Hi all,
See
https://www.freeipa.org/page/ARM
As mentioned earlier: I applied these settings but it wasn't enough. The
startup_timeout was set at a huge 1200 but somewhere during a restart, it will complain:
........... server did not start after 60s\npkispawn : ERROR ....... server failed to
restart\n')
It's complaining about 60 seconds, not 1200 so I guess there's sme other value to
set, somewhere....
Winfried
-----Oorspronkelijk bericht-----
Van: Rob Crittenden via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Antwoord-naar: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Aan: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Winfried de Heiden <wdh(a)dds.nl>, Fraser Tweedale <ftweedal(a)redhat.com>,
Rob Crittenden <rcritten(a)redhat.com>
Onderwerp: [Freeipa-users] Re: Replica install on RPI3
Datum: Mon, 5 Nov 2018 11:25:21 -0500
Winfried de Heiden via FreeIPA-users wrote:
Hi all,
Believe me, after modifying "startup_timeout"
in/usr/lib/python3.7/site-packages/ipalib/constants.py and/etc/ipa/default.conf is does
run on a Pi as a Master but obviously thisis not enough fiir the Replica.
See
https://www.freeipa.org/page/ARM
I did not add this post to discuss whether it is usefull to run on a P,I try to find out
which install parameter (I guess) to modify in whichfile. I had FreeIPA running Master
running for months on a Pi. It ranstable :)
There are multiple reports of it (and related hardware like the bananapi) running fine.
How much of a good idea it is is up for debate ;-)
TBH I'm glad you're creating a replica with a CA so you don't have asingle
point-of-failure.
rob
Winfried
Fraser Tweedale via FreeIPA-users schreef op 05-11-2018 0:37:
Dogtag CA is a massive enterprise Java program. Can't do much aboutit. Run a CA-less
deployment, or run a CA-ful deployment withRaspberryPi replicas having no CA, and CA
replicas running onmachines with more memory and more grunt.
Cheers,Fraser
On Sun, Nov 04, 2018 at 04:04:27PM +0100, Winfried de Heiden viaFreeIPA-users wrote:
Hi all,can't tell it's the only issue. Installing the replica without CAworks
well. The error happens during a restart during installationwich take too much time.
Don't know what will go wrong after fixingthis issue....WinfriedJohn Keates via
FreeIPA-users schreef op za 03-11-2018 om 16:41 [+0100]:
Ah, so the install went fine but the CA startup is the onlyremaining issue?
John
On 3 Nov 2018, at 16:39, Winfried de Heiden via
FreeIPA-users<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi all,Yes, the Pi is too slow but funny enough it can work perfectly.The DogTag CA server
just takes a painfull time to start. I had a Pirunning as just a master for months quite
well, but start Dogtag tooka very long time, but afterwards it all ran well in a
smallenvironment (@home...)
As mentioned, just for the sake of trying and Pi are so cheap, I'm trying to setup a
Pi Replica but default setup timeout settingsneed a modification...
Winfried
John Keates schreef op za 03-11-2018 om 16:26 [+0100]:
My suggestion would be: don’t run it on a Pi, it’s not fastenough. But you came to that
conclusion already, so I guess the nextissue would be: where does it fail?I’m assuming the
rpm install worksout but ipa-server-install doesn’t? Or does that work but does
thestarting of all the components time out?
If it’s just the installation that’s failing, you can getaround that by running the
install in an emulated ARM machine first,and then copying the filesystem over to the Pi.
John
On 3 Nov 2018, at 15:53, Winfried de Heiden via
FreeIPA-users<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi all,Just because we can and a Rapsberry Pi 3 is cheap, I'm tryingto install a
FreeIPA replica on Fedora 29 ARM. It looks like theRaspberry is a bit too slow for default
installation settings:
018-11-03T12:27:12Z DEBUG stderr=WARNING: Password wasgarbage collected before it was
cleared.password file contains nodatapkispawn : ERROR ........... server did not
start after60spkispawn : ERROR ....... server failed to restart
2018-11-03T12:27:12Z CRITICAL Failed to configure CAinstance: CalledProcessError(Command
['/usr/sbin/pkispawn', '-s','CA', '-f',
'/tmp/tmpv2y32e9l'] returned non-zero exit status 1:'WARNING: Password was
garbage collected before it wascleared.\npassword file contains no data\npkispawn :
ERROR ........... server did not start after 60s\npkispawn : ERROR ....... server
failed to restart\n')2018-11-03T12:27:12Z CRITICAL Seethe installation logs and the
following files/directories for moreinformation:2018-11-03T12:27:12Z CRITICAL
/var/log/pki/pki-tomcat2018-11-03T12:27:12Z DEBUG Traceback (mostrecent call last):
File"/usr/lib/python3.7/site-packages/ipaserver/install/dogtaginstance.py",line
164, in spawn_instance ipautil.run(args, nolog=nolog_list) File
"/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line573, in run
p.returncode, arg_string, output_log, error_logipapython.ipautil.CalledProcessError:
CalledProcessError(Command['/usr/sbin/pkispawn', '-s', 'CA',
'-f', '/tmp/tmpv2y32e9l'] returnednon-zero exit status 1: 'WARNING:
Password was garbage collected beforeit was cleared.\npassword file contains no
data\npkispawn : ERROR ........... server did not start after 60s\npkispawn :
ERROR ....... server failed to restart\n')
I did change the "startup_timeout"
in/usr/lib/python3.7/site-packages/ipalib/constants.py and/etc/ipa/default.conf but it
doens't seem to be enough.
Any sugestion?Winfried_______________________________________________FreeIPA-users mailing
list --freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email tofreeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of
Conduct:https://getfedora.org/code-of-conduct.html
List
Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
_______________________________________________FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribe send an email
tofreeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.htmlList
Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
_______________________________________________FreeIPA-usersmailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribesend an email to
freeipa-users-leave(a)lists.fedorahosted.orgFedoraCode of Conduct:
https://getfedora.org/code-of-conduct.htmlListGuidelines:https://fedorapr...
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
_______________________________________________FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribe send an email
tofreeipa-users-leave(a)lists.fedorahosted.orgFedora Code of Conduct:
https://getfedora.org/code-of-conduct.htmlList Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelinesList
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
_______________________________________________FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribe send an email
tofreeipa-users-leave(a)lists.fedorahosted.orgFedora Code of Conduct:
https://getfedora.org/code-of-conduct.htmlList Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelinesList
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
_______________________________________________FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.orgFedora Code of Conduct:
https://getfedora.org/code-of-conduct.htmlList Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelinesList
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
_______________________________________________FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.orgFedora Code of Conduct:
https://getfedora.org/code-of-conduct.htmlList Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelinesList Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...