Good ones. Also Ccing PetrS and MartinB, who were directly involved in these features and original thread, for reference
On 03/25/2015 11:46 AM, John Obaterspok wrote: > Hi Jan, > > See: > https://www.redhat.com/archives/freeipa-users/2015-February/msg00131.html > https://www.redhat.com/archives/freeipa-users/2014-October/msg00362.html > > -- john > > 2015-03-24 17:58 GMT+01:00 Jan Pazdziora <[email protected]>: > >> >> Hello, >> >> after enabling >> >> >> https://copr.fedoraproject.org/coprs/mkosek/freeipa/repo/fedora-20/mkosek-freeipa-fedora-20.repo >> >> I've installed >> >> freeipa-server bind bind-dyndb-ldap >> >> and run >> >> ipa-server-install --domain example.test >> >> The process failed at >> >> [3/7]: setting up kerberos principal >> [4/7]: setting up SoftHSM >> [error] CalledProcessError: Command ''/usr/bin/softhsm2-util' >> '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX >> '--so-pin' XXXXXXXX' returned non-zero exit status 1 >> Unexpected error - see /var/log/ipaserver-install.log for details: >> CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token' >> '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX' >> returned non-zero exit status 1 >> >> and the log file ends with >> >> 2015-03-24T16:49:51Z DEBUG Saving SO PIN to /etc/ipa/dnssec/softhsm_pin_so >> 2015-03-24T16:49:51Z DEBUG Initializing tokens >> 2015-03-24T16:49:51Z DEBUG Starting external process >> 2015-03-24T16:49:51Z DEBUG args='/usr/bin/softhsm2-util' '--init-token' >> '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX >> 2015-03-24T16:49:51Z DEBUG Process finished, return code=1 >> 2015-03-24T16:49:51Z DEBUG stdout= >> 2015-03-24T16:49:51Z DEBUG stderr=ERROR: Could not load the library. >> >> 2015-03-24T16:49:51Z DEBUG Traceback (most recent call last): >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 382, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 372, in run_step >> method() >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", >> line 293, in __setup_softhsm >> ipautil.run(command, nolog=(pin, pin_so,)) >> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 346, >> in run >> raise CalledProcessError(p.returncode, arg_string, stdout) >> CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token' >> '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX' >> returned non-zero exit status 1 >> >> 2015-03-24T16:49:51Z DEBUG [error] CalledProcessError: Command >> ''/usr/bin/softhsm2-util' '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' >> '--pin' XXXXXXXX '--so-pin' XXXXXXXX' returned non-zero exit status 1 >> 2015-03-24T16:49:51Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line >> 642, in run_script >> return_value = main_function() >> >> File "/usr/sbin/ipa-server-install", line 1302, in main >> dnskeysyncd.create_instance(api.env.host, api.env.realm) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", >> line 146, in create_instance >> self.start_creation() >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 382, in start_creation >> run_step(full_msg, method) >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 372, in run_step >> method() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", >> line 293, in __setup_softhsm >> ipautil.run(command, nolog=(pin, pin_so,)) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 346, >> in run >> raise CalledProcessError(p.returncode, arg_string, stdout) >> >> 2015-03-24T16:49:51Z DEBUG The ipa-server-install command failed, >> exception: CalledProcessError: Command ''/usr/bin/softhsm2-util' >> '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX >> '--so-pin' XXXXXXXX' returned non-zero exit status 1 >> >> I've found discussion at >> >> >> https://www.redhat.com/archives/freeipa-users/2014-October/msg00362.html >> >> which seems related but it seems the issue is back or was never >> properly addressed. >> >> Attempt to run the command manually fails as well: >> >> # SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf /usr/bin/softhsm2-util >> '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX >> '--so-pin' XXXXXXXX >> ERROR: Could not load the library. >> >> I see the same bug both on host and in container. >> >> -- >> Jan Pazdziora >> Principal Software Engineer, Identity Management Engineering, Red Hat >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
