[Freeipa-users] ipa-server-install: ERROR Failed to initialize IPA API

Martin Kosek mkosek at redhat.com
Mon Apr 15 13:54:43 UTC 2013 

On 04/15/2013 03:50 PM, Rob Crittenden wrote:
> Arturo Borrero wrote:
>> On 15/04/13 15:33, Martin Kosek wrote:
>>> On 04/15/2013 03:16 PM, Arturo Borrero wrote:
>>>> Hi there,
>>>>
>>>> In a freshly installed server, I try:
>>>>
>>>> # ipa-server-install
>>>> [...]
>>>>    [12/13]: restarting httpd
>>>>    [13/13]: configuring httpd to start on boot
>>>> Done configuring the web interface (httpd).
>>>> Applying LDAP updates
>>>> Restarting the directory server
>>>> Restarting the KDC
>>>> Sample zone file for bind has been created in /tmp/sample.zone.NGKJk1.db
>>>> Restarting the web server
>>>> Configuration of client side components failed!
>>>> ipa-client-install returned: Command '/usr/sbin/ipa-client-install
>>>> --on-master
>>>> --unattended --domain cica.es --server sheldon.cica.es --realm CICA.ES
>>>> --hostname sheldon.cica.es' returned non-zero exit status 1
>>>>
>>>> If I see the ipa-client-install logs, I have:
>>>>
>>>> [...]
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
>>>> args=klist -V
>>>> stdout=Kerberos 5 version 1.10.3
>>>>
>>>> stderr=
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
>>>> importing plugin module
>>>> '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
>>>> Failed to initialize IPA API.
>>>> Installation failed. Rolling back changes.
>>>> IPA client is not configured on this system.
>>>>
>>>> I fit all prerequisites listed in fedora and redhat documentation:
>>>> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
>>>>
>>>>
>>>>
>>>>
>>>> After this, if I try ipactl:
>>>>
>>>> # ipactl start
>>>> Starting Directory Service
>>>> Starting dirsrv:
>>>>      CICA-ES... already running                             [  OK  ]
>>>>      PKI-IPA... already running                             [  OK  ]
>>>> Failed to read data from Directory Service: Unknown error when
>>>> retrieving list
>>>> of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
>>>> 'desc':
>>>> 'Unknown authentication method'}
>>>> Shutting down
>>>> Shutting down dirsrv:
>>>>      CICA-ES...                                             [  OK  ]
>>>>      PKI-IPA...                                             [  OK  ]
>>>>
>>>>
>>>> Any idea how to get rid of this error and continuing installing/using?
>>>>
>>>> regards
>>>>
>>> Hello Arturo,
>>>
>>> This error could have been caused if /etc/ipa/default.conf was not
>>> created
>>> before ipa-client-install was executed.
>>>
>>> Could you please check ipaserver-install.log and see if there are not any
>>> errors related to creating /etc/ipa/default.conf?
>>>
>>> Does /etc/ipa/ exist?
>>>
>>> Thanks,
>>> Martin
>> Thanks,
>>
>> /etc/ipa exist, with this content:
>>
>> [root at sheldon ipa]# ll -R
>> .:
>> total 8
>> -r--r--r--. 1 root root 1295 abr 15 13:40 ca.crt
>> drwxr-xr-x. 2 root root 4096 abr 12 11:37 html
>>
>> ./html:
>> total 28
>> -rw-r--r--. 1 root root 3929 mar  8 15:10 browserconfig.html
>> -rw-r--r--. 1 root root 2871 mar  8 15:10 ffconfig.js
>> -rw-r--r--. 1 root root 4603 mar  8 15:10 ffconfig_page.js
>> -rw-r--r--. 1 root root  521 mar  8 15:10 ipa_error.css
>> -rw-r--r--. 1 root root 3974 mar  8 15:10 ssbrowser.html
>> -rw-r--r--. 1 root root 1370 mar  8 15:10 unauthorized.html
>>
>> So, no /etc/ipa/default.conf exist.
>>
>> Which package is intended to deploy it?
> 
> The server installer creates it.
> 
> I believe this file gets removed by the client when its install fails.
> 
> The server log may have some failures though, as suggested by Martin, so I'd
> start there.
> 
> rob

This file is being created right after the wizard part of ipa-server-install,
so when the services are being configured, it should be there (you can check
that and get its contents). Unfortunately, there is not logging around it, so
you may not see much info in you ipaserver-install.log...

BTW I really suspect that missing or unreadable /etc/ipa/default.conf may
really be the root cause of this issue, I reproduced this exact message when I
run "ipa-client-install --on-master" on clean VM without /etc/ipa/default.conf.

Martin

More information about the Freeipa-users mailing list