Re: [Freeipa-users] Installing on Ubuntu 16.04

[Peter Fern]

freeipa-server is still quite broken on Ubuntu I believe.  It should
install fine, but certmonger can not renew the CA successfully, as nss
on Debian/Ubuntu is missing nss-pem, so it can't read certificate
files.  I wrote about this in a thread titled "Dogtag certs did not
auto-renew, very stuck!".

I'd recommend running the server on a Redhat derivative for the
foreseeable future.

On 01/05/17 13:18, Robert L. Harris wrote:
>
>Gave up on freeipa and Ubuntu 17.10.  Re-installed with 16.04 and
> some base packages which does include freeipa-client.  When I do an
> apt-get install on freeipa-server it runs along happily until I find this:
>
> .
> ...
> Setting up pki-server (10.2.6+git20160317-1) ...
> Job for pki-tomcatd.service failed because the control process exited
> with error code. See "systemctl status pki-tomcatd.service" and
> "journalctl -xe" for details.
> invoke-rc.d: initscript pki-tomcatd, action "start" failed.
> * pki-tomcatd.service - LSB: Start pki-tomcatd at boot time
>Loaded: loaded (/etc/init.d/pki-tomcatd; bad; vendor preset: enabled)
>Active: failed (Result: exit-code) since Sun 2017-04-30 20:38:29
> MDT; 3ms ago
>  Docs: man:systemd-sysv-generator(8)
>   Process: 9645 ExecStart=/etc/init.d/pki-tomcatd start (code=exited,
> status=5)
>
> Apr 30 20:38:29 ipa systemd[1]: Starting LSB: Start pki-tomcatd at
> boot time...
> Apr 30 20:38:29 ipa pki-tomcatd[9645]: ERROR:  No 'tomcat' instances
> installed!
> ... because no CA instance has been configured yet.
> pki-tomcatd-nuxwdog.target is a disabled or a static unit, not
> starting it.
> pki-tomcatd.target is a disabled or a static unit, not starting it.
> Setting up pki-ca (10.2.6+git20160317-1) ...
> ...
> .
>
>
> I have been googling but can't find a relevant fix that resolves this.
>   Any ideas?
>
> Robert
>
>
>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu 16.04

[Simon Williams]

Don't worry about this during the install from the repository. I also got
that installing on Ubuntu recently. Running ipa-server-install later will
set up the missing data and pki-tomcat will start fine. At the point apt is
trying to start the service it can't start cleanly. The package configure
probably shouldn't be attempting to start it.

On Mon, 1 May 2017, 04:20 Robert L. Harris, 
wrote:

>
>Gave up on freeipa and Ubuntu 17.10.  Re-installed with 16.04 and some
> base packages which does include freeipa-client.  When I do an apt-get
> install on freeipa-server it runs along happily until I find this:
>
> .
> ...
> Setting up pki-server (10.2.6+git20160317-1) ...
> Job for pki-tomcatd.service failed because the control process exited with
> error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe"
> for details.
> invoke-rc.d: initscript pki-tomcatd, action "start" failed.
> * pki-tomcatd.service - LSB: Start pki-tomcatd at boot time
>Loaded: loaded (/etc/init.d/pki-tomcatd; bad; vendor preset: enabled)
>Active: failed (Result: exit-code) since Sun 2017-04-30 20:38:29 MDT;
> 3ms ago
>  Docs: man:systemd-sysv-generator(8)
>   Process: 9645 ExecStart=/etc/init.d/pki-tomcatd start (code=exited,
> status=5)
>
> Apr 30 20:38:29 ipa systemd[1]: Starting LSB: Start pki-tomcatd at boot
> time...
> Apr 30 20:38:29 ipa pki-tomcatd[9645]: ERROR:  No 'tomcat' instances
> installed!
> ... because no CA instance has been configured yet.
> pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it.
> pki-tomcatd.target is a disabled or a static unit, not starting it.
> Setting up pki-ca (10.2.6+git20160317-1) ...
> ...
> .
>
>
> I have been googling but can't find a relevant fix that resolves this.
> Any ideas?
>
> Robert
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Installing on Ubuntu 16.04

[Robert L. Harris]

   Gave up on freeipa and Ubuntu 17.10.  Re-installed with 16.04 and some
base packages which does include freeipa-client.  When I do an apt-get
install on freeipa-server it runs along happily until I find this:

