Discussion:
freeipa-client on Debian Wheezy
(too old to reply)
Alexandre Ellert
2013-07-12 17:23:03 UTC
Permalink
Hi,

I'm currently trying to get a functional .deb package working on Debian Wheezy.
I have tried to recompile a package from Ubuntu Precise (https://launchpad.net/~freeipa/+archive/ppa) without success.

First error was about compiling ipa-join :
ipa-join.c: In function ‘callRPC’:
ipa-join.c:174:20: error: ‘struct xmlrpc_curl_xportparms’ has no member named ‘gssapi_delegation’
=> Fix : Add backport-gssapi-delegation.patch to package xmlrpc-c and then install resulting libxmlrpc-core-c3-dev.deb and libxmlrpc-core-c3.deb

Now, recompile again with new patched libxmlrpc-core-c3... compilation go further, but I'm stuck at the end of process of building .deb :
dh_install --list-missing
dh_install: usr/share/man/man1/ipa-client-automount.1.gz exists in debian/tmp but is not installed to anywhere
dh_install: usr/sbin/ipa-client-automount exists in debian/tmp but is not installed to anywhere
make[1]: quittant le répertoire « /root/freeipa-ppa/freeipa-3.2.0 »
dh_install
dh_installdocs
dh_installchangelogs
dh_installexamples
dh_installman
dh_installcatalogs
dh_installcron
dh_installdebconf
dh_installemacsen
dh_installifupdown
dh_installinfo
dh_python2
E: dh_python2:145: extension for python2.6 is missing. Build extensions for all supported Python versions (`pyversions -vr`) or adjust X-Python-Version field or pass --no-guessing-versions to dh_python2
make: *** [binary] Erreur 3
dpkg-buildpackage: erreur: debian/rules binary a produit une erreur de sortie de type 2

Any idea or me advice about how to backport freeipa-client to wheezy ?
Thanks a lot.

Alexandre
Rob Crittenden
2013-07-12 17:27:57 UTC
Permalink
Post by Alexandre Ellert
Hi,
I'm currently trying to get a functional .deb package working on Debian Wheezy.
I have tried to recompile a package from Ubuntu Precise
(https://launchpad.net/~freeipa/+archive/ppa) without success.
ipa-join.c:174:20: error: ‘struct xmlrpc_curl_xportparms’ has no member
named ‘gssapi_delegation’
=> Fix : Add backport-gssapi-delegation.patch to package xmlrpc-c and
then install resultinglibxmlrpc-core-c3-dev.deb and libxmlrpc-core-c3.deb
Now, recompile again with new patched libxmlrpc-core-c3... compilation
dh_install --list-missing
dh_install: usr/share/man/man1/ipa-client-automount.1.gz exists in
debian/tmp but is not installed to anywhere
dh_install: usr/sbin/ipa-client-automount exists in debian/tmp but is
not installed to anywhere
make[1]: quittant le répertoire « /root/freeipa-ppa/freeipa-3.2.0 »
dh_install
dh_installdocs
dh_installchangelogs
dh_installexamples
dh_installman
dh_installcatalogs
dh_installcron
dh_installdebconf
dh_installemacsen
dh_installifupdown
dh_installinfo
dh_python2
E: dh_python2:145: extension for python2.6 is missing. Build extensions
for all supported Python versions (`pyversions -vr`) or adjust
X-Python-Version field or pass --no-guessing-versions to dh_python2
make: *** [binary] Erreur 3
dpkg-buildpackage: erreur: debian/rules binary a produit une erreur de sortie de type 2
Any idea or me advice about how to backport freeipa-client to wheezy ?
Thanks a lot.
I don't know anything about deb packaging, but it looks like you just
need to add those two ipa-client-automount files to your packaging (in
rpm we'd put these into the %files section).

