Re: [Freeipa-devel] issues with Debian port
On 23.10.2014 23:38, Timo Aaltonen wrote: Oh and the web UI is blank when I try it. Does the client install fail have something to do with it? Client install fail should not affect displaying of Web UI. What do you mean by blank? Are Web UI files downloaded? Is there a JavaScript error? Can be checked in browser developer tools, in console and network tab. Web UI debugging help: https://pvoborni.fedorapeople.org/doc/#!/guide/Debugging -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] issues with Debian port
On 24.10.2014 11:19, Petr Vobornik wrote: On 23.10.2014 23:38, Timo Aaltonen wrote: Oh and the web UI is blank when I try it. Does the client install fail have something to do with it? Client install fail should not affect displaying of Web UI. What do you mean by blank? Are Web UI files downloaded? Is there a JavaScript error? Can be checked in browser developer tools, in console and network tab. Web UI debugging help: https://pvoborni.fedorapeople.org/doc/#!/guide/Debugging The debugging hint was key, I've now gone back to using embedded dojo/jsquery instead of linking to system versions which didn't work because the apache config didn't allow accessing them. and the UI is looking rather nice ;) -- t ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] issues with Debian port
Some updates: - rebased to 4.0.4, thanks for the release :) - mod_nss issues got fixed, silly me.. On 21.10.2014 18:36, Timo Aaltonen wrote: client install will fail with: 2014-10-21T08:29:30Z INFO trying https://sid.tyrell/ipa/json 2014-10-21T08:29:30Z DEBUG Created connection context.rpcclient 2014-10-21T08:29:30Z DEBUG Try RPC connection 2014-10-21T08:29:30Z INFO Forwarding 'ping' to json server 'https://sid.tyrell/ipa/json' 2014-10-21T08:29:30Z ERROR Cannot connect to the server due to generic error: error marshalling data for XML-RPC transport: argument 2 must be string or None, not int This is because I hadn't ported a patch from the ubuntu branch which got applied some six months ago.. d'oh. The issue is that our pykerberos is newer, and needs this: diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 81e7aa3..ce5f2a0 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -380,7 +380,7 @@ class KerbTransport(SSLTransport): service = HTTP@ + host.split(':')[0] try: -(rc, vc) = kerberos.authGSSClientInit(service, self.flags) +(rc, vc) = kerberos.authGSSClientInit(service, gssflags=self.flags) except kerberos.GSSError, e: self._handle_exception(e) now client install on the server almost works, but only almost because.. Also, I'm reusing the RedHatService() stuff for services that have native systemd jobs, but in the later phases of install (and during uninstall) ipactl is trying to (re)start 'dirsv@.service' and not 'dirsrv@REALM.service' like in the dirsrv phase.. any hints here would be welcome as well. Otherwise I'll just use DebianSysvService() for dirsrv too.. ..this is still something I haven't figured out. Dirsrv restart after LDAP updates fail, so client install on the server will fail because it can't get SASL up. Something for tomorrow then.. still got until Sunday to get this fixed and uploaded and then accepted to unstable by ftpmasters, or it won't migrate to Jessie in time for the freeze. But that's an eternity! :) Oh and the web UI is blank when I try it. Does the client install fail have something to do with it? -- t ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] issues with Debian port
On Fri, 24 Oct 2014, Timo Aaltonen wrote: Some updates: - rebased to 4.0.4, thanks for the release :) - mod_nss issues got fixed, silly me.. On 21.10.2014 18:36, Timo Aaltonen wrote: client install will fail with: 2014-10-21T08:29:30Z INFO trying https://sid.tyrell/ipa/json 2014-10-21T08:29:30Z DEBUG Created connection context.rpcclient 2014-10-21T08:29:30Z DEBUG Try RPC connection 2014-10-21T08:29:30Z INFO Forwarding 'ping' to json server 'https://sid.tyrell/ipa/json' 2014-10-21T08:29:30Z ERROR Cannot connect to the server due to generic error: error marshalling data for XML-RPC transport: argument 2 must be string or None, not int This is because I hadn't ported a patch from the ubuntu branch which got applied some six months ago.. d'oh. The issue is that our pykerberos is newer, and needs this: diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 81e7aa3..ce5f2a0 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -380,7 +380,7 @@ class KerbTransport(SSLTransport): service = HTTP@ + host.split(':')[0] try: -(rc, vc) = kerberos.authGSSClientInit(service, self.flags) +(rc, vc) = kerberos.authGSSClientInit(service, gssflags=self.flags) except kerberos.GSSError, e: self._handle_exception(e) now client install on the server almost works, but only almost because.. Also, I'm reusing the RedHatService() stuff for services that have native systemd jobs, but in the later phases of install (and during uninstall) ipactl is trying to (re)start 'dirsv@.service' and not 'dirsrv@REALM.service' like in the dirsrv phase.. any hints here would be welcome as well. Otherwise I'll just use DebianSysvService() for dirsrv too.. ..this is still something I haven't figured out. Dirsrv restart after LDAP updates fail, so client install on the server will fail because it can't get SASL up. Something for tomorrow then.. still got until Sunday to get this fixed and uploaded and then accepted to unstable by ftpmasters, or it won't migrate to Jessie in time for the freeze. But that's an eternity! :) Since dirsrv@.service is instance-based, when instance is missing we rewrite dirsrv@.service to be dirsrv.target. This means 'start whatever is requiring this synchronization point'. Enabling instances of dirsrv means they are symlinked as dependencies on dirsrv.target: # ls -l /etc/systemd/system/dirsrv.target.wants/ total 0 lrwxrwxrwx. 1 root root 39 Oct 20 17:56 dirsrv@IPACLOUD-TEST.service - /usr/lib/systemd/system/dirsrv@.service Oh and the web UI is blank when I try it. Does the client install fail have something to do with it? check /var/log/ipaclient-install.log -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] issues with Debian port
On 24.10.2014 00:47, Alexander Bokovoy wrote: On Fri, 24 Oct 2014, Timo Aaltonen wrote: Since dirsrv@.service is instance-based, when instance is missing we rewrite dirsrv@.service to be dirsrv.target. This means 'start whatever is requiring this synchronization point'. Enabling instances of dirsrv means they are symlinked as dependencies on dirsrv.target: # ls -l /etc/systemd/system/dirsrv.target.wants/ total 0 lrwxrwxrwx. 1 root root 39 Oct 20 17:56 dirsrv@IPACLOUD-TEST.service - /usr/lib/systemd/system/dirsrv@.service right, I hadn't changed LIB_SYSTEMD_SYSTEMD_DIR in paths.py.. doing that fixed this issue, thanks! Oh and the web UI is blank when I try it. Does the client install fail have something to do with it? check /var/log/ipaclient-install.log Well it fails because it can't connect to the server: 2014-10-23T22:10:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2014-10-23T22:10:57Z DEBUG cert valid True for CN=sid.tyrell,O=SID 2014-10-23T22:10:57Z DEBUG handshake complete, peer = 192.168.1.31:443 2014-10-23T22:10:57Z ERROR Cannot connect to the server due to generic error: Authentication method not supported: sasl mechanism not supported I thought it was because of the dirsrv restart failing before this step, but after fixing it the failure is still the same.. -- t ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel