More errors. I quit trying to install IPA on the RPi, and I went back to a KVM based VM, with a downloaded Xenial cloud image. So now I get past importing CA chain but then this:
[10/28]: importing CA chain to RA certificate database [11/28]: fixing RA database permissions [12/28]: setting up signing cert profile [13/28]: setting audit signing renewal to 2 years [14/28]: restarting certificate server [15/28]: requesting RA certificate from CA [16/28]: issuing RA agent certificate [error] CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-pdYh6Y -r /ca/agent/ca/profileReview?requestId=7 mizar.aaaaaaaa.bbb:8443' returned non-zero exit status 6 ipa.ipapython.install.cli.install_tool(Server): ERROR Command '/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-pdYh6Y -r /ca/agent/ca/profileReview?requestId=7 mizar.aaaaaaaa.bbb:8443' returned non-zero exit status 6 A month ago I was going through this twice a day without any problems. -- You received this bug notification because you are a member of Ubuntu 389 Directory Server, which is subscribed to 389-ds-base in Ubuntu. https://bugs.launchpad.net/bugs/1600634 Title: ipa-server-install: On non-x86, errors enabling compatibility plugin for dirsrv Status in 389-ds-base package in Ubuntu: Triaged Status in freeipa package in Ubuntu: New Bug description: When executing ipa-server-install on a non-x86 architecture (here: ARMv7), the following error messages appear after having filled out the initial questionnaire: ... Configuring directory server (dirsrv). Estimated time: 1 minute [1/46]: creating directory server user ... [42/46]: enabling compatibility plugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Add failure Server is unwilling to perform: Invalid plugin path ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Parent DN of cn=users,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Parent DN of cn=groups,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Parent DN of cn=ng,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Parent DN of cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Parent DN of cn=computers,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry [43/46]: activating sidgen plugin ... The logfile written showed that the plugin path submitted is something like /usr/lib/i386-linux-gnu/... but should probably be /usr/lib/arm-linux-gnueabihf/... according to the file list of the freeipa-server package. This library path is introduced in ipaserver/install/ldapupdate.py, where it seems that only i386 and x86_64 seem to be expected. As far as I could see, the upstream version only differentiates between /lib and /lib64, but the Ubuntu source package contains a patch "hack-libarch.diff" that introduces more fine-grained architecture names. The following patch served me well, but takes into account only this very architecture. --- ipaserver/install/ldapupdate.py.orig 2016-07-10 20:43:30.630070890 +0200 +++ ipaserver/install/ldapupdate.py 2016-07-10 20:56:54.772268927 +0200 @@ -330,11 +330,16 @@ def _identify_arch(self): """On multi-arch systems some libraries may be in /lib64, /usr/lib64, etc. Determine if a suffix is needed based on the current architecture. """ + + arch = platform.machine() + if arch == "armv7l": + return "/arm-linux-gnueabihf" + bits = platform.architecture()[0] if bits == "64bit": return "/x86_64-linux-gnu" else: return "/i386-linux-gnu" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/389-ds-base/+bug/1600634/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-389-directory-server Post to : ubuntu-389-directory-server@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-389-directory-server More help : https://help.launchpad.net/ListHelp