Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On Fri, 16 Dec 2011, Ondrej Hamada wrote: > >>Nalin > >Unfortunately no ipaserver-install.log was created on vm > >(investigating why). I'm using freeipa-server-2.1.4.1. All the > >packages on system are from actual updates-testing repository. > > > >I've updated the scripts to put whole ipaserver-install.log and > >/var/log/messages into log file when installation crashes. > > > The missing logs problem is related just to the > freeipa-server-2.1.4.1(from updates-testing). Logs are create > correctly on recently built packages. Is it on F15 or F16? The issue of not creating ipa-server-install.log is due to use of logging before initialization by one of components. That was fixed a while ago but if you are saying we missed it in 2.1.4 build for F15/F16, please file a bug and we'll work on backporting that change. -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On 12/16/2011 05:14 PM, Ondrej Hamada wrote: On 12/16/2011 03:14 PM, Nalin Dahyabhai wrote: On Thu, Dec 15, 2011 at 09:02:01PM +0100, Ondrej Hamada wrote: On 12/14/2011 06:58 PM, Dmitri Pal wrote: Consistent name resolution is a requirement for IPA. Ondrej, can you please take a closer look and see if this is something with the demo scripts or IPA itself? I don't see a problem in scripts. When the virtual machines are created by ipa-demo, they acquire addresses from dhcp, then - before installation of freeipa - they're configured to use static addresses(the currently assigned ip address is chosen) and also the records are added into /etc/hosts. Do you have an example /etc/hosts that could be double-checked? /etc/hosts on server vm: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.122.105 master.example.com master I wasn't able to reproduce the problem on clean f15 x64, the installation was successful, but few errors like this one appeared: ERROR:root:certmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 root: ERRORcertmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 Was there anything logged in the the ipaserver-install.log which would indicate why it failed here? Nalin Unfortunately no ipaserver-install.log was created on vm (investigating why). I'm using freeipa-server-2.1.4.1. All the packages on system are from actual updates-testing repository. I've updated the scripts to put whole ipaserver-install.log and /var/log/messages into log file when installation crashes. The missing logs problem is related just to the freeipa-server-2.1.4.1(from updates-testing). Logs are create correctly on recently built packages. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On 12/16/2011 03:14 PM, Nalin Dahyabhai wrote: On Thu, Dec 15, 2011 at 09:02:01PM +0100, Ondrej Hamada wrote: On 12/14/2011 06:58 PM, Dmitri Pal wrote: Consistent name resolution is a requirement for IPA. Ondrej, can you please take a closer look and see if this is something with the demo scripts or IPA itself? I don't see a problem in scripts. When the virtual machines are created by ipa-demo, they acquire addresses from dhcp, then - before installation of freeipa - they're configured to use static addresses(the currently assigned ip address is chosen) and also the records are added into /etc/hosts. Do you have an example /etc/hosts that could be double-checked? /etc/hosts on server vm: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.122.105 master.example.com master I wasn't able to reproduce the problem on clean f15 x64, the installation was successful, but few errors like this one appeared: ERROR:root:certmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 root: ERRORcertmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 Was there anything logged in the the ipaserver-install.log which would indicate why it failed here? Nalin Unfortunately no ipaserver-install.log was created on vm (investigating why). I'm using freeipa-server-2.1.4.1. All the packages on system are from actual updates-testing repository. I've updated the scripts to put whole ipaserver-install.log and /var/log/messages into log file when installation crashes. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On Thu, Dec 15, 2011 at 09:02:01PM +0100, Ondrej Hamada wrote: > On 12/14/2011 06:58 PM, Dmitri Pal wrote: > >Consistent name resolution is a requirement for IPA. > >Ondrej, can you please take a closer look and see if this is something > >with the demo scripts or IPA itself? > I don't see a problem in scripts. When the virtual machines are > created by ipa-demo, they acquire addresses from dhcp, then - before > installation of freeipa - they're configured to use static > addresses(the currently assigned ip address is chosen) and also the > records are added into /etc/hosts. Do you have an example /etc/hosts that could be double-checked? > I wasn't able to reproduce the problem on clean f15 x64, the > installation was successful, but few errors like this one appeared: > > ERROR:root:certmonger failed starting to track certificate: Command > '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n > Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit > status 1 > root: ERRORcertmonger failed starting to track > certificate: Command '/usr/bin/ipa-getcert start-tracking -d > /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' > returned non-zero exit status 1 Was there anything logged in the the ipaserver-install.log which would indicate why it failed here? Nalin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On Thu, 2011-12-15 at 21:02 +0100, Ondrej Hamada wrote: > On 12/14/2011 06:58 PM, Dmitri Pal wrote: > > On 12/14/2011 11:04 AM, Mercer, Rodney wrote: > >> I've been attempting to install the virtual machine setup from > >> http://freeipa.org/page/FreeIPA_demonstration_tools > >> > >> I install on fresh Fedora 15 x86_64 host, and I am able to complete the > >> first two steps. > >> > >> When I run the last script, > >> ./ipa-demo.sh > >> I get from the ipa-demo-.log > >> > >> CRITICAL:root:failed to configure ca instance > >> > >> and later in the log: > >> > >> Warning: skipping DNS resolution of host master.example.com > >> The IPA Master Server will be configured with > >> Hostname:master.example.com > >> IP address: 192.168.122.32 > >> Domain name: example.com > >> > >> and > >> > >> Configuring certificate server: Estimated time 3 minutes 30 seconds > >>[1/17]: creating certificate server user > >>[2/17]: creating pki-ca instance > >>[3/17]: configuring certificate server instance > >> Unexpected error - see ipaserver-install.log for details: > >> Configuration of CA failed > >> Server installation failed! > >> Domain f15-ipa-server destroyed > >> > >> Domain f15-ipa-server has been undefined > >> > >> > >> I see the dhcp address changing for master.example.com each time the > >> script is run. > >> Is there a requirement for making the dhcp address consistent for > >> master.example.com > >> and having the address in /etc/hosts so that it can reverse resolve via > >> dnsmasq? > >> > >> Or does the DNS resolution of ip to host have any bearing on the > >> certificate creation as I suspect? > >> > >> > > Consistent name resolution is a requirement for IPA. > > Ondrej, can you please take a closer look and see if this is something > > with the demo scripts or IPA itself? > I don't see a problem in scripts. When the virtual machines are created > by ipa-demo, they acquire addresses from dhcp, then - before > installation of freeipa - they're configured to use static addresses(the > currently assigned ip address is chosen) and also the records are added > into /etc/hosts. > > I wasn't able to reproduce the problem on clean f15 x64, the > installation was successful, but few errors like this one appeared: > > ERROR:root:certmonger failed starting to track certificate: Command > '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert > -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 > root: ERRORcertmonger failed starting to track certificate: > Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n > Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 > WARNING:root:remove: '60' not in nsslapd-pluginPrecedence > > Hmmm, that's odd. I'm currently trying to force mine to work. I've attempted several times with clean installs and no modifications both on a workstation and laptop. I think I will take the laptop home and start over from my home network. Maybe our work dns servers are causing an issue. In the meantime, I am attempting to make the installation work on my work network with the following libvirt modifications. /var/lib/libvirt/dnsmasq/default.hostsfile fe:54:00:8e:72:76,192.168.122.45,master.example.com fe:54:00:8e:72:77,192.168.122.46,ipa-client1.example.com fe:54:00:8e:72:78,192.168.122.47,ipa-client2.example.com # virsh -c qemu:///system net-destroy default # virsh -c qemu:///system net-edit default default 9c90ded8-3ed6-4200-98e9-5c668bcdc7cd # virsh -c qemu:///system net-start default -- Rodney Mercer Systems Administrator ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On 12/14/2011 06:58 PM, Dmitri Pal wrote: On 12/14/2011 11:04 AM, Mercer, Rodney wrote: I've been attempting to install the virtual machine setup from http://freeipa.org/page/FreeIPA_demonstration_tools I install on fresh Fedora 15 x86_64 host, and I am able to complete the first two steps. When I run the last script, ./ipa-demo.sh I get from the ipa-demo-.log CRITICAL:root:failed to configure ca instance and later in the log: Warning: skipping DNS resolution of host master.example.com The IPA