[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Ovirt-devel] i386 appliance problems on next branch



Trying to get i386 built and tested for the next release and running into problems with free IPA. Everything works find on x86_64 Fedora 9, but getting errors when creating the IPA server via ipa-server-install.

Can someone take a look at these ipa errors (I'm out of office the next few days so won't be able to)

See attached logs...

Perry

--
|=-        Red Hat, Engineering, Emerging Technologies, Boston        -=|
|=-                     Email: pmyers redhat com                      -=|
|=-         Office: +1 412 474 3552   Mobile: +1 703 362 9622         -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|
2008-08-25 06:24:16,081 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2008-08-25 06:24:16,176 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:16,180 DEBUG Configuring ntpd
2008-08-25 06:24:16,183 DEBUG   [1/4]: stopping ntpd
2008-08-25 06:24:17,064 INFO ntpd is stopped

2008-08-25 06:24:17,069 INFO 
2008-08-25 06:24:17,073 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:18,009 INFO Shutting down ntpd: [FAILED]

2008-08-25 06:24:18,014 INFO 
2008-08-25 06:24:18,017 DEBUG   [2/4]: writing configuration
2008-08-25 06:24:18,031 DEBUG Backing up system configuration file '/etc/ntp.conf'
2008-08-25 06:24:18,044 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2008-08-25 06:24:18,049 DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2008-08-25 06:24:18,059 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2008-08-25 06:24:18,070 DEBUG   [3/4]: configuring ntpd to start on boot
2008-08-25 06:24:18,247 INFO ntpd           	0:off	1:off	2:off	3:off	4:off	5:off	6:off

2008-08-25 06:24:18,251 INFO 
2008-08-25 06:24:18,256 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:18,598 INFO 
2008-08-25 06:24:18,603 INFO 
2008-08-25 06:24:18,606 DEBUG   [4/4]: starting ntpd
2008-08-25 06:24:19,306 INFO Starting ntpd: [  OK  ]

2008-08-25 06:24:19,311 INFO 
2008-08-25 06:24:19,314 DEBUG done configuring ntpd.
2008-08-25 06:24:19,318 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:19,334 DEBUG Configuring directory server:
2008-08-25 06:24:19,347 DEBUG   [1/16]: creating directory server user
2008-08-25 06:24:19,353 DEBUG adding ds user dirsrv
2008-08-25 06:24:19,767 INFO 
2008-08-25 06:24:19,772 INFO 
2008-08-25 06:24:19,775 DEBUG done adding user
2008-08-25 06:24:19,778 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:19,784 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:19,791 DEBUG   [2/16]: creating directory server instance
2008-08-25 06:24:20,453 INFO 
2008-08-25 06:24:20,458 INFO 
2008-08-25 06:24:20,461 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:20,469 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:24:20,476 DEBUG 
dn: dc=priv,dc=ovirt,dc=org
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: priv
info: IPA V1.0

2008-08-25 06:24:20,484 DEBUG writing inf template
2008-08-25 06:24:20,507 DEBUG 
[General]
FullMachineName=   management.priv.ovirt.org
SuiteSpotUserID=   dirsrv
ServerRoot=    /usr/lib/dirsrv
[slapd]
ServerPort=   389
ServerIdentifier=   PRIV-OVIRT-ORG
Suffix=   dc=priv,dc=ovirt,dc=org
RootDN=   cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif

2008-08-25 06:24:20,511 DEBUG calling setup-ds.pl
2008-08-25 06:24:44,130 INFO [08/08/25:06:24:44] - [Setup] Info Your new DS instance 'PRIV-OVIRT-ORG' was successfully created.
Your new DS instance 'PRIV-OVIRT-ORG' was successfully created.
[08/08/25:06:24:44] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'


2008-08-25 06:24:44,137 INFO WARNING: The root password is less than 8 characters long.  You should choose a longer one.

2008-08-25 06:24:44,141 DEBUG completed creating ds instance
2008-08-25 06:24:44,145 DEBUG restarting ds instance
2008-08-25 06:24:50,738 INFO Shutting down dirsrv: 
    PRIV-OVIRT-ORG...[  OK  ]
Starting dirsrv: 
    PRIV-OVIRT-ORG...[  OK  ]

2008-08-25 06:24:50,744 INFO 
2008-08-25 06:24:50,750 DEBUG done restarting ds instance
2008-08-25 06:24:50,758 DEBUG   [3/16]: adding default schema
2008-08-25 06:24:50,803 DEBUG   [4/16]: enabling memberof plugin
2008-08-25 06:24:51,239 INFO add objectclass:
	top
	nsSlapdPlugin
	extensibleObject
add cn:
	ipa-memberof
add nsslapd-pluginpath:
	libipa-memberof-plugin
add nsslapd-plugininitfunc:
	ipamo_postop_init
add nsslapd-plugintype:
	postoperation
add nsslapd-pluginenabled:
	on
add nsslapd-pluginid:
	memberof
add nsslapd-pluginversion:
	1.0
add nsslapd-pluginvendor:
	Red Hat
add nsslapd-plugindescription:
	Memberof plugin
adding new entry "cn=ipa-memberof,cn=plugins,cn=config"
modify complete


2008-08-25 06:24:51,246 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:24:51,252 DEBUG   [5/16]: enabling referential integrity plugin
2008-08-25 06:24:51,636 INFO replace nsslapd-pluginenabled:
	on
add nsslapd-pluginArg7:
	manager
add nsslapd-pluginArg8:
	secretary
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete


2008-08-25 06:24:51,643 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:24:51,649 DEBUG   [6/16]: enabling distributed numeric assignment plugin
2008-08-25 06:24:52,005 INFO add objectclass:
	top
	nsSlapdPlugin
	extensibleObject
add cn:
	ipa-dna
add nsslapd-pluginpath:
	libipa-dna-plugin
add nsslapd-plugininitfunc:
	ipa_dna_init
add nsslapd-plugintype:
	preoperation
add nsslapd-pluginenabled:
	on
add nsslapd-pluginid:
	ipa-dna
add nsslapd-pluginversion:
	1.0
add nsslapd-pluginvendor:
	Red Hat
add nsslapd-plugindescription:
	IPA Distributed numeric assignment plugin
adding new entry "cn=ipa-dna,cn=plugins,cn=config"
modify complete


2008-08-25 06:24:52,012 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:24:52,018 DEBUG   [7/16]: configuring uniqueness plugin
2008-08-25 06:24:52,397 INFO add objectClass:
	top
	nsSlapdPlugin
	extensibleObject
add cn:
	krbPrincipalName uniqueness
add nsslapd-pluginPath:
	libattr-unique-plugin
add nsslapd-pluginInitfunc:
	NSUniqueAttr_Init
add nsslapd-pluginType:
	preoperation
add nsslapd-pluginEnabled:
	on
add nsslapd-pluginarg0:
	krbPrincipalName
add nsslapd-pluginarg1:
	dc=priv,dc=ovirt,dc=org
add nsslapd-plugin-depends-on-type:
	database
add nsslapd-pluginId:
	NSUniqueAttr
add nsslapd-pluginVersion:
	1.1.0
add nsslapd-pluginVendor:
	Fedora Project
add nsslapd-pluginDescription:
	Enforce unique attribute values
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete


