[Freeipa] [Bug 1890786] Re: ipa-client-install fails on restarting non-existing chronyd.service
Any chance of getting this fixed released for Ubuntu 12.04? It is still on package 4.8.6-1ubuntu2. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1890786 Title: ipa-client-install fails on restarting non-existing chronyd.service Status in freeipa package in Ubuntu: Fix Released Bug description: DistroRelease: Ubuntu 20.10 Package: freeipa-client 4.8.6-1ubuntu2 Client install fails: * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W --force-ntpd Option --force-ntpd has been deprecated and will be removed in a future release. Discovery was successful! Client hostname: x0.cockpit.lan Realm: COCKPIT.LAN DNS Domain: cockpit.lan IPA Server: f0.cockpit.lan BaseDN: dc=cockpit,dc=lan Synchronizing time No SRV records of NTP servers found and no NTP server or pool address was provided. CalledProcessError(Command ['/bin/systemctl', 'restart', 'chronyd.service'] returned non-zero exit status 5: 'Failed to restart chronyd.service: Unit chronyd.service not found.\n') The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information /var/log/ipaclient-install.log basically says the same, just with a giant Traceback for CalledProcessError. freeipa-client could depend on chronyd, but IMHO it would be better to make this non-fatal. If one uses systemd-timesyncd (as we do by default in Ubuntu), that should be fine? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1890786/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1879083] Re: default sssd.conf after ipa-client-install crashes sssd
Any chance of getting this fixed released for Ubuntu 12.04? It is still on package 4.8.6-1ubuntu2. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1879083 Title: default sssd.conf after ipa-client-install crashes sssd Status in freeipa package in Ubuntu: Fix Released Bug description: Notice ipa-client-install creates /etc/sssd/sssd.conf but changes in the sssd process's socket approach calls for that file to change /etc/sssd.conf from ... [sssd] services = nss, pam, ssh, sud ... to [sssd] #services = nss, pam, ssh, sud otherwise the sssd service either won't start or complains. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: freeipa-client 4.8.6-1ubuntu2 ProcVersionSignature: Ubuntu 5.4.0-29.33-generic 5.4.30 Uname: Linux 5.4.0-29-generic x86_64 ApportVersion: 2.20.11-0ubuntu27 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: MATE Date: Sat May 16 12:51:21 2020 InstallationDate: Installed on 2020-05-13 (2 days ago) InstallationMedia: Ubuntu-MATE 20.04 LTS "Focal Fossa" - Release amd64 (20200423) SourcePackage: freeipa UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1879083/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769440] Re: freeipa server install fails - named-pkcs11 fails to run
** Also affects: bind9 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: freeipa (Ubuntu Bionic)
Importance: Undecided
Status: New
** No longer affects: freeipa (Ubuntu Bionic)
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
Status in bind9 package in Ubuntu:
Fix Released
Status in freeipa package in Ubuntu:
Invalid
Status in bind9 source package in Bionic:
New
Bug description:
[Impact]
Using RTLD_DEEPBIND in bind9 causes the FreeIPA serve install to fail.
This patch, also applied in fedora and debian, disables use of RTLD_DEEPBIND.
https://src.fedoraproject.org/rpms/bind/c/3d5ea105bd877f0069452e450320f8877b01cb52?branch=master
https://salsa.debian.org/dns-team/bind9/commit/afc6b5fe2e359e4e7eadc256cd94481965418b4b
[Test Case]
# uvt-kvm create --memory 2048 cosmic-freeipa release=cosmic label=daily
# uvt-kvm wait cosmic-freeipa
# uvt-kvm ssh cosmic-freeipa
Inside vm:
# sudo su
# apt purge -y cloud-init
# echo "cosmic-freeipa.example.com" >/etc/hostname
# sed -i 's/127.0.1.1.*cosmic.*//g' /etc/hosts
# echo "$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut
-f1 -d'/') cosmic-freeipa.example.com" >>/etc/hosts
# apt update
# apt dist-upgrade -y
# reboot
# apt install -y freeipa-server
* Default Kerberos realm: EXAMPLE.COM
* Kerberos servers: cosmic-freeipa.example.com
* Administrative server: cosmic-freeipa.example.com
Get machine's ip address. You'll be using the x.x.x.1 address for the DNS
forwarder
# ip addr
# ipa-server-install --allow-zone-overlap
* Do you want to configure integrated DNS (BIND): YES
* Server host name: cosmic-freeipa.example.com
* Please confirm the domain name: example.com
* Please provide a realm name: EXAMPLE.COM
* Directory Manager password: (anything)
* IPA admin password: (anything)
* Do you want to configure DNS forwarders: yes
* Do you want to configure these servers as DNS forwarders?: no
* Enter an IP address for a DNS forwarder, or press Enter to skip: (x.x.x.1
address from before)
* Do you want to search for missing reverse zones?: yes
Installation should fail.
