search

389ds / 389-ds-base

The enterprise-class Open Source LDAP server for Linux
https://www.port389.org/
Other
211 stars 91 forks source link

No enough space left on device (/dev/shm #5949

Open leonidas-o opened 1 year ago

leonidas-o commented 1 year ago

Issue Description A deployment of freeipa-server:rocky-9-4.10.1 fails. There is not enough space in /dev/shm.

Sep 06 09:11:40 freeipa1.mydomain.com ns-slapd[306]: [06/Sep/2023:09:11:40.345235965 +0000] - ERR - bdb_no_diskspace - No enough space left on device (/dev/shm/slapd-MYDOMAIN-COM) (65531904 bytes); at least 211202928 bytes space is needed for db region files

Package Version and Platform:

Steps to Reproduce Steps to reproduce the behavior:

  1. Using podman run: 
    podman run -e IPA_SERVER_IP=10.1.1.16 \
-p 53:53/udp -p 53:53 \
-p 80:80 -p 443:443 \
-p 389:389 -p 636:636 \
-p 88:88 -p 464:464 \
-p 88:88/udp -p 464:464/udp -p 123:123/udp \
--name freeipa-server \
--hostname freeipa1.my-domain.com \
-ti \
--read-only \
-v /srv/freeipa/ipa-data:/data:Z \
harbor.my-domain.com/dh/freeipa/freeipa-server:rocky-9-4.10.1 --no-ntp

Expected results deployment without any errors.