2008-08-25 06:24:52,404 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:24:52,412 DEBUG   [8/16]: creating indices
2008-08-25 06:24:54,372 INFO add objectClass:
	top
	nsIndex
add cn:
	krbPrincipalName
add nsSystemIndex:
	false
add nsIndexType:
	eq
	sub
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	ou
add nsSystemIndex:
	false
add nsIndexType:
	eq
	sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	carLicense
add nsSystemIndex:
	false
add nsIndexType:
	eq
	sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	title
add nsSystemIndex:
	false
add nsIndexType:
	eq
	sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	manager
add nsSystemIndex:
	false
add nsIndexType:
	eq
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	secretary
add nsSystemIndex:
	false
add nsIndexType:
	eq
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	displayname
add nsSystemIndex:
	false
add nsIndexType:
	eq
	sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add nsIndexType:
	sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	memberof
add nsSystemIndex:
	false
add nsIndexType:
	eq
adding new entry "cn=memberof,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	uidnumber
add nsSystemIndex:
	false
add nsIndexType:
	eq
add nsMatchingRule:
	integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
	top
	nsIndex
add cn:
	gidnumber
add nsSystemIndex:
	false
add nsIndexType:
	eq
add nsMatchingRule:
	integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete


2008-08-25 06:24:54,383 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:24:54,393 DEBUG   [9/16]: configuring ssl for ds instance
2008-08-25 06:24:54,402 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2008-08-25 06:24:54,878 INFO 
2008-08-25 06:24:54,887 INFO 
2008-08-25 06:25:01,256 INFO 
2008-08-25 06:25:01,264 INFO 

Generating key.  This may take a few moments...


2008-08-25 06:25:04,625 INFO 
2008-08-25 06:25:04,632 INFO 

Generating key.  This may take a few moments...


2008-08-25 06:25:04,932 INFO 
2008-08-25 06:25:04,939 INFO 
2008-08-25 06:25:05,367 INFO pk12util: PKCS12 EXPORT SUCCESSFUL

2008-08-25 06:25:05,374 INFO 
2008-08-25 06:25:09,159 INFO 
2008-08-25 06:25:09,167 INFO 

Generating key.  This may take a few moments...


2008-08-25 06:25:09,760 INFO 
2008-08-25 06:25:09,768 INFO 
2008-08-25 06:25:10,343 DEBUG   [10/16]: configuring certmap.conf
2008-08-25 06:25:10,355 DEBUG   [11/16]: restarting directory server
2008-08-25 06:25:21,741 INFO Shutting down dirsrv: 
    PRIV-OVIRT-ORG...[  OK  ]
Starting dirsrv: 
    PRIV-OVIRT-ORG...[  OK  ]

2008-08-25 06:25:21,749 INFO 
2008-08-25 06:25:22,663 INFO dirsrv PRIV-OVIRT-ORG (pid 1813) is running...