rob
Alexander Bokovoy
2013-07-12 17:36:10 UTC
Permalink
Post by Alexandre Ellert
Hi,
I'm currently trying to get a functional .deb package working on Debian Wheezy.
I have tried to recompile a package from Ubuntu Precise (https://launchpad.net/~freeipa/+archive/ppa) without success.
ipa-join.c:174:20: error: ‘struct xmlrpc_curl_xportparms’ has no member named ‘gssapi_delegation’
=> Fix : Add backport-gssapi-delegation.patch to package xmlrpc-c and then install resulting libxmlrpc-core-c3-dev.deb and libxmlrpc-core-c3.deb
dh_install --list-missing
dh_install: usr/share/man/man1/ipa-client-automount.1.gz exists in debian/tmp but is not installed to anywhere
dh_install: usr/sbin/ipa-client-automount exists in debian/tmp but is not installed to anywhere
make[1]: quittant le répertoire « /root/freeipa-ppa/freeipa-3.2.0 »
dh_install
dh_installdocs
dh_installchangelogs
dh_installexamples
dh_installman
dh_installcatalogs
dh_installcron
dh_installdebconf
dh_installemacsen
dh_installifupdown
dh_installinfo
dh_python2
E: dh_python2:145: extension for python2.6 is missing. Build extensions for all supported Python versions (`pyversions -vr`) or adjust X-Python-Version field or pass --no-guessing-versions to dh_python2
make: *** [binary] Erreur 3
dpkg-buildpackage: erreur: debian/rules binary a produit une erreur de sortie de type 2
Any idea or me advice about how to backport freeipa-client to wheezy ?
Perhaps, you can fix it in a manner similar to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628827
--
/ Alexander Bokovoy
Alexandre Ellert
2013-07-12 17:57:09 UTC
Permalink
This post might be inappropriate. Click to display it.
Petr Spacek
2013-07-15 06:37:11 UTC
Permalink
Post by Alexandre Ellert
Thanks for pointing that bug, compilation succeeded if adding "X-Python-Version: 2.7" to debian/control file.
Now, testing functionality...
I can give you some feedback if you want (i'm new here. Is there only RHEL/Fedora users on this mailing list ?)
This list is not Fedora/RHEL specific. We are glad to hear about ports to
another distributions, please continue! :-)
--
Petr^2 Spacek
Alexandre Ellert
2013-07-18 17:20:58 UTC
Permalink
I've made packages from Debian Wheezy (actually only amd64). The goal is ti have a full functional and compatible client with Centos/RHEL 6.4 freeipa server 3.0.0.
Actually join domain, ssh key upload, certificate enrollment and sudo integration works in my environment.

If you want to test, just add this to /etc/apt/sources.list :
deb http://apt.numeezy.fr wheezy main
deb-src http://apt.numeezy.fr wheezy main
and import my GPG key :
# wget -qO - http://apt.numeezy.fr/numeezy.asc | sudo apt-key add -
Then, install package named freeipa-client.
You can also download source using : apt-get source freeipa.

Feel free to contact me if you have any issue using this package.

PS : I've based my work on package done by Timo Aaltonen for Ubuntu. Thanks to him for his excellent work !

Alexandre
Post by Alexandre Ellert
Thanks for pointing that bug, compilation succeeded if adding "X-Python-Version: 2.7" to debian/control file.
Now, testing functionality...
I can give you some feedback if you want (i'm new here. Is there only RHEL/Fedora users on this mailing list ?)
This list is not Fedora/RHEL specific. We are glad to hear about ports to another distributions, please continue! :-)
--
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
James James
2014-09-27 07:21:27 UTC
Permalink
Hi Alexandre,
Thanks for your effort. I am facing some issues with the numeezy freeipa
debian client.
1 ) When I use ipa-client-install I can't specify the ca-cert path and I
have to import my CA cert in /etc/pki/nssdb

2 ) When I try to make ipa-client-automount, the rpc.idmapd, rpc.gssd
deamons can't be restarted :

rpcidmapd failed to restart: Command '/usr/sbin/service rpcidmapd restart '
returned non-zero exit status 1
Failed to configure automatic startup of the rpcidmapd daemon
Failed to enable automatic startup of the rpcidmapd daemon: Command
'/sbin/chkconfig rpcidmapd on' returned non-zero exit status 1
rpcgssd failed to restart: Command '/usr/sbin/service rpcgssd restart '
returned non-zero exit status 1
Failed to configure automatic startup of the rpcgssd daemon
Failed to enable automatic startup of the rpcgssd daemon: Command
'/sbin/chkconfig rpcgssd on' returned non-zero exit status 1


Can you help me ?