Screenshots

stdout logs ```bash The following operations may take some minutes to complete. Please wait until the prompt is returned. Disabled p11-kit-proxy Configuring directory server (dirsrv). Estimated time: 30 seconds [1/42]: creating directory server instance Validate installation settings ... Create file system structures ... selinux is disabled, will not relabel ports or files. [ OK ] Created slice Slice /system/dirsrv. Starting 389 Directory Server MY-DOMAIN-COM.... [FAILED] Failed to start 389 Directory Server MY-DOMAIN-COM.. See 'systemctl status dirsrv@MY-DOMAIN-COM.service' for details. [error] CalledProcessError: Command '['systemctl', 'start', 'dirsrv@MY-DOMAIN-COM']' returned non-zero exit status 1. Command '['systemctl', 'start', 'dirsrv@MY-DOMAIN-COM']' returned non-zero exit status 1. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information [FAILED] Failed to start Configure IPA server upon the first start. See 'systemctl status ipa-server-configure-first.service' for details. [ OK ] Removed slice Slice /system/dirsrv. [ OK ] Stopped target Minimal target for containerized FreeIPA server. Deactivating swap /dev/dm-1... Unmounting /data... Unmounting /etc/hostname... Unmounting /etc/hosts... Unmounting /etc/resolv.conf... Unmounting /run/lock... Unmounting /run/secrets... Unmounting /tmp/var/tmp... Unmounting /var/log/journal... Stopping D-Bus System Message Bus... [FAILED] Failed deactivating swap /dev/dm-1. [FAILED] Failed unmounting /data. [ OK ] Stopped D-Bus System Message Bus. [FAILED] Failed unmounting /etc/hostname. [FAILED] Failed unmounting /etc/hosts. [FAILED] Failed unmounting /etc/resolv.conf. [FAILED] Failed unmounting /run/lock. [FAILED] Failed unmounting /run/secrets. [FAILED] Failed unmounting /tmp/var/tmp. [FAILED] Failed unmounting /var/log/journal. [ OK ] Closed D-Bus System Message Bus Socket. [ OK ] Stopped target System Initialization. Unmounting Temporary Directory /tmp... [ OK ] Stopped Create Volatile Files and Directories. [ OK ] Reached target System Shutdown. [FAILED] Failed unmounting Temporary Directory /tmp. [ OK ] Reached target Unmount All Filesystems. [ OK ] Reached target Late Shutdown Services. Starting System Power Off... [FAILED] Failed to start System Power Off. See 'systemctl status systemd-poweroff.service' for details. [DEPEND] Dependency failed for System Power Off. FreeIPA server configuration failed. ```
ipaserver-install.log ```bash 2023-09-02T15:33:55Z DEBUG Logging to /var/log/ipaserver-install.log 2023-09-02T15:33:55Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': False, 'ip_addresses': None, 'domain_name': None, 'realm_name': None, 'host_name': None, 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': False, 'setup_kra': False, 'setup_dns': False, 'idstart': None, 'idmax': None, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'skip_mem_check': False, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': True, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'subid': False, 'no_dns_sshfp': False, 'external_ca': False, 'external_ca_type': None, 'external_ca_profile': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'random_serial_numbers': False, 'pki_config_override': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': False, 'zonemgr': None, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': False, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'no_msdcs': False, 'netbios_name': None, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} 2023-09-02T15:33:55Z DEBUG IPA version 4.10.1-8.el9_2 2023-09-02T15:33:55Z DEBUG IPA platform rhel_container 2023-09-02T15:33:55Z DEBUG IPA os-release Rocky Linux 9.2 (Blue Onyx) 2023-09-02T15:33:55Z DEBUG svmem(total=8054177792, available=7371845632, percent=8.5, used=387440640, free=5021655040, active=626855936, inactive=2065649664, buffers=3837952, cached=2641244160, shared=9355264, slab=222773248) 2023-09-02T15:33:55Z DEBUG Available memory is 7371845632B 2023-09-02T15:33:55Z DEBUG Searching for an interface of IP address: ::1 2023-09-02T15:33:55Z DEBUG Testing local IP address: ::1/128 (interface: lo) 2023-09-02T15:33:55Z DEBUG Starting external process 2023-09-02T15:33:55Z DEBUG args=['/usr/sbin/selinuxenabled'] 2023-09-02T15:33:55Z DEBUG Process finished, return code=1 2023-09-02T15:33:55Z DEBUG stdout= 2023-09-02T15:33:55Z DEBUG stderr= 2023-09-02T15:33:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:33:55Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2023-09-02T15:33:55Z DEBUG httpd is not configured 2023-09-02T15:33:55Z DEBUG kadmin is not configured 2023-09-02T15:33:55Z DEBUG dirsrv is not configured 2023-09-02T15:33:55Z DEBUG pki-tomcatd is not configured 2023-09-02T15:33:55Z DEBUG install is not configured 2023-09-02T15:33:55Z DEBUG krb5kdc is not configured 2023-09-02T15:33:55Z DEBUG named is not configured 2023-09-02T15:33:55Z DEBUG filestore is tracking no files 2023-09-02T15:33:55Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2023-09-02T15:33:55Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2023-09-02T15:33:55Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2023-09-02T15:33:55Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2023-09-02T15:33:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:34:20Z DEBUG will use host_name: freeipa1.my-domain.com 2023-09-02T15:34:21Z DEBUG read domain_name: my-domain.com 2023-09-02T15:34:22Z DEBUG read realm_name: MYDOMAIN.COM 2023-09-02T15:34:44Z DEBUG Writing configuration file /etc/ipa/default.conf 2023-09-02T15:34:44Z DEBUG [global] host = freeipa1.my-domain.com basedn = dc=my-domain,dc=com realm = MYDOMAIN.COM domain = my-domain.com xmlrpc_uri = https://freeipa1.my-domain.com/ipa/xml ldap_uri = ldapi://%2Frun%2Fslapd-MYDOMAIN-COM.socket mode = production enable_ra = True ra_plugin = dogtag dogtag_version = 10 2023-09-02T15:34:44Z DEBUG importing all plugin modules in ipaserver.plugins... 