.
...
Setting up pki-server (10.2.6+git20160317-1) ...
Job for pki-tomcatd.service failed because the control process exited with
error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe"
for details.
invoke-rc.d: initscript pki-tomcatd, action "start" failed.
* pki-tomcatd.service - LSB: Start pki-tomcatd at boot time
   Loaded: loaded (/etc/init.d/pki-tomcatd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2017-04-30 20:38:29 MDT;
3ms ago
 Docs: man:systemd-sysv-generator(8)
  Process: 9645 ExecStart=/etc/init.d/pki-tomcatd start (code=exited,
status=5)

Apr 30 20:38:29 ipa systemd[1]: Starting LSB: Start pki-tomcatd at boot
time...
Apr 30 20:38:29 ipa pki-tomcatd[9645]: ERROR:  No 'tomcat' instances
installed!
... because no CA instance has been configured yet.
pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it.
pki-tomcatd.target is a disabled or a static unit, not starting it.
Setting up pki-ca (10.2.6+git20160317-1) ...
...
.


I have been googling but can't find a relevant fix that resolves this.
Any ideas?

Robert
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu

[Robert L. Harris]

Ok, I removed the files in that directory, manually removed 389-ds-base,
cleaned up the user/group and some left over directories and all
installed/configured correctly.

-R


On Tue, Feb 21, 2017 at 1:03 PM Timo Aaltonen  wrote:

> On 21.02.2017 17:33, Robert L. Harris wrote:
> > This was a clean install of Ubuntu.  If I install freeipa-server I get
> > the error from the original email.  If I do a "apt install
> > freeipa-server" I do see it will install python-ipaserver.  When I let
> > it run it downloads and everything and starts setting everything up.  I
> > get this:
> >
> > Processing triggers for ureadahead (0.100.0-19) ...
> > Errors were encountered while processing:
> >  389-ds-base
> >  freeipa-server
> >  freeipa-server-dns
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
> And I installed it on a clean chroot and the packages installed fine
> without issues. Note that the pki-server spam is expected and not an error.
>
> > If I run the python command you gave me at this point I get this:
> >
> > python2 -c 'from ipaserver.install import installutils; print "yes" if
> > installutils.is_ipa_configured() else "no";'
> > yes
>
> This means that you have some files around which a clean install should
> not have. Check the contents of /var/lib/ipa/sysrestore.
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu

[Timo Aaltonen]

On 21.02.2017 17:33, Robert L. Harris wrote:
> This was a clean install of Ubuntu.  If I install freeipa-server I get
> the error from the original email.  If I do a "apt install
> freeipa-server" I do see it will install python-ipaserver.  When I let
> it run it downloads and everything and starts setting everything up.  I
> get this:
> 
> Processing triggers for ureadahead (0.100.0-19) ...
> Errors were encountered while processing:
>  389-ds-base
>  freeipa-server
>  freeipa-server-dns
> E: Sub-process /usr/bin/dpkg returned an error code (1)

And I installed it on a clean chroot and the packages installed fine
without issues. Note that the pki-server spam is expected and not an error.

> If I run the python command you gave me at this point I get this:
> 
> python2 -c 'from ipaserver.install import installutils; print "yes" if
> installutils.is_ipa_configured() else "no";'
> yes

This means that you have some files around which a clean install should
not have. Check the contents of /var/lib/ipa/sysrestore.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu

[Robert L. Harris]

This was a clean install of Ubuntu.  If I install freeipa-server I get the
error from the original email.  If I do a "apt install freeipa-server" I do
see it will install python-ipaserver.  When I let it run it downloads and
everything and starts setting everything up.  I get this:

Setting up tomcat7-user (7.0.68-1ubuntu0.1) ...
Setting up velocity (1.7-4) ...
Setting up pki-server (10.2.6+git20160317-1) ...
Job for pki-tomcatd.service failed because the control process exited with
error code. See "systemctl status pki-tomcatd.service" and "journalctl -xe"
for details.
invoke-rc.d: initscript pki-tomcatd, action "start" failed.
... because no CA instance has been configured yet.
pki-tomcatd-nuxwdog.target is a disabled or a static unit, not starting it.
pki-tomcatd.target is a disabled or a static unit, not starting it.
Setting up pki-ca (10.2.6+git20160317-1) ...
Setting up pki-kra (10.2.6+git20160317-1) ...
.
It continues til I get this:
.
Setting up opendnssec (1:1.4.9-2) ...
dpkg: dependency problems prevent configuration of freeipa-server-dns:
 freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however:
  Package freeipa-server is not configured yet.

dpkg: error processing package freeipa-server-dns (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup
error from a previous failure.