Best.
Post by Alexandre Ellert
I've made packages from Debian Wheezy (actually only amd64). The goal is
ti have a full functional and compatible client with Centos/RHEL 6.4
freeipa server 3.0.0.
Actually join domain, ssh key upload, certificate enrollment and sudo
integration works in my environment.
deb http://apt.numeezy.fr wheezy main
deb-src http://apt.numeezy.fr wheezy main
# wget -qO - http://apt.numeezy.fr/numeezy.asc | sudo apt-key add -
Then, install package named freeipa-client.
You can also download source using : apt-get source freeipa.
Feel free to contact me if you have any issue using this package.
PS : I've based my work on package done by Timo Aaltonen for Ubuntu.
Thanks to him for his excellent work !
Alexandre
Post by Petr Spacek
Post by Alexandre Ellert
Thanks for pointing that bug, compilation succeeded if adding
"X-Python-Version: 2.7" to debian/control file.
Post by Petr Spacek
Post by Alexandre Ellert
Now, testing functionality...
I can give you some feedback if you want (i'm new here. Is there only
RHEL/Fedora users on this mailing list ?)
Post by Petr Spacek
This list is not Fedora/RHEL specific. We are glad to hear about ports
to another distributions, please continue! :-)
Post by Petr Spacek
--
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
Arthur
2013-07-18 17:49:34 UTC
Permalink
В Fri, 12 Jul 2013 19:57:09 +0200
Post by Alexandre Ellert
Thanks for pointing that bug, compilation succeeded if adding
"X-Python-Version: 2.7" to debian/control file. Now, testing
functionality... I can give you some feedback if you want (i'm new
here. Is there only RHEL/Fedora users on this mailing list ?)
Post by Alexander Bokovoy
Post by Alexandre Ellert
Hi,
I'm currently trying to get a functional .deb package working on
Debian Wheezy. I have tried to recompile a package from Ubuntu
Precise (https://launchpad.net/~freeipa/+archive/ppa) without
success.
ipa-join.c:174:20: error: ‘struct xmlrpc_curl_xportparms’ has no
member named ‘gssapi_delegation’ => Fix : Add
backport-gssapi-delegation.patch to package xmlrpc-c and then
install resulting libxmlrpc-core-c3-dev.deb and
libxmlrpc-core-c3.deb
Now, recompile again with new patched libxmlrpc-core-c3...
compilation go further, but I'm stuck at the end of process of
usr/share/man/man1/ipa-client-automount.1.gz exists in debian/tmp
usr/sbin/ipa-client-automount exists in debian/tmp but is not
installed to anywhere make[1]: quittant le répertoire
« /root/freeipa-ppa/freeipa-3.2.0 » dh_install dh_installdocs
dh_installchangelogs dh_installexamples
dh_installman
dh_installcatalogs
dh_installcron
dh_installdebconf
dh_installemacsen
dh_installifupdown
dh_installinfo
dh_python2
E: dh_python2:145: extension for python2.6 is missing. Build
extensions for all supported Python versions (`pyversions -vr`) or
adjust X-Python-Version field or pass --no-guessing-versions to
debian/rules binary a produit une erreur de sortie de type 2
Any idea or me advice about how to backport freeipa-client to wheezy ?
Perhaps, you can fix it in a manner similar to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628827
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
That is great! I have to use some debian servers. It would be good to
add them to IPA-domain :)
Alexandre Ellert
2013-07-19 00:59:39 UTC
Permalink
Hi,

I have these 3 errors/warnings message when I join a Debian client to a RHEL 6.4 server (ipa-server-3.0.0-26.el6_4.4.x86_64):

=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
=> Failed to upload host SSH public keys.
This is strange because SSH key are correctly uploaded !

Here is the complete stack trace :
Server :
ipa host-add test1.numeezy.fr --platform="VMware, Inc." --os="Debian GNU/Linux 7.1 (wheezy)" --password= OTP_password

Client :
# ipa-client-install --server=inf-ipa.numeezy.fr --hostname=test1.numeezy.fr --domain=numeezy.fr --realm=NUMEEZY.FR --password=OTP_password --no-ntp --unattended
Hostname: test1.numeezy.fr
Realm: NUMEEZY.FR
DNS Domain: numeezy.fr
IPA Server: inf-ipa.numeezy.fr
BaseDN: dc=numeezy,dc=fr
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Enrolled in IPA realm NUMEEZY.FR
Created /etc/ipa/default.conf
Domain numeezy.fr is already configured in existing SSSD config, creating a new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm NUMEEZY.FR
trying https://inf-ipa.numeezy.fr/ipa/xml
certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://inf-ipa.numeezy.fr/ipa/xml'
host_mod: KerbTransport instance has no attribute '_conn'
Failed to upload host SSH public keys.

