freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00965
[Bug 1853863] Re: freeipa replica crashes near end of basic install
I appreciate your efforts. The thing is folks who use freeipa put it in
the same 'has-got-to-work' 'no-regressions' category as the kernel.
While it might lack a feature or need work in this or that area, it just
can't 'not install' or have some major user-facing thing like the
'here's how you change your password' UI just not work after an
'upgrade'. There are so many moving parts and subsystems in freeipa I
can't imagine how one person could possibly take on keeping up with it.
FYI, I put a 30 second sleep just before the query that failed, and it
failed the same way so I don't think it was a race issue.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1853863
Title:
freeipa replica crashes near end of basic install
Status in freeipa package in Ubuntu:
New
Bug description:
Just trying to see if freeipa works on Ubuntu, I installed freeipa-
server on one system, then tried to install the freeipa-replica on
another. The two system setup works just fine on Fedora, but I need
to standardize on one distro so I'm evaluating Ubuntu hoping that
Canonical doesn't push out patches without at least testing whether
basic installs will or won't work. After installing the server, I
found that the GUI was unusable because the font necessary to show
such things as 'next' and 'back' and so on misconfigured. Pretty big
'bug' to miss. So I put in the time to figure out a work around and
report a bug. OK. Now I go to do the basic installation of a
replica. It gets near to the end of the install, then crashes with
something as basic as https auth access. My hunch is some difference
to do with mod_nss and mod_ssl in apache2, but that's just a guess.
The debug log follows. But two 'crashes on install attempt' bugs on a
major package meant to operate at the core of a large-user-count
installation? How can this be trusted going forward? Is my
understanding of 'release' about Ubuntu wrong, are my expectations
what's wrong here?
Here's the debug log. I trimmed most of the lead which was entirely
normal, no bug reports. I pick it up near the end, the whole
traceback is at the very end.
2019-11-25T05:06:29Z DEBUG [4/4]: configuring ipa-custodia to start on boot
2019-11-25T05:06:29Z DEBUG Starting external process
2019-11-25T05:06:29Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service']
2019-11-25T05:06:29Z DEBUG Process finished, return code=1
2019-11-25T05:06:29Z DEBUG stdout=disabled
2019-11-25T05:06:29Z DEBUG stderr=
2019-11-25T05:06:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-25T05:06:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-11-25T05:06:29Z DEBUG Starting external process
2019-11-25T05:06:29Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service']
