10:18 a.m.
Hello !
Does anyone know what version of Ubuntu does support Freeipa server ? I have tried with
18.04 which fails always due to pki-tomcatd issues and Ubuntu 20 seems to not have the
packages in the repository.
Any suggestion/help is appreciated.
Thanks
12:39 p.m.
On 10.12.2020 18.18, iulian roman via FreeIPA-users wrote:
Hello !
Does anyone know what version of Ubuntu does support Freeipa server ? I have tried with
18.04 which fails always due to pki-tomcatd issues and Ubuntu 20 seems to not have the
packages in the repository.
Any suggestion/help is appreciated.
Thanks
Hi,
There's a ppa for 18.04 with slightly updated packages with all the
known silly bugs fixed, but I haven't advertised it much because running
ipaserver-install on my VM is somewhat racy and might fail, but here you go:
https://launchpad.net/~freeipa/+archive/ubuntu/azure-ci/+packages
if the packages are found good enough, I can move them to the main ppa.
The upstream versions are not the latest of their series, but that's
because a newer ipa would bump dependencies too far. These work with
what's in 18.04.
--
t
4:17 p.m.
On 10.12.2020 20.39, Timo Aaltonen via FreeIPA-users wrote:
On 10.12.2020 18.18, iulian roman via FreeIPA-users wrote:
> Hello !
> Does anyone know what version of Ubuntu does support Freeipa server ?
> I have tried with 18.04 which fails always due to pki-tomcatd issues
> and Ubuntu 20 seems to not have the packages in the repository.
> Any suggestion/help is appreciated.
> Thanks
Hi,
There's a ppa for 18.04 with slightly updated packages with all the
known silly bugs fixed, but I haven't advertised it much because running
ipaserver-install on my VM is somewhat racy and might fail, but here you
go:
https://launchpad.net/~freeipa/+archive/ubuntu/azure-ci/+packages
if the packages are found good enough, I can move them to the main ppa.
The upstream versions are not the latest of their series, but that's
because a newer ipa would bump dependencies too far. These work with
what's in 18.04.
use this link instead
https://launchpad.net/~freeipa/+archive/ubuntu/azure-ci
or 'apt-add-repository ppa:freeipa/azure-ci'
--
t
6:58 a.m.
Hi Timo,
Thanks for the update. I have tried with new package versions (there is a dependency as
well on libjboss-annotations-1.2-api-java which needs to be installed from freeipa staging
ppa) , but the installation fails in the same step (it fails to configure/start the CA):
2020-12-11T12:49:09Z DEBUG stderr=pkispawn : ERROR .......
subprocess.CalledProcessError: Command '['sysctl',
'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!
pkispawn : ERROR ........... server did not start after 60s
pkispawn : ERROR ....... server failed to restart
2020-12-11T12:49:09Z CRITICAL Failed to configure CA instance: CalledProcessError(Command
['/usr/sbin/pkispawn', '-s', 'CA', '-f',
'/tmp/tmp9GMIPC'] returned non-zero exit status 1: u"pkispawn : ERROR
....... subprocess.CalledProcessError: Command '['sysctl',
'crypto.fips_enabled', '-bn']' returned non-zero exit status
255!\npkispawn : ERROR ........... server did not start after 60s\npkispawn :
ERROR ....... server failed to restart\n")
2020-12-11T12:49:09Z CRITICAL See the installation logs and the following
files/directories for more information:
2020-12-11T12:49:09Z CRITICAL /var/log/pki/pki-tomcat
2020-12-11T12:49:09Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
603, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
589, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line
696, in __spawn_instance
pki_pin)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 167, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 415, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
2020-12-11T12:49:09Z DEBUG [error] RuntimeError: CA configuration failed.
2020-12-11T12:49:09Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
Any idea how that can be fixed ?
7:43 a.m.
On 11.12.2020 14.58, iulian roman via FreeIPA-users wrote:
Hi Timo,
Thanks for the update. I have tried with new package versions (there is a dependency as
well on libjboss-annotations-1.2-api-java which needs to be installed from freeipa staging
ppa) , but the installation fails in the same step (it fails to configure/start the CA):
2020-12-11T12:49:09Z DEBUG stderr=pkispawn : ERROR .......
subprocess.CalledProcessError: Command '['sysctl',
'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!
pkispawn : ERROR ........... server did not start after 60s
pkispawn : ERROR ....... server failed to restart
2020-12-11T12:49:09Z CRITICAL Failed to configure CA instance: CalledProcessError(Command
['/usr/sbin/pkispawn', '-s', 'CA', '-f',
'/tmp/tmp9GMIPC'] returned non-zero exit status 1: u"pkispawn : ERROR
....... subprocess.CalledProcessError: Command '['sysctl',
'crypto.fips_enabled', '-bn']' returned non-zero exit status
255!\npkispawn : ERROR ........... server did not start after 60s\npkispawn :
ERROR ....... server failed to restart\n")
2020-12-11T12:49:09Z CRITICAL See the installation logs and the following
files/directories for more information:
2020-12-11T12:49:09Z CRITICAL /var/log/pki/pki-tomcat
2020-12-11T12:49:09Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
603, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
589, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py",
line 696, in __spawn_instance
pki_pin)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 167, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 415, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
2020-12-11T12:49:09Z DEBUG [error] RuntimeError: CA configuration failed.