Please let me know if more information is needed and thanks in advance for your help.

Regards,

Alexandre
Post by Arthur
В Fri, 12 Jul 2013 19:57:09 +0200
Post by Alexandre Ellert
Thanks for pointing that bug, compilation succeeded if adding
"X-Python-Version: 2.7" to debian/control file. Now, testing
functionality... I can give you some feedback if you want (i'm new
here. Is there only RHEL/Fedora users on this mailing list ?)
Post by Alexander Bokovoy
Post by Alexandre Ellert
Hi,
I'm currently trying to get a functional .deb package working on
Debian Wheezy. I have tried to recompile a package from Ubuntu
Precise (https://launchpad.net/~freeipa/+archive/ppa) without
success.
ipa-join.c:174:20: error: ‘struct xmlrpc_curl_xportparms’ has no
member named ‘gssapi_delegation’ => Fix : Add
backport-gssapi-delegation.patch to package xmlrpc-c and then
install resulting libxmlrpc-core-c3-dev.deb and
libxmlrpc-core-c3.deb
Now, recompile again with new patched libxmlrpc-core-c3...
compilation go further, but I'm stuck at the end of process of
usr/share/man/man1/ipa-client-automount.1.gz exists in debian/tmp
usr/sbin/ipa-client-automount exists in debian/tmp but is not
installed to anywhere make[1]: quittant le répertoire
« /root/freeipa-ppa/freeipa-3.2.0 » dh_install dh_installdocs
dh_installchangelogs dh_installexamples
dh_installman
dh_installcatalogs
dh_installcron
dh_installdebconf
dh_installemacsen
dh_installifupdown
dh_installinfo
dh_python2
E: dh_python2:145: extension for python2.6 is missing. Build
extensions for all supported Python versions (`pyversions -vr`) or
adjust X-Python-Version field or pass --no-guessing-versions to
debian/rules binary a produit une erreur de sortie de type 2
Any idea or me advice about how to backport freeipa-client to wheezy ?
Perhaps, you can fix it in a manner similar to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628827
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
That is great! I have to use some debian servers. It would be good to
add them to IPA-domain :)
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
Martin Kosek
2013-07-19 08:20:25 UTC
Permalink
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
Post by Alexandre Ellert
=> Failed to upload host SSH public keys.
This is strange because SSH key are correctly uploaded !
...

HTH,
Martin
Alexandre Ellert
2013-07-19 13:28:01 UTC
Permalink
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
Unfortunately there is no more details in ipaclient-install.log, here is the relevant part :
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Post by Martin Kosek
Post by Alexandre Ellert
=> Failed to upload host SSH public keys.
This is strange because SSH key are correctly uploaded !
...
HTH,
Martin
Martin Kosek
2013-07-19 14:24:20 UTC
Permalink
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Are you sure the SSH keys aren't there from previous installation attempt or
similar? The _conn generally means there was some problem with the connection
to server in the xmlrpclib python library.

We need to find out what and why triggers it, a change in ipa-client-install
script like below may shed more light on what is the source of the error:


diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index 280edd7..f82b9f6 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1450,6 +1450,8 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
pass
except StandardError, e:
root_logger.info("host_mod: %s", str(e))
+ import traceback
+ traceback.print_exc()
root_logger.warning("Failed to upload host SSH public keys.")
return


Martin
Alexandre Ellert
2013-07-19 14:30:24 UTC
Permalink
Post by Martin Kosek
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Are you sure the SSH keys aren't there from previous installation attempt or
similar? The _conn generally means there was some problem with the connection
to server in the xmlrpclib python library.
I can confirm you that SSH key upload is successful. I've done tests with a fresh install of Debian.
To be sure, I will create a new VM and try an ipa-client-install with modifications you give me.
Post by Martin Kosek
We need to find out what and why triggers it, a change in ipa-client-install
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index 280edd7..f82b9f6 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
pass
root_logger.info("host_mod: %s", str(e))
+ import traceback
+ traceback.print_exc()
root_logger.warning("Failed to upload host SSH public keys.")
return
Martin
Thanks
Alexandre
Alexandre Ellert
2013-07-19 15:03:21 UTC
Permalink
Here is the traceback :
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://inf-ipa.numeezy.fr/ipa/xml'
host_mod: KerbTransport instance has no attribute '_conn'
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1234, in update_ssh_keys
updatedns=False
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 435, in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 748, in run
return self.forward(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 769, in forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 748, in forward
response = command(*xml_wrap(params))
File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request
verbose=self.__verbose
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 490, in request
self.close()
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 457, in close
self._conn.close()
AttributeError: KerbTransport instance has no attribute '_conn'
Failed to upload host SSH public keys.

