek-freeipa
> > ...
> > Resolving Dependencies
> > --> Running transaction check
> > ---> Package freeipa-server.x86_64 0:4.1.1-1.2.el7.centos will be
installed
> > ...
> > Transaction Summary
> >
> >
========================================================================================================
> > Install 1 Package (+338 Dependent packages)
> > Upgrade ( 11 Dependent packages)
> >
> > Total download size: 146 M
> > ...
> >
> > # rpm -q freeipa-server
> > freeipa-server-4.1.1-1.2.el7.centos.x86_64
> >
> > # ipa-server-install --setup-dns
> >
> > # kinit admin
> > Password for [email protected] <mailto:[email protected]>:
> >
> > Thanks,
> > Martin
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org for more info on the project
> >
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
