2012/1/6 Rich Megginson <rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>>
On 01/06/2012 12:57 AM, Israel Nelken wrote:
> Update: Guillaume's suggestion to comment out the nss-related
> lines works - thanks!
> However, it seems that there is a bug?
Yes. Sounds like a bug in mod_nss.
What features of the ds would be affected by removing nss? For
example, I need to set up replication with a ds running on another
machine - would that be affected?
Eli
By default, nss is disabled for the admin-console !
Line :
NSSEngine off
in console.conf
This is here to provide ssl layer for connecting to the admin-console.
It's up to you to decide wether you must enable/disable this.
If you are connecting to the console through a private link/network, you
should stay with nss disabled without too much problem. In the other
case, maybe you could replace mod_nss with mod_ssl to provide the ssl
layer (i never did that), you will probably be able to connect with
https:// but maybe you won't be able to connect to the console with
389-console (which *i think* implement nss capabilities and won't be
compatbile with capabilities exposed by mod_ssl).
This ssl layer doesn't change anything to your replication, as
replication is done through ldap or ldaps protocol. This nss directive
is only here for admin-console, nothing else.
Guillaume
> I'm currently replacing a number of computers in my lab with new
> ones, and the issue comes up in all fresh fedora 16 installations
> (well, with SELinux disabled).
> Eli
>
>
> On Fri, Jan 6, 2012 <tel:2012> at 9:45 AM, Israel Nelken
> <israel(a)cc.huji.ac.il <mailto:israel@cc.huji.ac.il>> wrote:
>
>
>
> 2012/1/5 Rich Megginson <rmeggins(a)redhat.com
> <mailto:rmeggins@redhat.com>>
>
> On 01/05/2012 04:49 AM, Israel Nelken wrote:
>> tried the packages from the testing repos. Still doesn't
>> work.
>> The relevant lines from the log file:
>> Starting admin server . . .
>> output: Job failed. See system logs and 'systemctl
>> status' for details.
>> Could not start the admin server. Error: 256
>> Failed to create and configure the admin server
>> Exiting . . .
>>
>> The /var/log/messages has now
>> Jan 5 13:43:06 habanera kernel: [166303.061687]
>> httpd.worker[32098]: segfault at c ip 00149c67 sp
>> bf9facf0 error 4 in libpthread-2.14.90.so
>> <
http://libpthread-2.14.90.so>[141000+17000]
>> Jan 5 13:43:06 habanera systemd[1]:
>> dirsrv-admin.service: control process exited,
>> code=killed status=11
>> Jan 5 13:43:06 habanera systemd[1]: Unit
>> dirsrv-admin.service entered failed state.
>>
>> (and no other error lines from the installation).
>> Otherwise everything is exactly the same.
>> Eli
> Is this SELinux related? Do you have any AVC messages
> related to httpd.worker or libmodnss.so in dmesg?
>
> SELinux is disabled. Sorry, I don't know what AVC messages
> are, and there is no dmesg in /var/log.
>
>
>>
>>
>>
>> 2012/1/4 Rich Megginson <rmeggins(a)redhat.com
>> <mailto:rmeggins@redhat.com>>
>>
>> On 01/03/2012 10:52 PM, Israel Nelken wrote:
>>> I tried to install the directory server on a
>>> machine with a clean installation of Fedora 16,
>>> fully updated. the setup script failed at the state
>>> of starting the admin server. I fully removed the
>>> installation (remove-ds-admin.pl
>>> <
http://remove-ds-admin.pl> -y -f, yum erase
>>> 389-ds-base-libs 389-adminutil
>>> idm-console-framework, rm -rf /etc/dirsrv
>>> /usr/lib*/dirsrv /var/*/dirsrv
>>> /etc/sysconfig/dirsrv*), reinstalled the packages,
>>> and had the same result. I repeated the same on
>>> another machine with a clean install of Fedora 16,
>>> exactly the same results.
>> Try using the Fedora 16 389 packages from the
>> testing repos:
>> yum install --enablerepo=updates-testing 389-ds
>>>
>>> Details: I ran
>>> setup-ds-admin.pl <
http://setup-ds-admin.pl> -ddd
>>> The seemingly relevant lines from the Log file:
>>> [12/01/04:07:25:48] - [Setup] Info Starting admin
>>> server . . .
>>> [12/01/04:07:25:59] - [Setup] Info output: Starting
>>> dirsrv-admin (via systemctl): Job failed. See
>>> system logs and 'systemctl status' for details.
>>> [12/01/04:07:25:59] - [Setup] Info output: [FAILED]
>>> [12/01/04:07:25:59] - [Setup] Fatal Failed to
>>> create and configure the admin server
>>> [12/01/04:07:25:59] - [Setup] Fatal Exiting . . .
>>>
>>> from /var/log/messages:
>>> Jan 4 07:25:19 habanera ns-slapd[20694]:
>>> [04/Jan/2012 <tel:2012>:07:25:19 +0200] config -
>>> The configuration file
>>> /etc/dirsrv/slapd-admin/dse.ldif does not exist
>>> Jan 4 07:25:19 habanera ns-slapd[20694]:
>>> [04/Jan/2012 <tel:2012>:07:25:19 +0200] config -
>>> The backup configuration file
>>> /etc/dirsrv/slapd-admin/dse.ldif.tmp does not
>>> exist, either.
