← Back to team overview

freeipa team mailing list archive

[Bug 1600634] Re: ipa-server-install: On non-x86, errors enabling compatibility plugin for dirsrv

 

OK! That patch worked on the RPi as is. So I got past that problem.

To be hit by this:

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
  [1/28]: creating certificate server user
  [2/28]: configuring certificate server instance
  [3/28]: stopping certificate server instance to update CS.cfg
  [4/28]: backing up CS.cfg
  [5/28]: disabling nonces
  [6/28]: set up CRL publishing
  [7/28]: enable PKIX certificate path discovery and validation
  [8/28]: starting certificate server instance
  [9/28]: creating RA agent certificate database
  [10/28]: importing CA chain to RA certificate database
  [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused
ipa.ipapython.install.cli.install_tool(Server): ERROR    Unable to retrieve CA chain: [Errno 111] Connection refused
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Still trying to figure out what that is. :-(

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1600634

Title:
  ipa-server-install: On non-x86, errors enabling compatibility plugin
  for dirsrv

Status in 389-ds-base package in Ubuntu:
  Triaged
Status in freeipa package in Ubuntu:
  New

Bug description:
  When executing ipa-server-install on a non-x86 architecture (here: ARMv7), the following error messages appear after having filled out the initial questionnaire:
  ...
  Configuring directory server (dirsrv). Estimated time: 1 minute
    [1/46]: creating directory server user
  ...
    [42/46]: enabling compatibility plugin
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Add failure Server is unwilling to perform: Invalid plugin path
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=users,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=groups,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ng,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=computers,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
    [43/46]: activating sidgen plugin
  ...

  The logfile written showed that the plugin path submitted is something like
  /usr/lib/i386-linux-gnu/...
  but should probably be
  /usr/lib/arm-linux-gnueabihf/...
  according to the file list of the freeipa-server package. This library path is introduced in ipaserver/install/ldapupdate.py, where it seems that only i386 and x86_64 seem to be expected.

  As far as I could see, the upstream version only differentiates
  between /lib and /lib64, but the Ubuntu source package contains a
  patch "hack-libarch.diff" that introduces more fine-grained
  architecture names.

  The following patch served me well, but takes into account only this
  very architecture.

  --- ipaserver/install/ldapupdate.py.orig        2016-07-10 20:43:30.630070890 +0200
  +++ ipaserver/install/ldapupdate.py     2016-07-10 20:56:54.772268927 +0200
  @@ -330,11 +330,16 @@
       def _identify_arch(self):
           """On multi-arch systems some libraries may be in /lib64, /usr/lib64,
              etc.  Determine if a suffix is needed based on the current
              architecture.
           """
  +
  +        arch = platform.machine()
  +        if arch == "armv7l":
  +            return "/arm-linux-gnueabihf"
  +
           bits = platform.architecture()[0]
   
           if bits == "64bit":
               return "/x86_64-linux-gnu"
           else:
               return "/i386-linux-gnu"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/389-ds-base/+bug/1600634/+subscriptions


References