-> Key are correctly uploaded on the new VM.
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Are you sure the SSH keys aren't there from previous installation attempt or
similar? The _conn generally means there was some problem with the connection
to server in the xmlrpclib python library.
I can confirm you that SSH key upload is successful. I've done tests with a fresh install of Debian.
To be sure, I will create a new VM and try an ipa-client-install with modifications you give me.
Post by Martin Kosek
We need to find out what and why triggers it, a change in ipa-client-install
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index 280edd7..f82b9f6 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
pass
root_logger.info("host_mod: %s", str(e))
+ import traceback
+ traceback.print_exc()
root_logger.warning("Failed to upload host SSH public keys.")
return
Martin
Thanks
Alexandre
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
Martin Kosek
2013-07-19 15:08:22 UTC
Permalink
Thanks, this should help. Maybe the IPA just tries to close the connection
twice _after_ keys were uploaded to the server.

Anyway, what version of IPA software is the Debian package based on? I cannot
find line "self._conn.close()" in ipalib/rpc.py in any of our active branches.

Martin
Post by Alexandre Ellert
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://inf-ipa.numeezy.fr/ipa/xml'
host_mod: KerbTransport instance has no attribute '_conn'
File "/usr/sbin/ipa-client-install", line 1234, in update_ssh_keys
updatedns=False
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 435, in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 748, in run
return self.forward(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 769, in forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 748, in forward
response = command(*xml_wrap(params))
File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request
verbose=self.__verbose
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 490, in request
self.close()
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 457, in close
self._conn.close()
AttributeError: KerbTransport instance has no attribute '_conn'
Failed to upload host SSH public keys.
-> Key are correctly uploaded on the new VM.
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Are you sure the SSH keys aren't there from previous installation attempt or
similar? The _conn generally means there was some problem with the connection
to server in the xmlrpclib python library.
I can confirm you that SSH key upload is successful. I've done tests with a fresh install of Debian.
To be sure, I will create a new VM and try an ipa-client-install with modifications you give me.
Post by Martin Kosek
We need to find out what and why triggers it, a change in ipa-client-install
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index 280edd7..f82b9f6 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
pass
root_logger.info("host_mod: %s", str(e))
+ import traceback
+ traceback.print_exc()
root_logger.warning("Failed to upload host SSH public keys.")
return
Martin
Thanks
Alexandre
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
Alexandre Ellert
2013-07-19 15:53:00 UTC
Permalink
It's based on 3.0.2 with 1011-xmlrpc_response.patch (found in ipa-3.0.0-26.el6_4.4.src.rpm) and self._conn.close() is added by this patch.
I included it because it correct this problem :
unable to parse cookie header 'ipa_session=83701130bf434d20cf8c5a3fe2a0ac56; Domain=inf-ipa.numeezy.fr; Path=/ipa; Expires=Fri, 19 Jul 2013 16:08:31 GMT; Secure; HttpOnly': unable to parse expires datetime 'Fri, 19 Jul 2013 16:08:31'
Post by Martin Kosek
Thanks, this should help. Maybe the IPA just tries to close the connection
twice _after_ keys were uploaded to the server.
Anyway, what version of IPA software is the Debian package based on? I cannot
find line "self._conn.close()" in ipalib/rpc.py in any of our active branches.
Martin
Post by Alexandre Ellert
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://inf-ipa.numeezy.fr/ipa/xml'
host_mod: KerbTransport instance has no attribute '_conn'
File "/usr/sbin/ipa-client-install", line 1234, in update_ssh_keys
updatedns=False
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 435, in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 748, in run
return self.forward(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 769, in forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 748, in forward
response = command(*xml_wrap(params))
File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request
verbose=self.__verbose
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 490, in request
self.close()
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 457, in close
self._conn.close()
AttributeError: KerbTransport instance has no attribute '_conn'
Failed to upload host SSH public keys.
-> Key are correctly uploaded on the new VM.
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Are you sure the SSH keys aren't there from previous installation attempt or
similar? The _conn generally means there was some problem with the connection
to server in the xmlrpclib python library.
I can confirm you that SSH key upload is successful. I've done tests with a fresh install of Debian.
To be sure, I will create a new VM and try an ipa-client-install with modifications you give me.
Post by Martin Kosek
We need to find out what and why triggers it, a change in ipa-client-install
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index 280edd7..f82b9f6 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
pass
root_logger.info("host_mod: %s", str(e))
+ import traceback
+ traceback.print_exc()
root_logger.warning("Failed to upload host SSH public keys.")
return
Martin
Thanks
Alexandre
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
Alexandre Ellert
2013-07-19 16:07:30 UTC
Permalink
Sorry, mistake from me.
I remove all patch from RHEL and just keep 0053-Cookie-Expires-date-should-be-locale-insensitive.patch.
Everything seems fine now.
I'm going to test.