>>> Jan 4 07:25:19 habanera ns-slapd[20694]:
>>> [04/Jan/2012 <tel:2012>:07:25:19 +0200] schema - No
>>> schema files were found in the directory
>>> /etc/dirsrv/slapd-admin/schema
>>> Jan 4 07:25:19 habanera ns-slapd[20694]:
>>> [04/Jan/2012 <tel:2012>:07:25:19 +0200] dse -
>>> Please edit the file to correct the reported
>>> problems and then restart the server.
>>> Jan 4 07:25:19 habanera systemd[1]:
>>> dirsrv(a)admin.service:
>>> <mailto:dirsrv@admin.service:> control process
>>> exited, code=exited status=1
>>> Jan 4 07:25:19 habanera systemd[1]: Unit
>>> dirsrv(a)admin.service <mailto:dirsrv@admin.service>
>>> entered failed state.
>>> Jan 4 07:25:48 habanera dirsrv-admin[20825]:
>>> Starting dirsrv-admin:
>>> Jan 4 07:25:49 habanera dirsrv-admin[20825]:
>>> /usr/sbin/start-ds-admin: line 104: 20845
>>> Segmentation fault $SELINUX_CMD $HTTPD
>>> $OMIT_DEFLATE -k start -f
>>> /etc/dirsrv/admin-serv/httpd.conf "$@"
>>> Jan 4 07:25:49 habanera kernel: [57576.961337]
>>> httpd.worker[20845]: segfault at c ip 008e1c67 sp
>>> bfc770f0 error 4 in libpthread-2.14.90.so
>>> <
http://libpthread-2.14.90.so>[8d9000+17000]
>>> Jan 4 07:25:59 habanera dirsrv-admin[20825]:
>>> Server failed to start !!! Please check errors log
>>> for problems
>>> Jan 4 07:25:59 habanera dirsrv-admin[20825]: [FAILED]
>>> Jan 4 07:25:59 habanera systemd[1]:
>>> dirsrv-admin.service: control process exited,
>>> code=exited status=1
>>> Jan 4 07:25:59 habanera systemd[1]: Unit
>>> dirsrv-admin.service entered failed state.
>>>
>>> slapd-habanera seems to run (I see it with ps -ef,
>>> and /var/log/dirsrv/slapd-habanera/access and error
>>> are getting filled up, nothing to comment about).
>>> /var/log/dirsrv/admin-serv/error:
>>> [Wed Jan 04 07:25:49 2012 <tel:2012>] [notice]
>>> Access Host filter is: *.ls.huji.ac.il
>>> <
http://ls.huji.ac.il>
>>> [Wed Jan 04 07:25:49 2012 <tel:2012>] [notice]
>>> Access Address filter is: *
>>>
>>>
>>> --
>>> Prof. Israel Nelken
>>> Dept. of Neurobiology
>>> The Alexander Silberman Institute of Life Sciences
>>> Edmond Safra Campus, Givat Ram
>>> Jerusalem 91904, ISRAEL
>>> Tel: ++972-2-6584229 <tel:%2B%2B972-2-6584229>
>>> Fax: ++972-2-6586077 <tel:%2B%2B972-2-6586077>
>>> israel(a)cc.huji.ac.il <mailto:israel@cc.huji.ac.il>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>> <mailto:389-users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>> --
>> Prof. Israel Nelken
>> Dept. of Neurobiology
>> The Alexander Silberman Institute of Life Sciences
>> Edmond Safra Campus, Givat Ram
>> Jerusalem 91904, ISRAEL
>> Tel: ++972-2-6584229 <tel:%2B%2B972-2-6584229>
>> Fax: ++972-2-6586077 <tel:%2B%2B972-2-6586077>
>> israel(a)cc.huji.ac.il <mailto:israel@cc.huji.ac.il>
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> Prof. Israel Nelken
> Dept. of Neurobiology
> The Alexander Silberman Institute of Life Sciences
> Edmond Safra Campus, Givat Ram
> Jerusalem 91904, ISRAEL
> Tel: ++972-2-6584229 <tel:%2B%2B972-2-6584229>
> Fax: ++972-2-6586077 <tel:%2B%2B972-2-6586077>
> israel(a)cc.huji.ac.il <mailto:israel@cc.huji.ac.il>
>
>
>
>
> --
> Prof. Israel Nelken
> Dept. of Neurobiology
> The Alexander Silberman Institute of Life Sciences
> Edmond Safra Campus, Givat Ram
> Jerusalem 91904, ISRAEL
> Tel: ++972-2-6584229 <tel:%2B%2B972-2-6584229>
> Fax: ++972-2-6586077 <tel:%2B%2B972-2-6586077>
> israel(a)cc.huji.ac.il <mailto:israel@cc.huji.ac.il>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Prof. Israel Nelken
Dept. of Neurobiology
The Alexander Silberman Institute of Life Sciences
Edmond Safra Campus, Givat Ram
Jerusalem 91904, ISRAEL
Tel: ++972-2-6584229
Fax: ++972-2-6586077
israel(a)cc.huji.ac.il <mailto:israel@cc.huji.ac.il>
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users