← Back to team overview

freeipa team mailing list archive

[Bug 1600634] Re: ipa-server-install: On non-x86, errors enabling compatibility plugin for dirsrv

 

More errors.

I quit trying to install IPA on the RPi, and I went back to a KVM based
VM, with a downloaded Xenial cloud image. So now I get past importing CA
chain but then this:

  [10/28]: importing CA chain to RA certificate database
  [11/28]: fixing RA database permissions
  [12/28]: setting up signing cert profile
  [13/28]: setting audit signing renewal to 2 years
  [14/28]: restarting certificate server
  [15/28]: requesting RA certificate from CA
  [16/28]: issuing RA agent certificate
  [error] CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-pdYh6Y -r /ca/agent/ca/profileReview?requestId=7 mizar.aaaaaaaa.bbb:8443' returned non-zero exit status 6
ipa.ipapython.install.cli.install_tool(Server): ERROR    Command '/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-pdYh6Y -r /ca/agent/ca/profileReview?requestId=7 mizar.aaaaaaaa.bbb:8443' returned non-zero exit status 6

A month ago I was going through this twice a day without any problems.

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1600634

Title:
  ipa-server-install: On non-x86, errors enabling compatibility plugin
  for dirsrv

Status in 389-ds-base package in Ubuntu:
  Triaged
Status in freeipa package in Ubuntu:
  New

Bug description:
  When executing ipa-server-install on a non-x86 architecture (here: ARMv7), the following error messages appear after having filled out the initial questionnaire:
  ...
  Configuring directory server (dirsrv). Estimated time: 1 minute
    [1/46]: creating directory server user
  ...
    [42/46]: enabling compatibility plugin
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Add failure Server is unwilling to perform: Invalid plugin path
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=users,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=groups,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=ng,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
  ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR    Parent DN of cn=computers,cn=Schema Compatibility,cn=plugins,cn=config may not exist, cannot create the entry
    [43/46]: activating sidgen plugin
  ...

  The logfile written showed that the plugin path submitted is something like
  /usr/lib/i386-linux-gnu/...
  but should probably be
  /usr/lib/arm-linux-gnueabihf/...
  according to the file list of the freeipa-server package. This library path is introduced in ipaserver/install/ldapupdate.py, where it seems that only i386 and x86_64 seem to be expected.

  As far as I could see, the upstream version only differentiates
  between /lib and /lib64, but the Ubuntu source package contains a
  patch "hack-libarch.diff" that introduces more fine-grained
  architecture names.

  The following patch served me well, but takes into account only this
  very architecture.

  --- ipaserver/install/ldapupdate.py.orig        2016-07-10 20:43:30.630070890 +0200
  +++ ipaserver/install/ldapupdate.py     2016-07-10 20:56:54.772268927 +0200
  @@ -330,11 +330,16 @@
       def _identify_arch(self):
           """On multi-arch systems some libraries may be in /lib64, /usr/lib64,
              etc.  Determine if a suffix is needed based on the current
              architecture.
           """
  +
  +        arch = platform.machine()
  +        if arch == "armv7l":
  +            return "/arm-linux-gnueabihf"
  +
           bits = platform.architecture()[0]
   
           if bits == "64bit":
               return "/x86_64-linux-gnu"
           else:
               return "/i386-linux-gnu"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/389-ds-base/+bug/1600634/+subscriptions


References