2008-08-25 06:25:22,672 INFO 
2008-08-25 06:25:22,680 DEBUG   [12/16]: adding default layout
2008-08-25 06:25:24,042 INFO add objectClass:
	top
	nsContainer
	krbPwdPolicy
add cn:
	accounts
add krbMinPwdLife:
	3600
add krbPwdMinDiffChars:
	0
add krbPwdMinLength:
	8
add krbPwdHistoryLength:
	0
add krbMaxPwdLife:
	7776000
adding new entry "cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	nsContainer
add cn:
	users
adding new entry "cn=users,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	nsContainer
add cn:
	groups
adding new entry "cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	nsContainer
add cn:
	services
adding new entry "cn=services,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	nsContainer
add cn:
	computers
adding new entry "cn=computers,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	etc
adding new entry "cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	sysaccounts
adding new entry "cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	ipa
adding new entry "cn=ipa,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	masters
adding new entry "cn=masters,cn=ipa,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	person
	posixAccount
	KrbPrincipalAux
	inetUser
add uid:
	admin
add krbPrincipalName:
	admin PRIV OVIRT ORG
add cn:
	Administrator
add sn:
	Administrator
add uidNumber:
	999
add gidNumber:
	1001
add homeDirectory:
	/home/admin
add loginShell:
	/bin/bash
add gecos:
	Administrator
add nsAccountLock:
	False
adding new entry "uid=admin,cn=users,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	radius
adding new entry "cn=radius,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	clients
adding new entry "cn=clients,cn=radius,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
add cn:
	profiles
adding new entry "cn=profiles,cn=radius,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	radiusprofile
add uid:
	ipa_default
adding new entry "uid=ipa_default, cn=profiles,cn=radius,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	groupofnames
	posixGroup
add cn:
	admins
add description:
	Account administrators group
add gidNumber:
	1001
add member:
	uid=admin,cn=users,cn=accounts,dc=priv,dc=ovirt,dc=org
add nsAccountLock:
	False
adding new entry "cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	groupofnames
	posixGroup
add gidNumber:
	1002
add description:
	Default group for all users
add cn:
	ipausers
adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	groupofnames
	posixGroup
add gidNumber:
	1003
add description:
	Limited admins who can edit other users
add cn:
	editors
adding new entry "cn=editors,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	nsContainer
	top
	ipaGuiConfig
add ipaUserSearchFields:
	uid,givenName,sn,telephoneNumber,ou,title
add ipaGroupSearchFields:
	cn,description
add ipaSearchTimeLimit:
	2
add ipaSearchRecordsLimit:
	0
add ipaHomesRootDir:
	/home
add ipaDefaultLoginShell:
	/bin/sh
add ipaDefaultPrimaryGroup:
	ipausers
add ipaMaxUsernameLength:
	8
add ipaPwdExpAdvNotify:
	4
add ipaGroupObjectClasses:
	top
	groupofnames
	posixGroup
	inetUser
add ipaUserObjectClasses:
	top
	person
	organizationalPerson
	inetOrgPerson
	inetUser
	posixAccount
	krbPrincipalAux
	radiusprofile
add ipaDefaultEmailDomain:
	priv.ovirt.org
adding new entry "cn=ipaConfig,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add description:
	Lock accounts based on group membership
add objectClass:
	top
	ldapsubentry
	cosSuperDefinition
	cosClassicDefinition
add cosTemplateDn:
	cn=cosTemplates,cn=accounts,dc=priv,dc=ovirt,dc=org
add cosAttribute:
	nsAccountLock operational
add cosSpecifier:
	memberOf
add cn:
	Account Inactivation
adding new entry "cn=account inactivation,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectclass:
	top
	nsContainer
add cn:
	cosTemplates
adding new entry "cn=cosTemplates,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	cosTemplate
	extensibleobject
add nsAccountLock:
	true
add cosPriority:
	1
adding new entry "cn="cn=inactivated,cn=account inactivation,cn=accounts,dc=priv,dc=ovirt,dc=org", cn=cosTemplates,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectclass:
	top
	groupofnames
adding new entry "cn=inactivated,cn=account inactivation,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	top
	cosTemplate
	extensibleobject
add nsAccountLock:
	false
add cosPriority:
	0
adding new entry "cn="cn=activated,cn=account inactivation,cn=accounts,dc=priv,dc=ovirt,dc=org", cn=cosTemplates,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add objectclass:
	top
	groupofnames
adding new entry "cn=Activated,cn=Account Inactivation,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete


2008-08-25 06:25:24,051 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:24,072 DEBUG   [13/16]: configuring Posix uid/gid generation as first master
2008-08-25 06:25:24,856 INFO add objectclass:
	top
	nsContainer
	extensibleObject
add cn:
	Posix
adding new entry "cn=Posix,cn=ipa-dna,cn=plugins,cn=config"
modify complete

add objectclass:
	top
	extensibleObject
add cn:
	Accounts
add dnaType:
	uidNumber
add dnaNextValue:
	1100
add dnaInterval:
	1
add dnaMaxValue:
	1000000000
add dnaMagicRegen:
	999
add dnaFilter:
	(objectclass=posixAccount)
add dnaScope:
	dc=priv,dc=ovirt,dc=org
adding new entry "cn=Accounts,cn=Posix,cn=ipa-dna,cn=plugins,cn=config"
modify complete

add objectclass:
	top
	extensibleObject
add cn:
	Groups
add dnaType:
	gidNumber
add dnaNextValue:
	1100
add dnaInterval:
	1
add dnaMaxValue:
	1000000000
add dnaMagicRegen:
	999
add dnaFilter:
	(objectclass=posixGroup)
add dnaScope:
	dc=priv,dc=ovirt,dc=org
adding new entry "cn=Groups,cn=Posix,cn=ipa-dna,cn=plugins,cn=config"
modify complete


