I lost debugging this helps you!
Harry Coin
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
Status in bind9 package in Ubuntu:
At
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/comments/34
You will find a recipe to work around all bugs stopping the installation
of freeipa with integrated DNS on 18.04/bionic as of this date.
Hopefully folks who like to fix things can work these into the install
scripts and
PPPS. You don't need the latest fontsawesome after all for the gui to
work. However, you do need:
apt install libjs-scriptaculous
and
The installed code expects fontawesome, not font-awesome in the truetype
directory.
cd /usr/share/fonts/truetype
ln -s font-awesome
PPS. Freeipa needs fontawesome version 4 or you get unicode boxes.
Bionic ships v3. Attached find v4. put them in
/usr/share/fonts/fontawesome
** Attachment added: "fontawesome v4"
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/+attachment/5156225/+files/fontawesome4.bz
--
Added:
apt install python-psutil
in cainstance.py after import tempfile added
import psutil
In function "migrate_profiles_to_ldap"
before
for profile_id in profile_ids:
changed time.sleep(80) to time.sleep(30)
then added just after, inside the loop:
while psutil.cpu_percent() > 5:
Same issue here. Adding haveged reduced the error count, but still
failed with 2 processors and 2gb. 3 processors and 3gb failed with a
network error
[24/28]: migrating certificate profiles to LDAP
[error] NetworkError: cannot connect to
Spoke too soon, though the routine reported success, in the log we have:
Updating DNS system records
ipapython.dnsutil: ERRORDNS query for directory1.ri.mamabosso.com. 1
failed: The DNS operation timed out after 30.0014941692 seconds
ipaserver.dns_data_management: ERRORunable to resolve
At appears my problem arises as I asked for an install with DNS. On
ubuntu bionic, apt install freeipa-server-dns
ipa-server-install
then the bug appears. It is discussed here.
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440
--
You received this bug notification because you
P.S. After the systemctl disable commands, you may need to delete the
'/etc/resolv.conf' then make a new one with the simple content as it
could be a link to a stub for systemd-resolved.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in
Public bug reported:
Notice the bug and fix mentioned in
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772921
is, somehow 're-broken' in eoan. Possibly because of:
https://pagure.io/freeipa/c/78652a52f083bac5238f9e0a6520e0e448dadabe
The result is none of the directional glyphs
Timo,
You might take a look at /etc/sssd/sssd.conf
Consider changing
services = ifp
#services = nss, pam, ifp, ssh, sudo
The reason is that unless you change this, systemctl is-system-running
reports degraded instead of running, with messages akin to
Dec 9 17:59:25 registry1
Using the ppa, the upgrade to the primary server was successful. Then the
replica install was successful, other than, at the end:
...
Restarting named
Updating DNS system records
DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed
to answer the query
Good to know. I was using ubuntu eoan.
On 11/27/19 11:18 AM, Timo Aaltonen wrote:
> for the record, ipa-replica-install works fine on the debian vm's that I
> have set up for this (and finally had a go at replicating 4.8)
>
> my goal is to eventually have it all tested with a CI system
Public bug reported:
Just trying to see if freeipa works on Ubuntu, I installed freeipa-
server on one system, then tried to install the freeipa-replica on
another. The two system setup works just fine on Fedora, but I need to
standardize on one distro so I'm evaluating Ubuntu hoping that
Both registry1 and registry2 are 'vanilla' eoan mate vms.
Host registry1... has a working freeipa-server based on eoan installed. No
other packages. It does include the dns support. registry2 is the attempt to
install a replica. No other packages.
--
You received this bug notification
Timo,
Thank you. I didn't understand freeipa wasn't supported on Ubuntu. You
can consider this matter closed, I have to move to a different distro.
On 11/25/19 2:20 PM, Timo Aaltonen wrote:
> replica install is untested, not surprising to see it being broken
>
> and freeipa is in universe
Of some interest, a curl of exactly the same link works (kinit admin in effect,
just after failure above).
root@registry2:/tmp# curl
I appreciate your efforts. The thing is folks who use freeipa put it in
the same 'has-got-to-work' 'no-regressions' category as the kernel.
While it might lack a feature or need work in this or that area, it just
can't 'not install' or have some major user-facing thing like the
'here's how you
Public bug reported:
Notice
ipa-client-install
creates /etc/sssd/sssd.conf
but changes in the sssd process's socket approach calls for that file to change
/etc/sssd.conf from
...
[sssd]
services = nss, pam, ssh, sud
...
to
[sssd]
#services = nss, pam, ssh, sud
otherwise the sssd service either
With the line not commented, upon each and every startup in all cases
one sees this:
May 19 11:37:25 email1 systemd[1]: Starting SSSD NSS Service responder socket.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72216]: (Tue May
19 11:37:12:251510 2020) [sssd] [main] (0x0010):
Public bug reported:
Kindly notice https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1885024
which won't be fixed in kerberos since freeipa changes the log destination. So
freeipa needs to add a systemd drop in to allow the logging.
krb5-kdc.service drop in:
[Service]
ReadWriteDirectories=
21 matches
Mail list logo