Re: [Freeipa-users] client without certmonger/dbus
On Tue, Apr 17, 2012 at 11:07 PM, Christoph Kaminski christoph.kamin...@biotronik.com wrote: centos 6.2 inside vserver, but I dont know what OS is the host system. (leased at heckrath.com) You can do a cat /proc/version inside your container to see what version of the kernel they are using. I'm guessing it is pretty old since that problem was solved some time ago as it caused problems with the operation of the container. If it is really old, you might want to see if they can migrate your container to a newer host node with an updated kernel. I haven't tried this on Redhat or CentOS using OpenVZ as I switched to KVM to take advantage of SELinux. Fedora 15 worked great on the 2.6.18-238.9.1.el5.028stab089.1 kernel. I also looked at your provider's Website and saw that the largest container they offer is 512MB. I'll be very surprised if you can get FreeIPA to install inside a container with only 512MB. I had to use around 2GB just to get it to install. Once complete, then I was able to lower the memory to around 1GB. For some reason the install requires an enormous amount of RAM. Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
On Tue, 2012-04-17 at 23:33 -0700, Stephen Ingram wrote: On Tue, Apr 17, 2012 at 11:07 PM, Christoph Kaminski christoph.kamin...@biotronik.com wrote: centos 6.2 inside vserver, but I dont know what OS is the host system. (leased at heckrath.com) You can do a cat /proc/version inside your container to see what version of the kernel they are using. I'm guessing it is pretty old since that problem was solved some time ago as it caused problems with the operation of the container. If it is really old, you might want to see if they can migrate your container to a newer host node with an updated kernel. I haven't tried this on Redhat or CentOS using OpenVZ as I switched to KVM to take advantage of SELinux. Fedora 15 worked great on the 2.6.18-238.9.1.el5.028stab089.1 kernel. I also looked at your provider's Website and saw that the largest container they offer is 512MB. I'll be very surprised if you can get FreeIPA to install inside a container with only 512MB. I had to use around 2GB just to get it to install. Once complete, then I was able to lower the memory to around 1GB. For some reason the install requires an enormous amount of RAM. FWIW I regularly install FreeIPA in a VM with 768MB of ram allocated (and some swap) and it is just fine for an install. Granted there isn't much RAM left once FreeIPa is up and running (esp with the PKI). For production I would recommend to stay around a few G of RAM, as DS will use all the RAM it can for caches, and you also need to run tomcat/java for the CA, which is another process that demands a bit of RAM. Also using a few CPUs is not a bad idea at all. While FreeIPA will work fine with one or 2 CPUs, having more will mean the system will be more responsive when many clients hit it using a mix of protocols (LDAP, KRB, DNS). Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
On Wed, Apr 18, 2012 at 12:06 AM, Christoph Kaminski christoph.kamin...@biotronik.com wrote: [root@xaphon ~]# cat /proc/version Linux version 2.6.26-2-openvz-amd64 (Debian 2.6.26-26lenny1) ( da...@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Thu Nov 25 05:14:47 UTC 2010 I have 2GB RAM on my vhost (512MB is only initialy, you can buy additional ram later) But I want to install the client, not ipa server. I'm sorry, I thought we were talking about the server here. That's a recent OpenVZ kernel so there shouldn't be any issues there. 2GB of RAM is more than enough for the client. I'm going to setup a container with CentOS 6.2 and see if I can replicate what you are talking about. I'll report back. Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
On Wed, Apr 18, 2012 at 9:09 AM, Stephen Ingram sbing...@gmail.com wrote: On Wed, Apr 18, 2012 at 12:06 AM, Christoph Kaminski christoph.kamin...@biotronik.com wrote: [root@xaphon ~]# cat /proc/version Linux version 2.6.26-2-openvz-amd64 (Debian 2.6.26-26lenny1) (da...@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Thu Nov 25 05:14:47 UTC 2010 I have 2GB RAM on my vhost (512MB is only initialy, you can buy additional ram later) But I want to install the client, not ipa server. I'm sorry, I thought we were talking about the server here. That's a recent OpenVZ kernel so there shouldn't be any issues there. 2GB of RAM is more than enough for the client. I'm going to setup a container with CentOS 6.2 and see if I can replicate what you are talking about. I'll report back. I just installed and successfully started dbus on a CentOS 6.2 container. I would ask your provider why you can't run dbus on the container (that bug was fixed over 2 years ago), and, perhaps try another image. Of course, you can always forgo certmonger and manually integrate your system into an IPA realm. You would lose the certificate auto-renew, but everything else should work great. Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
On 04/17/2012 02:09 AM, Christoph Kaminski wrote: hi It is possible to use the ipa-client without certmonger/dbus? Have an openvz environemnt where I cant start dbus... A quick review of openvz indicates that it supports dbus, so why this is an issue? If you feel this is still necessary please file an RFE with your justification. - MfG Christoph Kaminski _ __www.biotronik.com_ http://www.biotronik.com/ BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings, Dr. Torsten Wolf * BIOTRONIK* - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our drug eluting absorbable metal scaffold program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
Christoph Kaminski wrote: hi It is possible to use the ipa-client without certmonger/dbus? Have an openvz environemnt where I cant start dbus... Is it not working for you at all? lack of certmonger should not cause a fatal installation problem, just a slew of scary error messages. There is no option to not configure certmonger. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
On Mon, Apr 16, 2012 at 11:09 PM, Christoph Kaminski christoph.kamin...@biotronik.com wrote: hi It is possible to use the ipa-client without certmonger/dbus? Have an openvz environemnt where I cant start dbus... Christoph- You can install IPA in OpenVZ container. I was able to install after doing the following: 1. mkdir -m 1777 /dev/shm 2. add this line to fstab: tmp/dev/shm tmpfs defaults 0 0 3. mkdir /var/run/dbus 4. service messagebus start Also, make sure you give yourself lots of memory to install IPA. Once it's installed you can reduce back down depending on the size of your directory. Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] client without certmonger/dbus
On Tue, Apr 17, 2012 at 10:28 PM, Christoph Kaminski christoph.kamin...@biotronik.com wrote: done it without success :( [root@xaphon ~]# dbus-daemon --system --nofork Failed to start message bus: Failed to drop capabilities: Operation not permitted What OS and version are you using? I was using Fedora 15 template from OpenVZ. Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users