2008-08-25 06:25:24,864 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:24,878 DEBUG   [14/16]: adding master entry as first master
2008-08-25 06:25:25,174 INFO add objectclass:
	top
	extensibleObject
add cn:
	management.priv.ovirt.org
add dnabase:
	1100
add dnainterval:
	4
adding new entry "cn=management.priv.ovirt.org,cn=masters,cn=ipa,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete


2008-08-25 06:25:25,184 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:25,193 DEBUG   [15/16]: initializing group membership
2008-08-25 06:25:25,618 INFO add objectClass:
	top
	extensibleObject
add cn:
	IPA install
add basedn:
	dc=priv,dc=ovirt,dc=org
add filter:
	(objectclass=*)
add ttl:
	10
adding new entry "cn=IPA install 1219645459, cn=memberof task, cn=tasks, cn=config"
modify complete


2008-08-25 06:25:25,626 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:25,638 DEBUG   [16/16]: configuring directory to start on boot
2008-08-25 06:25:25,839 INFO dirsrv         	0:off	1:off	2:off	3:off	4:off	5:off	6:off

2008-08-25 06:25:25,848 INFO 
2008-08-25 06:25:25,856 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:25:26,045 INFO 
2008-08-25 06:25:26,052 INFO 
2008-08-25 06:25:26,058 DEBUG done configuring dirsrv.
2008-08-25 06:25:26,063 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:25:26,081 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:25:27,747 INFO krb5kdc is stopped

2008-08-25 06:25:27,755 INFO 
2008-08-25 06:25:27,761 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2008-08-25 06:25:29,204 INFO Stopping Kerberos 5 KDC: [FAILED]

2008-08-25 06:25:29,211 INFO 
2008-08-25 06:25:29,217 DEBUG Configuring Kerberos KDC
2008-08-25 06:25:29,222 DEBUG   [1/13]: setting KDC account password
2008-08-25 06:25:29,228 DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/ldappwd'
2008-08-25 06:25:29,237 DEBUG   -> Not backing up - '/var/kerberos/krb5kdc/ldappwd' doesn't exist
2008-08-25 06:25:29,247 DEBUG   [2/13]: adding sasl mappings to the directory
2008-08-25 06:25:30,420 DEBUG   [3/13]: adding kerberos entries to the DS
2008-08-25 06:25:30,743 INFO add objectclass:
	account
	simplesecurityobject
add uid:
	kdc
add userPassword:
	WPQPKTCVWOMI
adding new entry "uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add objectClass:
	krbContainer
	top
add cn:
	kerberos
add aci:
	(targetattr="*")(version 3.0; acl "KDC System Account"; allow (all) userdn= "ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org";;)
adding new entry "cn=kerberos,dc=priv,dc=ovirt,dc=org"
modify complete


2008-08-25 06:25:30,752 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:30,761 DEBUG   [4/13]: adding default ACIs
2008-08-25 06:25:31,200 INFO add aci:
	(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";;)
	(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admin can manage any entry"; allow (all) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
	(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword")(version 3.0; acl "Self can write own password"; allow (write) userdn="ldap:///self";;)
	(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
	(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Password change service can read/write passwords"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw PRIV OVIRT ORG,cn=PRIV.OVIRT.ORG,cn=kerberos,dc=priv,dc=ovirt,dc=org";)
	(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "KDC System Account can access passwords"; allow (all) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org";;)
	(targetattr = "krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account can update some fields"; allow (write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org";;)
	(targetattr = "krbPrincipalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "Only the KDC System Account has access to kerberos material"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org";;)
	(targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
	(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
	(targetattr = "givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType  || businessCategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";;)
modifying entry "dc=priv,dc=ovirt,dc=org"
modify complete