Thanks for you help
Post by Alexandre Ellert
It's based on 3.0.2 with 1011-xmlrpc_response.patch (found in ipa-3.0.0-26.el6_4.4.src.rpm) and self._conn.close() is added by this patch.
unable to parse cookie header 'ipa_session=83701130bf434d20cf8c5a3fe2a0ac56; Domain=inf-ipa.numeezy.fr; Path=/ipa; Expires=Fri, 19 Jul 2013 16:08:31 GMT; Secure; HttpOnly': unable to parse expires datetime 'Fri, 19 Jul 2013 16:08:31'
Post by Martin Kosek
Thanks, this should help. Maybe the IPA just tries to close the connection
twice _after_ keys were uploaded to the server.
Anyway, what version of IPA software is the Debian package based on? I cannot
find line "self._conn.close()" in ipalib/rpc.py in any of our active branches.
Martin
Post by Alexandre Ellert
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://inf-ipa.numeezy.fr/ipa/xml'
host_mod: KerbTransport instance has no attribute '_conn'
File "/usr/sbin/ipa-client-install", line 1234, in update_ssh_keys
updatedns=False
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 435, in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 748, in run
return self.forward(*args, **options)
File "/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 769, in forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 748, in forward
response = command(*xml_wrap(params))
File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request
verbose=self.__verbose
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 490, in request
self.close()
File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 457, in close
self._conn.close()
AttributeError: KerbTransport instance has no attribute '_conn'
Failed to upload host SSH public keys.
-> Key are correctly uploaded on the new VM.
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Post by Martin Kosek
Post by Alexandre Ellert
Hi,
=> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
There is no such file even on RHEL 6. What is this file ?
This was added in IPA 3.0.1 to fix a systemd hang so it does not exist in
RHEL-6.4 which contains IPA 3.0. The deb package should just make sure the
/var/run/ipa/ directory is there (or update debian platform file to override
PlatformService class in ipapython/platform/base/__init__.py).
I managed to fix that and will update soon my repo with a new package version. Thanks for the information.
Post by Martin Kosek
Post by Alexandre Ellert
=> host_mod: KerbTransport instance has no attribute '_conn'
What does that mean ?
This means that there was some issue with XMLRPC call to IPA server (the error
message is indeed unfortunate) - does ipaclient-install.log contain more details?
2013-07-19T13:06:26Z INFO host_mod: KerbTransport instance has no attribute '_conn'
2013-07-19T13:06:26Z WARNING Failed to upload host SSH public keys.
Is there any way to get more debug log ?
In my opinion, warning about ssh keys should not trigger here, because I can see them on my IPA server.
Are you sure the SSH keys aren't there from previous installation attempt or
similar? The _conn generally means there was some problem with the connection
to server in the xmlrpclib python library.
I can confirm you that SSH key upload is successful. I've done tests with a fresh install of Debian.
To be sure, I will create a new VM and try an ipa-client-install with modifications you give me.
Post by Martin Kosek
We need to find out what and why triggers it, a change in ipa-client-install
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index 280edd7..f82b9f6 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
pass
root_logger.info("host_mod: %s", str(e))
+ import traceback
+ traceback.print_exc()
root_logger.warning("Failed to upload host SSH public keys.")
return
Martin
Thanks
Alexandre
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users
Continue reading on narkive:
Loading...