(1)snip from console output
Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Restarting directory server to enable password extension plugin ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR CA did not start in 300.0s ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information :: [ FAIL ] :: Command ' /usr/sbin/ipa-server-install --setup-dns --forwarder=10.65.201.89 --reverse-zone=207.65.10.in-addr.arpa. --allow-zone-overlap --hostname=localhost.testrelm.test -r TESTRELM.TEST -n testrelm.test -p xxxxxxxx -a xxxxxxxx --ip-address=10.65.207.129 -U' (Expected 0, got 1)
(2) IPA/PKI/DS version
[root@localhost slapd-TESTRELM-TEST]# rpm -q ipa-server pki-ca 389-ds-base ipa-server-4.4.90-201703152305.el7.x86_64 pki-ca-10.4.0-1.el7.noarch 389-ds-base-1.3.6.1-2.el7.x86_64 [root@localhost slapd-TESTRELM-TEST]#
<img alt="collective-log.txt" src="/freeipa/issue/raw/files/abfb56975a700b4cd0965734f36e98e2f79f99db9d2bc87713fa428ce1bb8ae6-collective-log.txt" />
Any workaround for this ?
No workaround known to me till so far.
Metadata Update from @akasurde: - Issue priority set to: 1
Investigating the DS errors messages [16/Mar/2017:22:38:39.165756936 +051800] - WARN - Security Initialization - SSL alert: Unable to create PinObj (Netscape Portable Runtime error -5977 - Failure to load dynamic library.) [16/Mar/2017:22:38:39.185469558 +051800] - ERR - force_to_disable_security - ERROR: SSL Initialization Failed. Disabling SSL.
The error comes from SSL initialization (slapd_ssl_init->svrcore_setup->SVRCORE_CreateStdSystemdPinObj). where DS is compiled with -DWITH_SYSTEMD
SVRCORE_CreateStdSystemdPinObj code is 45 SVRCOREError 46 SVRCORE_CreateStdSystemdPinObj( 47 SVRCOREStdSystemdPinObj out, 48 const char filename, PRBool cachePINs, 49 PRBool systemdPINs, uint64_t timeout) 50 { 51 #ifdef HAVE_SYSTEMD 52 SVRCOREError err = SVRCORE_Success; 53 SVRCOREStdSystemdPinObj obj = 0; 54 55 do { 56 SVRCOREPinObj *top; ... 148 return err; 149 #else // systemd 150 return SVRCORE_MissingFeature; 151 #endif // Systemd 152 }
Breakpoint 1, SVRCORE_CreateStdSystemdPinObj (out=0x7ffccdc28c90, filename=0x5644228a6840 "/etc/dirsrv/slapd-TESTRELM-TEST/pin.txt", cachePINs=1, systemdPINs=1, timeout=90) at std-systemd.c:152 152 } (gdb) where #0 SVRCORE_CreateStdSystemdPinObj (out=0x7ffccdc28c90, filename=0x5644228a6840 "/etc/dirsrv/slapd-TESTRELM-TEST/pin.txt", cachePINs=1, systemdPINs=1, timeout=90) at std-systemd.c:152 #1 0x00007f5d7f823cef in svrcore_setup () from /usr/lib64/dirsrv/libslapd.so.0 #2 0x00007f5d7f8284e6 in slapd_ssl_init () from /usr/lib64/dirsrv/libslapd.so.0 #3 0x0000564420ea7fcd in slapd_do_all_nss_ssl_init () #4 0x0000564420ea44d5 in detach () #5 0x0000564420e93f76 in main ()
we can see that entering SVRCORE_CreateStdSystemdPinObj, it jumps to std-systemd.c:152
So svrcore-4.1.3-1.el7.x86_64 is most probably not compiled with HAVE_SYSTEMD flag.
Note, a respin of svrcore (svrcore-4.1.3-2) allows a successful install/startup of CA
Working with latest COPR build with SELinux in permissive mode. Hence closing issue.
Metadata Update from @akasurde: - Issue close_status updated to: worksforme - Issue priority set to: None (was: 1) - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.