add aci:
	(targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
modifying entry "cn=ipaConfig,cn=etc,dc=priv,dc=ovirt,dc=org"
modify complete

add aci:
	(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
	(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
modifying entry "cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete

add aci:
	(targetattr = "*")(version 3.0; acl "Only radius and admin can access radius service data"; deny (all) userdn!="ldap:///uid=admin,cn=users,cn=accounts,dc=priv,dc=ovirt,dc=org || ldap:///krbprincipalname=radius/management priv ovirt org PRIV OVIRT ORG,cn=PRIV.OVIRT.ORG,cn=kerberos,dc=priv,dc=ovirt,dc=org";)
	(targetfilter = "(objectClass=radiusprofile)")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=priv,dc=ovirt,dc=org";;)
modifying entry "cn=radius,dc=priv,dc=ovirt,dc=org"
modify complete

add aci:
	(targetattr="krbPrincipalName || krbUPEnabled || krbPrincipalKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org";;)
modifying entry "cn=services,cn=accounts,dc=priv,dc=ovirt,dc=org"
modify complete


2008-08-25 06:25:31,209 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:31,223 DEBUG   [5/13]: configuring KDC
2008-08-25 06:25:31,234 DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
2008-08-25 06:25:31,255 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2008-08-25 06:25:31,278 DEBUG Backing up system configuration file '/etc/krb5.conf'
2008-08-25 06:25:31,299 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2008-08-25 06:25:31,318 DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
2008-08-25 06:25:31,326 DEBUG   -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist
2008-08-25 06:25:31,339 DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
2008-08-25 06:25:31,345 DEBUG   -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist
2008-08-25 06:25:31,361 DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
2008-08-25 06:25:31,367 DEBUG   -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist
2008-08-25 06:25:31,962 INFO 
2008-08-25 06:25:31,970 INFO 
2008-08-25 06:25:31,977 DEBUG   [6/13]: adding default keytypes
2008-08-25 06:25:32,287 INFO add krbSupportedEncSaltTypes:
	aes256-cts:normal
	aes128-cts:normal
	des3-hmac-sha1:normal
	arcfour-hmac:normal
	des-hmac-sha1:normal
	des-cbc-md5:normal
	des-cbc-crc:normal
	des-cbc-crc:v4
	des-cbc-crc:afs3
modifying entry "cn=PRIV.OVIRT.ORG,cn=kerberos,dc=priv,dc=ovirt,dc=org"
modify complete

add krbDefaultEncSaltTypes:
	aes256-cts:normal
	aes128-cts:normal
	des3-hmac-sha1:normal
	arcfour-hmac:normal
	des-hmac-sha1:normal
	des-cbc-md5:normal
modifying entry "cn=PRIV.OVIRT.ORG,cn=kerberos,dc=priv,dc=ovirt,dc=org"
modify complete


2008-08-25 06:25:32,297 INFO ldap_initialize( ldap://127.0.0.1 )

2008-08-25 06:25:32,308 DEBUG   [7/13]: creating a keytab for the directory
2008-08-25 06:25:32,866 INFO Authenticating as principal root/admin PRIV OVIRT ORG with password.

2008-08-25 06:25:32,875 INFO kadmin.local: Cannot find/read stored master key while initializing kadmin.local interface

2008-08-25 06:25:32,924 DEBUG Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey ldap/management priv ovirt org PRIV OVIRT ORG' returned non-zero exit status 1
  File "/usr/sbin/ipa-server-install", line 572, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 495, in main
    krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)

  File "/usr/lib/python2.5/site-packages/ipaserver/krbinstance.py", line 147, in create_instance
    self.start_creation("Configuring Kerberos KDC")

  File "/usr/lib/python2.5/site-packages/ipaserver/service.py", line 139, in start_creation
    method()