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.aci 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.automember 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.automount 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.baseldap 2023-09-02T15:34:44Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.baseuser 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.batch 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.ca 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.caacl 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.cert 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.certmap 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.certprofile 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.config 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.delegation 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.dns 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.dogtag 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2023-09-02T15:34:44Z DEBUG importing plugin module ipaserver.plugins.group 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.hbac 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.hbactest 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.host 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.idp 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.idrange 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.idviews 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.internal 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.join 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.ldap2 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.location 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailalias 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailalias is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailenabled 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailenabled is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailforwardingaddress 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailforwardingaddress is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailgidnumber 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailgidnumber is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailgroupmember 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailgroupmember is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailhomedirectory 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailhomedirectory is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailquota 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailquota is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailsieverulesource 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailsieverulesource is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailstoragedirectory 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailstoragedirectory is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.mailuidnumber 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.mailuidnumber is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.migration 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.misc 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.netgroup 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.otp 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.otptoken 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.passwd 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.permission 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.ping 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.pkinit 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.privilege 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.rabase 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.role 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.schema 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.selfservice 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.server 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.serverrole 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.serverroles 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.service 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.session 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.stageuser 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.subid 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.sudo 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.sudorule 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.topology 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.trust 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.user 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.vault 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.virtual 2023-09-02T15:34:45Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.whoami 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2023-09-02T15:34:45Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.dns 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2023-09-02T15:34:45Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2023-09-02T15:34:45Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP 2023-09-02T15:34:45Z DEBUG check_port_bindable: bind success: 8443/TCP 2023-09-02T15:34:45Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP 2023-09-02T15:34:45Z DEBUG check_port_bindable: bind success: 8080/TCP 2023-09-02T15:34:45Z DEBUG Name freeipa1.my-domain.com resolved to {UnsafeIPAddress('10.0.2.100')} 2023-09-02T15:34:45Z DEBUG Searching for an interface of IP address: 10.0.2.100 2023-09-02T15:34:45Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2023-09-02T15:34:45Z DEBUG Testing local IP address: 10.0.2.100/255.255.255.0 (interface: tap0) 2023-09-02T15:34:45Z DEBUG LDAP is not connected, can not retrieve NetBIOS name 2023-09-02T15:34:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:34:55Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:34:55Z DEBUG Starting external process 2023-09-02T15:34:55Z DEBUG args=['/usr/sbin/selinuxenabled'] 2023-09-02T15:34:55Z DEBUG Process finished, return code=1 2023-09-02T15:34:55Z DEBUG stdout= 2023-09-02T15:34:55Z DEBUG stderr= 2023-09-02T15:34:55Z DEBUG Created PKCS#11 module config '/etc/pkcs11/modules/softhsm2.module'. 2023-09-02T15:34:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:34:55Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds 2023-09-02T15:34:55Z DEBUG [1/42]: creating directory server instance 2023-09-02T15:34:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:34:55Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2023-09-02T15:34:55Z DEBUG Running setup with verbose 2023-09-02T15:34:55Z DEBUG START: Starting installation ... 