Master Server will be configured with Hostname:master.example.com IP address: 192.168.122.32 Domain name: example.com and Configuring certificate server: Estimated time 3 minutes 30 seconds [1/17]: creating certificate server user [2/17]: creating pki-ca instance [3/17]: configuring certificate server instance Unexpected error - see ipaserver-install.log for details: Configuration of CA failed Server installation failed! Domain f15-ipa-server destroyed Domain f15-ipa-server has been undefined I see the dhcp address changing for master.example.com each time the script is run. Is there a requirement for making the dhcp address consistent for master.example.com and having the address in /etc/hosts so that it can reverse resolve via dnsmasq? Or does the DNS resolution of ip to host have any bearing on the certificate creation as I suspect? Consistent name resolution is a requirement for IPA. Ondrej, can you please take a closer look and see if this is something with the demo scripts or IPA itself? I don't see a problem in scripts. When the virtual machines are created by ipa-demo, they acquire addresses from dhcp, then - before installation of freeipa - they're configured to use static addresses(the currently assigned ip address is chosen) and also the records are added into /etc/hosts. I wasn't able to reproduce the problem on clean f15 x64, the installation was successful, but few errors like this one appeared: ERROR:root:certmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 root: ERRORcertmonger failed starting to track certificate: Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 WARNING:root:remove: '60' not in nsslapd-pluginPrecedence -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA_demonstration_tools CA creation error.
On 12/14/2011 11:04 AM, Mercer, Rodney wrote: > I've been attempting to install the virtual machine setup from > http://freeipa.org/page/FreeIPA_demonstration_tools > > I install on fresh Fedora 15 x86_64 host, and I am able to complete the first > two steps. > > When I run the last script, > ./ipa-demo.sh > I get from the ipa-demo-.log > > CRITICAL:root:failed to configure ca instance > > and later in the log: > > Warning: skipping DNS resolution of host master.example.com > The IPA Master Server will be configured with > Hostname:master.example.com > IP address: 192.168.122.32 > Domain name: example.com > > and > > Configuring certificate server: Estimated time 3 minutes 30 seconds > [1/17]: creating certificate server user > [2/17]: creating pki-ca instance > [3/17]: configuring certificate server instance > Unexpected error - see ipaserver-install.log for details: > Configuration of CA failed > Server installation failed! > Domain f15-ipa-server destroyed > > Domain f15-ipa-server has been undefined > > > I see the dhcp address changing for master.example.com each time the script > is run. > Is there a requirement for making the dhcp address consistent for > master.example.com > and having the address in /etc/hosts so that it can reverse resolve via > dnsmasq? > > Or does the DNS resolution of ip to host have any bearing on the certificate > creation as I suspect? > > Consistent name resolution is a requirement for IPA. Ondrej, can you please take a closer look and see if this is something with the demo scripts or IPA itself? -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] FreeIPA_demonstration_tools CA creation error.
I've been attempting to install the virtual machine setup from http://freeipa.org/page/FreeIPA_demonstration_tools I install on fresh Fedora 15 x86_64 host, and I am able to complete the first two steps. When I run the last script, ./ipa-demo.sh I get from the ipa-demo-.log CRITICAL:root:failed to configure ca instance and later in the log: Warning: skipping DNS resolution of host master.example.com The IPA Master Server will be configured with Hostname:master.example.com IP address: 192.168.122.32 Domain name: example.com and Configuring certificate server: Estimated time 3 minutes 30 seconds [1/17]: creating certificate server user [2/17]: creating pki-ca instance [3/17]: configuring certificate server instance Unexpected error - see ipaserver-install.log for details: Configuration of CA failed Server installation failed! Domain f15-ipa-server destroyed Domain f15-ipa-server has been undefined I see the dhcp address changing for master.example.com each time the script is run. Is there a requirement for making the dhcp address consistent for master.example.com and having the address in /etc/hosts so that it can reverse resolve via dnsmasq? Or does the DNS resolution of ip to host have any bearing on the certificate creation as I suspect? -- Rodney Mercer Systems Administrator ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users