2020-12-11T12:49:09Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
Any idea how that can be fixed ?
I guess you got hit by the openjdk8 update as well, so downgrade it by
running 'apt install openjdk-8-jre-headless=8u162-b12-1' and then try again.
I've managed to get the server working on 20.04 (without bind9) but
updating java breaks it there too, and while bumping libjss to current
v4.6.x branch should help it only fails the setup later (requesting RA
cert).
And the breakage with current packages in Debian unstable is probably
caused by making Dogtag 10.10 to essentially require system-wide
crypto-policies which aren't used on Debian...
--
t
8:19 a.m.
Downgrading java moved the installation a bit . It fails faster now :) , but at least i
can curl the endpoint, therefore it does not timeout in that phase. The errors i get :
2020-12-11T14:08:33Z DEBUG stderr=pkispawn : ERROR .......
subprocess.CalledProcessError: Command '['sysctl',
'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/usr/lib/python2.7/dist-packages/pki/server/pkispawn.py", line 878, in
<module>
main(sys.argv)
File "/usr/lib/python2.7/dist-packages/pki/server/pkispawn.py", line 555, in
main
print(r.text)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2013' in
position 60: ordinal not in range(128)
2020-12-11T14:08:33Z CRITICAL Failed to configure CA instance: CalledProcessError(Command
['/usr/sbin/pkispawn', '-s', 'CA', '-f',
'/tmp/tmpZzrdfK'] returned non-zero exit status 1: u'pkispawn : ERROR
....... subprocess.CalledProcessError: Command \'[\'sysctl\',
\'crypto.fips_enabled\', \'-bn\']\' returned non-zero exit status
255!\nTraceback (most recent call last):\n File "/usr/lib/python2.7/runpy.py",
line 174, in _run_module_as_main\n "__main__", fname, loader, pkg_name)\n
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code\n exec code in
run_globals\n File "/usr/lib/python2.7/dist-packages/pki/server/pkispawn.py",
line 878, in <module>\n main(sys.argv)\n File
"/usr/lib/python2.7/dist-packages/pki/server/pkispawn.py", line 555, in main\n
print(r.text)\nUnicodeEncodeError: \'ascii\' codec can\'t encode character
u\'\\u2013\' in position 60: ordinal not in range(128)\n')
2020-12-11T14:08:33Z CRITICAL See the installation logs and the following
files/directories for more information:
2020-12-11T14:08:33Z CRITICAL /var/log/pki/pki-tomcat
2020-12-11T14:08:33Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
603, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
589, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line
696, in __spawn_instance
pki_pin)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 167, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py",
line 415, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
2020-12-11T14:08:33Z DEBUG [error] RuntimeError: CA configuration failed.
2020-12-11T14:08:33Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
In /var/log/pki/pki-tomcat/ca/debug.2020-12-11.log i have the following errors:
2020-12-11 15:08:32 [localhost-startStop-1] SEVERE: StandardWrapper.Throwable
java.lang.NullPointerException
at
com.netscape.cmscore.profile.LDAPProfileSubsystem.forgetAllProfiles(LDAPProfileSubsystem.java:381)
at
com.netscape.cmscore.profile.LDAPProfileSubsystem.shutdown(LDAPProfileSubsystem.java:377)
at com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:2024)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1922)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:158)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1144)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1091)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:983)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4956)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5270)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:624)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1834)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2020-12-11 15:08:32 [localhost-startStop-1] SEVERE: Servlet [castart] in web application
[/ca] threw load() exception
java.lang.NullPointerException
at
com.netscape.cmscore.profile.LDAPProfileSubsystem.forgetAllProfiles(LDAPProfileSubsystem.java:381)
at
com.netscape.cmscore.profile.LDAPProfileSubsystem.shutdown(LDAPProfileSubsystem.java:377)
at com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:2024)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1922)
at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:158)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1144)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1091)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:983)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4956)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5270)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:624)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1834)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
1225
days inactive
1226
days old
freeipa-users@lists.fedorahosted.org
5 comments
2 participants
participants (2)
-
iulian roman -
Timo Aaltonen