2019-11-25T05:06:32Z DEBUG Process finished, return code=0
2019-11-25T05:06:33Z DEBUG stdout=
2019-11-25T05:06:33Z DEBUG stderr=
2019-11-25T05:06:33Z DEBUG step duration: ipa-custodia __enable 3.54 sec
2019-11-25T05:06:33Z DEBUG Done configuring ipa-custodia.
2019-11-25T05:06:33Z DEBUG service duration: ipa-custodia 9.01 sec
2019-11-25T05:06:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-11-25T05:06:33Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-11-25T05:06:33Z DEBUG Waiting up to 300 seconds to see our keys appear on host ldap://registry1.1.quietfountain.com
2019-11-25T05:06:34Z DEBUG Starting external process
2019-11-25T05:06:34Z DEBUG args=['/usr/bin/certutil', '-d', '/tmp/tmpjou8ki45', '-N', '-f', '/tmp/tmpjou8ki45/pwdfile.txt', '-@', '/tmp/tmpjou8ki45/pwdfile.txt']
2019-11-25T05:06:36Z DEBUG Process finished, return code=0
2019-11-25T05:06:36Z DEBUG stdout=
2019-11-25T05:06:36Z DEBUG stderr=
2019-11-25T05:06:36Z DEBUG Starting external process
2019-11-25T05:06:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-11-25T05:06:36Z DEBUG Process finished, return code=1
2019-11-25T05:06:36Z DEBUG stdout=
2019-11-25T05:06:36Z DEBUG stderr=
2019-11-25T05:06:36Z DEBUG Starting external process
2019-11-25T05:06:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-11-25T05:06:36Z DEBUG Process finished, return code=1
2019-11-25T05:06:36Z DEBUG stdout=
2019-11-25T05:06:36Z DEBUG stderr=
2019-11-25T05:06:36Z DEBUG Starting external process
2019-11-25T05:06:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-11-25T05:06:36Z DEBUG Process finished, return code=1
2019-11-25T05:06:36Z DEBUG stdout=
2019-11-25T05:06:36Z DEBUG stderr=
2019-11-25T05:06:36Z DEBUG Starting external process
2019-11-25T05:06:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-11-25T05:06:36Z DEBUG Process finished, return code=1
2019-11-25T05:06:36Z DEBUG stdout=
2019-11-25T05:06:36Z DEBUG stderr=
2019-11-25T05:06:36Z DEBUG Starting external process
2019-11-25T05:06:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-11-25T05:06:36Z DEBUG Process finished, return code=1
2019-11-25T05:06:36Z DEBUG stdout=
2019-11-25T05:06:36Z DEBUG stderr=
2019-11-25T05:06:37Z DEBUG Starting new HTTPS connection (1): registry1.1.quietfountain.com:443
2019-11-25T05:06:38Z DEBUG https://registry1.1.quietfountain.com:443 "GET /ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.vVfnmgMupDM_t2QzYxhIoRZa-ElXWmt3-5OXMc99vYqwk20cIRKkQeZsUWRfdcNlF5hg0P45Q_4JnPlP5Yn7DIezA0Z-KblB9Pjgy8kGd-clCKIjeP7orXQ8sb4G9OycL76oy2k8pYMpMNwxUnyvhMYIlIR4CtVnhs7qFtXja0ndM8XSYMmZT1eKubIfjCh8lgJjDcI7Kqd-KcWyr7UqCvsFaRa5Otn545B3_lf1LN--ifL21Dqwr2uWUO9q7Tzv3Qc520xRQ68ZIDbiaAtpNN5Qdd8VeEhTiFfMn5qLKxqTnsf2BXRbTTvgSbOX4ycMxY-u_8aaxxjAQDb3WjeLZw.pb1fXA_HXjbL2R6xLlZV8A.n_iumseHFHeuUDFMz95U6uZ9YGHalYfWjsB0sfWCG_0blak4wuL88Cfr-CDf0Dtd_JyMhm-DkiLG3O541MZmnvznRdyTLiTwlneFrK1sNO_f-jlK6hiSgUTWVoBSkJiLCdnfxg6GOboOw5kGnWyxIctN1K__RDHd2UL9hjXJSA-D1DDf0QPg4z0PASWc-gP3uutBGL3vzP6UVMQBWlEvcMZGZ9mexO9PowWpfEVPkoXR5jM13Toyw5p0bp7DhejiIsWp8b6FuMJHytoknv6QqjFCkd8l7rDnaOz-Wjefr55DTyTb9UoSd40QekvavcGZsL9iq47zf7xjN07KRdkcIAkQIriHsMk8K7GhxKu6IWvbIzvTEXcFrzez2t1p2ua2XesRwWaTxKdH73zXLPgnmrHmUntcRCgLh4X_IcwXkrC2f7Rc3HV-kadDC46TrIyT4cT3mR1DtFOTGaT4MUBB39A8JxkMhJ2YsJL424pfZLYTJ5kfqGBLzaNtMeumNDuzGqhv9FBXf6_vLKvOwFu_1fijnsTgqoiJla6V1noVlv6uY-wOb1uwJ23UE9KIjHK_WXUfNv6P1PPTYeBVPijSzk6hLyWd_DVptm8DaxLVvVnrkvas4FzMAg8RB8xhq1WPOO3-DHlHTgfqTWE34Zy8uFHBPrSzoc9V5sbc3_lQwyiJaAEFCHvq5rwCQZUKq4Y4.DJQjkneZsFbJFWScoh11KW_15bvk8Ph_MNDFsujqoBE HTTP/1.1" 404 447
2019-11-25T05:06:38Z DEBUG File "/usr/lib/python3/dist-packages/ipapython/admintool.py", line 179, in execute
return_value = self.run()
File "/usr/lib/python3/dist-packages/ipapython/install/cli.py", line 340, in run
return cfgr.run()
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 360, in run
return self.execute()
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 655, in _configure
next(executor)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3/dist-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3/dist-packages/ipaserver/install/server/__init__.py", line 590, in main
replica_install(self)
File "/usr/lib/python3/dist-packages/ipaserver/install/server/replicainstall.py", line 402, in decorated
func(installer)
File "/usr/lib/python3/dist-packages/ipaserver/install/server/replicainstall.py", line 1281, in install
ca.install(False, config, options, custodia=custodia)
File "/usr/lib/python3/dist-packages/ipaserver/install/ca.py", line 270, in install
install_step_0(standalone, replica_config, options, custodia=custodia)
File "/usr/lib/python3/dist-packages/ipaserver/install/ca.py", line 308, in install_step_0
replica_config.dirman_password)
File "/usr/lib/python3/dist-packages/ipaserver/install/custodiainstance.py", line 305, in get_ca_keys
self._get_keys(cacerts_file, cacerts_pwd, data)
File "/usr/lib/python3/dist-packages/ipaserver/install/custodiainstance.py", line 271, in _get_keys
value = cli.fetch_key(os.path.join(prefix, nickname), False)
File "/usr/lib/python3/dist-packages/ipaserver/secrets/client.py", line 120, in fetch_key
r.raise_for_status()
File "/usr/lib/python3/dist-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