  File "/usr/lib/python2.5/site-packages/ipaserver/krbinstance.py", line 370, in __create_ds_keytab
    installutils.kadmin_addprinc(ldap_principal)

  File "/usr/lib/python2.5/site-packages/ipaserver/installutils.py", line 207, in kadmin_addprinc
    kadmin("addprinc -randkey " + principal)

  File "/usr/lib/python2.5/site-packages/ipaserver/installutils.py", line 204, in kadmin
    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])

  File "/usr/lib/python2.5/site-packages/ipa/ipautil.py", line 83, in run
    raise CalledProcessError(p.returncode, ' '.join(args))

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup the FreeIPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure TurboGears

To accept the default shown in brackets, press the Enter key.

The domain name has been calculated based on the host name.

The IPA Master Server will be configured with
Hostname:    management.priv.ovirt.org
IP address:  192.168.50.2
Domain name: priv.ovirt.org

Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server:
  [1/16]: creating directory server user
  [2/16]: creating directory server instance
  [3/16]: adding default schema
  [4/16]: enabling memberof plugin
  [5/16]: enabling referential integrity plugin
  [6/16]: enabling distributed numeric assignment plugin
  [7/16]: configuring uniqueness plugin
  [8/16]: creating indices
  [9/16]: configuring ssl for ds instance
  [10/16]: configuring certmap.conf
  [11/16]: restarting directory server
  [12/16]: adding default layout
  [13/16]: configuring Posix uid/gid generation as first master
  [14/16]: adding master entry as first master
  [15/16]: initializing group membership
  [16/16]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC
  [1/13]: setting KDC account password
  [2/13]: adding sasl mappings to the directory
  [3/13]: adding kerberos entries to the DS
  [4/13]: adding default ACIs
  [5/13]: configuring KDC
Failed to populate the realm structure in kerberos Command '/usr/kerberos/sbin/kdb5_ldap_util -D uid=kdc,cn=sysaccounts,cn=etc,dc=priv,dc=ovirt,dc=org -w WPQPKTCVWOMI create -s -P ovirt -r PRIV.OVIRT.ORG -subtrees dc=priv,dc=ovirt,dc=org -sscope sub' returned non-zero exit status -11
  [6/13]: adding default keytypes
  [7/13]: creating a keytab for the directory
Unexpected error - see ipaserver-install.log for details:
 Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey ldap/management priv ovirt org PRIV OVIRT ORG' returned non-zero exit status 1
sed: can't read /etc/httpd/conf.d/ipa.conf: No such file or directory
sed: can't read /etc/httpd/conf.d/ipa.conf: No such file or directory
sed: can't read /etc/httpd/conf.d/ipa-rewrite.conf: No such file or directory
Stopping httpd: [FAILED]
Starting httpd: [  OK  ]
kinit(v5): Cannot contact any KDC for realm 'PRIV.OVIRT.ORG' while getting initial credentials
SASL/GSSAPI authentication started
/etc/rc3.d/S95ovirt-wui-dev-first-run: line 14:  1949 Segmentation fault      ldapmodify -h management.priv.ovirt.org -p 389 -Y GSSAPI  <<LDAP
dn: cn=ipaConfig,cn=etc,dc=priv,dc=ovirt,dc=org
changetype: modify
replace: ipaMaxUsernameLength
ipaMaxUsernameLength: 12
LDAP

/etc/rc3.d/S95ovirt-wui-dev-first-run: line 14:  1950 Segmentation fault      ipa-adduser -f Ovirt -l Admin -p ovirt ovirtadmin
/etc/rc3.d/S95ovirt-wui-dev-first-run: line 14:  1959 Segmentation fault      ipa-modgroup -a ovirtadmin admins
/etc/rc3.d/S95ovirt-wui-dev-first-run: line 14:  1960 Segmentation fault      ipa-moduser --setattr krbPasswordExpiration=19700101000000Z ovirtadmin

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]