[Regression Potential]
In theory, if another library with the exact same symbol is loaded,
bind9 may end up calling the wrong function. This is, however, a
potential problem with any program that loads shared libraries.
[Original Description]
Setting up FreeIPA server fails at "Configuring the web interface",
step 12/21
It's in a cleanly started LXC Ubuntu Bionic container. The
ppa:freeipa/ppa is also used to get tomcat 8.5.30-1ubuntu1.2
Configuring the web interface (httpd)
[1/21]: stopping httpd
[2/21]: backing up ssl.conf
[3/21]: disabling nss.conf
[4/21]: configuring mod_ssl certificate paths
[5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2
[6/21]: configuring mod_ssl log directory
[7/21]: disabling mod_ssl OCSP
[8/21]: adding URL rewriting rules
[9/21]: configuring httpd
[10/21]: setting up httpd keytab
[11/21]: configuring Gssproxy
[12/21]: setting up ssl
[error] RuntimeError: Certificate issuance failed (CA_REJECTED)
ipapython.admintool: ERRORCertificate issuance failed (CA_REJECTED)
ipapython.admintool: ERRORThe ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information
and in the log there is
2018-05-05T20:37:29Z DEBUG stderr=
2018-05-05T20:37:29Z DEBUG step duration: httpd configure_gssproxy 1.09 sec
2018-05-05T20:37:29Z DEBUG [12/21]: setting up ssl
2018-05-05T20:37:33Z DEBUG certmonger request is in state
dbus.String(u'GENERATING_KEY_PAIR', variant_level=1)
2018-05-05T20:37:38Z DEBUG certmonger request is in state
dbus.String(u'CA_REJECTED', variant_level=1)
2018-05-05T20:37:42Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
555, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
541, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/httpinstance.py",
line 376, in __setup_ssl
passwd_fname=key_passwd_file
File "/usr/lib/python2.7/dist-packages/ipalib/install/certmonger.py", line
320, in request_and_wait_for_cert
raise RuntimeError("Certificate issuance failed ({})".format(state))
RuntimeError: Certificate issuance failed (CA_REJECTED)
2018-05-05T20:37:42Z DEBUG [error] RuntimeError: Certificate issuance
failed (CA_REJECTED)
2018-05-05T20:37:42Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in exec
ute
...
To manage notifications about this bug go to:
[Freeipa] [Bug 1784399] Re: package freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 failed to install/upgrade: installed freeipa-server package post-installation script subprocess returned error exit s
$ sudo apt-get install freeipa-client Reading package lists... Done Building dependency tree Reading state information... Done freeipa-client is already the newest version (4.3.1-0ubuntu1). The following package was automatically installed and is no longer required: snap-confine Use 'sudo apt autoremove' to remove it. 0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] y Setting up freeipa-client (4.3.1-0ubuntu1) ... dpkg: error processing package freeipa-client (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: freeipa-client localepurge: Disk space freed in /usr/share/locale: 0 KiB localepurge: Disk space freed in /usr/share/man: 0 KiB Total disk space freed by localepurge: 0 KiB E: Sub-process /usr/bin/dpkg returned an error code (1) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1784399 Title: package freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 failed to install/upgrade: installed freeipa-server package post-installation script subprocess returned error exit status 1 Status in freeipa package in Ubuntu: Confirmed Bug description: I was trying to upgrade a freeipa server running ubuntu 16.04 to 18.04. ProblemType: Package DistroRelease: Ubuntu 18.04 Package: freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 ProcVersionSignature: Ubuntu 4.15.0-29.31~16.04.1-generic 4.15.18 Uname: Linux 4.15.0-29-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.2 Architecture: amd64 Date: Mon Jul 30 14:32:34 2018 ErrorMessage: installed freeipa-server package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2018-05-29 (62 days ago) InstallationMedia: Ubuntu-Server 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801) Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3ubuntu1 PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1 RelatedPackageVersions: dpkg 1.19.0.5ubuntu2 apt 1.6.3 SourcePackage: freeipa Title: package freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 failed to install/upgrade: installed freeipa-server package post-installation script subprocess returned error exit status 1 UpgradeStatus: Upgraded to bionic on 2018-07-30 (0 days ago) modified.conffile..etc.default.ipa-dnskeysyncd: [modified] mtime.conffile..etc.default.ipa-dnskeysyncd: 2018-06-19T16:17:32.099908 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1784399/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