2019-11-25T05:06:38Z DEBUG The ipa-replica-install command failed, exception: HTTPError: 404 Client Error: Not Found for url: https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.vVfnmgMupDM_t2QzYxhIoRZa-ElXWmt3-5OXMc99vYqwk20cIRKkQeZsUWRfdcNlF5hg0P45Q_4JnPlP5Yn7DIezA0Z-KblB9Pjgy8kGd-clCKIjeP7orXQ8sb4G9OycL76oy2k8pYMpMNwxUnyvhMYIlIR4CtVnhs7qFtXja0ndM8XSYMmZT1eKubIfjCh8lgJjDcI7Kqd-KcWyr7UqCvsFaRa5Otn545B3_lf1LN--ifL21Dqwr2uWUO9q7Tzv3Qc520xRQ68ZIDbiaAtpNN5Qdd8VeEhTiFfMn5qLKxqTnsf2BXRbTTvgSbOX4ycMxY-u_8aaxxjAQDb3WjeLZw.pb1fXA_HXjbL2R6xLlZV8A.n_iumseHFHeuUDFMz95U6uZ9YGHalYfWjsB0sfWCG_0blak4wuL88Cfr-CDf0Dtd_JyMhm-DkiLG3O541MZmnvznRdyTLiTwlneFrK1sNO_f-jlK6hiSgUTWVoBSkJiLCdnfxg6GOboOw5kGnWyxIctN1K__RDHd2UL9hjXJSA-D1DDf0QPg4z0PASWc-gP3uutBGL3vzP6UVMQBWlEvcMZGZ9mexO9PowWpfEVPkoXR5jM13Toyw5p0bp7DhejiIsWp8b6FuMJHytoknv6QqjFCkd8l7rDnaOz-Wjefr55DTyTb9UoSd40QekvavcGZsL9iq47zf7xjN07KRdkcIAkQIriHsMk8K7GhxKu6IWvbIzvTEXcFrzez2t1p2ua2XesRwWaTxKdH73zXLPgnmrHmUntcRCgLh4X_IcwXkrC2f7Rc3HV-kadDC46TrIyT4cT3mR1DtFOTGaT4MUBB39A8JxkMhJ2YsJL424pfZLYTJ5kfqGBLzaNtMeumNDuzGqhv9FBXf6_vLKvOwFu_1fijnsTgqoiJla6V1noVlv6uY-wOb1uwJ23UE9KIjHK_WXUfNv6P1PPTYeBVPijSzk6hLyWd_DVptm8DaxLVvVnrkvas4FzMAg8RB8xhq1WPOO3-DHlHTgfqTWE34Zy8uFHBPrSzoc9V5sbc3_lQwyiJaAEFCHvq5rwCQZUKq4Y4.DJQjkneZsFbJFWScoh11KW_15bvk8Ph_MNDFsujqoBE
2019-11-25T05:06:38Z ERROR 404 Client Error: Not Found for url: https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.vVfnmgMupDM_t2QzYxhIoRZa-ElXWmt3-5OXMc99vYqwk20cIRKkQeZsUWRfdcNlF5hg0P45Q_4JnPlP5Yn7DIezA0Z-KblB9Pjgy8kGd-clCKIjeP7orXQ8sb4G9OycL76oy2k8pYMpMNwxUnyvhMYIlIR4CtVnhs7qFtXja0ndM8XSYMmZT1eKubIfjCh8lgJjDcI7Kqd-KcWyr7UqCvsFaRa5Otn545B3_lf1LN--ifL21Dqwr2uWUO9q7Tzv3Qc520xRQ68ZIDbiaAtpNN5Qdd8VeEhTiFfMn5qLKxqTnsf2BXRbTTvgSbOX4ycMxY-u_8aaxxjAQDb3WjeLZw.pb1fXA_HXjbL2R6xLlZV8A.n_iumseHFHeuUDFMz95U6uZ9YGHalYfWjsB0sfWCG_0blak4wuL88Cfr-CDf0Dtd_JyMhm-DkiLG3O541MZmnvznRdyTLiTwlneFrK1sNO_f-jlK6hiSgUTWVoBSkJiLCdnfxg6GOboOw5kGnWyxIctN1K__RDHd2UL9hjXJSA-D1DDf0QPg4z0PASWc-gP3uutBGL3vzP6UVMQBWlEvcMZGZ9mexO9PowWpfEVPkoXR5jM13Toyw5p0bp7DhejiIsWp8b6FuMJHytoknv6QqjFCkd8l7rDnaOz-Wjefr55DTyTb9UoSd40QekvavcGZsL9iq47zf7xjN07KRdkcIAkQIriHsMk8K7GhxKu6IWvbIzvTEXcFrzez2t1p2ua2XesRwWaTxKdH73zXLPgnmrHmUntcRCgLh4X_IcwXkrC2f7Rc3HV-kadDC46TrIyT4cT3mR1DtFOTGaT4MUBB39A8JxkMhJ2YsJL424pfZLYTJ5kfqGBLzaNtMeumNDuzGqhv9FBXf6_vLKvOwFu_1fijnsTgqoiJla6V1noVlv6uY-wOb1uwJ23UE9KIjHK_WXUfNv6P1PPTYeBVPijSzk6hLyWd_DVptm8DaxLVvVnrkvas4FzMAg8RB8xhq1WPOO3-DHlHTgfqTWE34Zy8uFHBPrSzoc9V5sbc3_lQwyiJaAEFCHvq5rwCQZUKq4Y4.DJQjkneZsFbJFWScoh11KW_15bvk8Ph_MNDFsujqoBE
2019-11-25T05:06:38Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: freeipa-server 4.8.1-2ubuntu1 [modified: usr/share/ipa/html/ca.crt usr/share/ipa/html/krb.con usr/share/ipa/html/krb5.ini usr/share/ipa/html/krbrealm.con]
ProcVersionSignature: Ubuntu 5.3.0-23.25-generic 5.3.7
Uname: Linux 5.3.0-23-generic x86_64
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: amd64
Date: Mon Nov 25 09:03:43 2019
InstallationDate: Installed on 2019-11-01 (23 days ago)
InstallationMedia: Ubuntu-MATE 19.10 "Eoan Ermine" - Release amd64 (20191017)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: freeipa
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions
References