  Setting up libverto-libevent1:amd64
(0.2.4-2.1ubuntu2) ...
Setting up libverto1:amd64 (0.2.4-2.1ubuntu2) ...
.
Continues a bit longer til:
.
Processing triggers for ureadahead (0.100.0-19) ...
Errors were encountered while processing:
 389-ds-base
 freeipa-server
 freeipa-server-dns
E: Sub-process /usr/bin/dpkg returned an error code (1)


If I run the python command you gave me at this point I get this:

python2 -c 'from ipaserver.install import installutils; print "yes" if
installutils.is_ipa_configured() else "no";'
yes



On Tue, Feb 21, 2017 at 1:38 AM Timo Aaltonen  wrote:

> On 20.02.2017 22:26, Robert L. Harris wrote:
> >
> > python2 -c 'from ipaserver.install import installutils; print "yes" if
> > installutils.is_ipa_configured() else "no";'
> > Traceback (most recent call last):
> >   File "", line 1, in 
> > ImportError: No module named ipaserver.install
>
> Then how did you manage to get it installed.. freeipa-server depends on
> python-ipaserver so you should have it available :)
>
>
> --
> t
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu

[Timo Aaltonen]

On 20.02.2017 22:26, Robert L. Harris wrote:
> 
> python2 -c 'from ipaserver.install import installutils; print "yes" if
> installutils.is_ipa_configured() else "no";'
> Traceback (most recent call last):
>   File "", line 1, in 
> ImportError: No module named ipaserver.install

Then how did you manage to get it installed.. freeipa-server depends on
python-ipaserver so you should have it available :)


-- 
t

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu

[Robert L. Harris]

python2 -c 'from ipaserver.install import installutils; print "yes" if
installutils.is_ipa_configured() else "no";'
Traceback (most recent call last):
  File "", line 1, in 
ImportError: No module named ipaserver.install


On Fri, Feb 17, 2017 at 10:33 PM Timo Aaltonen  wrote:

> On 18.02.2017 03:24, Robert L. Harris wrote:
> >
> >I have an Ubuntu 16.04 test system which is currently clean.  I'm
> > trying to install freeipa-server via apt and I'm getting an error about
> > files missing :
> >
> > Setting up freeipa-server (4.3.1-0ubuntu1) ...
> > Running ipa-server-upgrade...
> > IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run
> > command ipa-server-upgrade manually.
> > Unexpected error - see /var/log/ipaupgrade.log for details:
> > IOError: [Errno 2] No such file or directory:
> > u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif'
> > The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for
> > more information
> > dpkg: error processing package freeipa-server (--configure):
> >  subprocess installed post-installation script returned error exit
> status 1
> > dpkg: dependency problems prevent configuration of freeipa-server-dns:
> >  freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1);
> however:
> >   Package freeipa-server is not configured yet.
>
> It shouldn't run ipa-server-upgrade on a clean install. What does:
> python2 -c 'from ipaserver.install import installutils; print "yes" if
> installutils.is_ipa_configured() else "no";'
>
> return?
>
>
> --
> t
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Installing on Ubuntu

[Timo Aaltonen]

On 18.02.2017 03:24, Robert L. Harris wrote:
> 
>I have an Ubuntu 16.04 test system which is currently clean.  I'm
> trying to install freeipa-server via apt and I'm getting an error about
> files missing :
> 
> Setting up freeipa-server (4.3.1-0ubuntu1) ...
> Running ipa-server-upgrade...
> IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run
> command ipa-server-upgrade manually.
> Unexpected error - see /var/log/ipaupgrade.log for details:
> IOError: [Errno 2] No such file or directory:
> u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif'
> The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for
> more information
> dpkg: error processing package freeipa-server (--configure):
>  subprocess installed post-installation script returned error exit status 1
> dpkg: dependency problems prevent configuration of freeipa-server-dns:
>  freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however:
>   Package freeipa-server is not configured yet.

It shouldn't run ipa-server-upgrade on a clean install. What does:
python2 -c 'from ipaserver.install import installutils; print "yes" if
installutils.is_ipa_configured() else "no";'

return?


-- 
t

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Installing on Ubuntu

[Robert L. Harris]

   I have an Ubuntu 16.04 test system which is currently clean.  I'm trying
to install freeipa-server via apt and I'm getting an error about files
missing :

Setting up freeipa-server (4.3.1-0ubuntu1) ...
Running ipa-server-upgrade...
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
IOError: [Errno 2] No such file or directory:
u'/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif'
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more
information
dpkg: error processing package freeipa-server (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of freeipa-server-dns:
 freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however:
  Package freeipa-server is not configured yet.


Anyone seen this?  The only source I see for these files is the slapd
package which conflicts with freeipa.

Robert
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project