2023-09-02T15:34:55Z DEBUG READY: Preparing installation for MYDOMAIN-COM... 2023-09-02T15:34:55Z INFO Validate installation settings ... 2023-09-02T15:34:55Z DEBUG PASSED: using config settings 999999999 2023-09-02T15:34:55Z DEBUG PASSED: user / group checking 2023-09-02T15:34:55Z DEBUG PASSED: prefix checking 2023-09-02T15:34:55Z DEBUG list() MYDOMAIN-COM instance not found: missing /etc/dirsrv/slapd-MYDOMAIN-COM/dse.ldif 2023-09-02T15:34:55Z DEBUG PASSED: instance checking 2023-09-02T15:34:55Z DEBUG INFO: temp root password set to 2c3rkKvA... 2023-09-02T15:34:55Z DEBUG PASSED: root user checking 2023-09-02T15:34:55Z DEBUG PASSED: network avaliability checking 2023-09-02T15:34:55Z DEBUG READY: Beginning installation for MYDOMAIN-COM... 2023-09-02T15:34:55Z DEBUG ACTION: Creating dse.ldif 2023-09-02T15:34:55Z INFO Create file system structures ... 2023-09-02T15:34:55Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-MYDOMAIN-COM/bak 2023-09-02T15:34:55Z DEBUG ACTION: creating /etc/dirsrv/slapd-MYDOMAIN-COM 2023-09-02T15:34:55Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-MYDOMAIN-COM/db 2023-09-02T15:34:55Z DEBUG ACTION: creating /dev/shm/slapd-MYDOMAIN-COM 2023-09-02T15:34:55Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-MYDOMAIN-COM/ldif 2023-09-02T15:34:55Z DEBUG ACTION: creating /run/lock/dirsrv/slapd-MYDOMAIN-COM 2023-09-02T15:34:55Z DEBUG ACTION: creating /var/log/dirsrv/slapd-MYDOMAIN-COM 2023-09-02T15:34:55Z DEBUG ACTION: creating /run/dirsrv 2023-09-02T15:34:55Z DEBUG b'CMD: systemctl enable dirsrv@MYDOMAIN-COM ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@MYDOMAIN-COM.service \xe2\x86\x92 /usr/lib/systemd/system/dirsrv@.service.\n' 2023-09-02T15:34:55Z DEBUG ACTION: Creating certificate database is /etc/dirsrv/slapd-MYDOMAIN-COM 2023-09-02T15:34:55Z DEBUG Allocate with None 2023-09-02T15:34:55Z DEBUG Allocate with /run/slapd-MYDOMAIN-COM.socket 2023-09-02T15:34:55Z DEBUG Allocate with localhost:389 2023-09-02T15:34:55Z DEBUG Allocate with localhost:389 2023-09-02T15:34:55Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-MYDOMAIN-COM -f /etc/dirsrv/slapd-MYDOMAIN-COM/pwdfile.txt -@ /etc/dirsrv/slapd-MYDOMAIN-COM/pwdfile.txt 2023-09-02T15:34:56Z DEBUG nss output: 2023-09-02T15:34:56Z INFO selinux is disabled, will not relabel ports or files. 2023-09-02T15:34:56Z DEBUG asan_enabled=False 2023-09-02T15:34:56Z DEBUG libfaketime installed =False 2023-09-02T15:34:56Z DEBUG systemd status -> True 2023-09-02T15:34:56Z DEBUG systemd status -> True 2023-09-02T15:34:57Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 686, in start_creation run_step(full_msg, method) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 672, in run_step method() File "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py", line 555, in __create_instance sds.create_from_args(general, slapd, backends, None) File "/usr/lib/python3.9/site-packages/lib389/instance/setup.py", line 698, in create_from_args self._install_ds(general, slapd, backends) File "/usr/lib/python3.9/site-packages/lib389/instance/setup.py", line 975, in _install_ds ds_instance.start(timeout=60) File "/usr/lib/python3.9/site-packages/lib389/__init__.py", line 1071, in start subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT) File "/usr/lib64/python3.9/subprocess.py", line 424, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib64/python3.9/subprocess.py", line 528, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@MYDOMAIN-COM']' returned non-zero exit status 1. 2023-09-02T15:34:57Z DEBUG [error] CalledProcessError: Command '['systemctl', 'start', 'dirsrv@MYDOMAIN-COM']' returned non-zero exit status 1. 2023-09-02T15:34:57Z DEBUG File "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line 344, in run return cfgr.run() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 418, in step = lambda: next(self.__gen) File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 418, in step = lambda: next(self.__gen) File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.9/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py", line 566, in main master_install(self) File "/usr/lib/python3.9/site-packages/ipaserver/install/server/install.py", line 278, in decorated func(installer) File "/usr/lib/python3.9/site-packages/ipaserver/install/server/install.py", line 861, in install ds.create_instance(realm_name, host_name, domain_name, File "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py", line 324, in create_instance self.start_creation(runtime=30) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 686, in start_creation run_step(full_msg, method) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 672, in run_step method() File "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py", line 555, in __create_instance sds.create_from_args(general, slapd, backends, None) File "/usr/lib/python3.9/site-packages/lib389/instance/setup.py", line 698, in create_from_args self._install_ds(general, slapd, backends) File "/usr/lib/python3.9/site-packages/lib389/instance/setup.py", line 975, in _install_ds ds_instance.start(timeout=60) File "/usr/lib/python3.9/site-packages/lib389/__init__.py", line 1071, in start subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT) File "/usr/lib64/python3.9/subprocess.py", line 424, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib64/python3.9/subprocess.py", line 528, in run raise CalledProcessError(retcode, process.args, 2023-09-02T15:34:57Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '['systemctl', 'start', 'dirsrv@MYDOMAIN-COM']' returned non-zero exit status 1. 2023-09-02T15:34:57Z ERROR Command '['systemctl', 'start', 'dirsrv@MYDOMAIN-COM']' returned non-zero exit status 1. 2023-09-02T15:34:57Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information ```

Additional context Discussed in: https://github.com/freeipa/freeipa-container/issues/559 with a request for creating a bug in here.

vashirov commented 1 year ago

From man podman-run:

   --shm-size=number[unit]
       Size  of /dev/shm. A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes).  If the unit is omitted, the system uses
       bytes. If the size is omitted, the default is 64m.

Please try to amend your podman run command with --shm-size option, for example --shm-size=4gb.

leonidas-o commented 1 year ago

@vashirov okay it seems to work with --shm-size=2g. According to the old error message, it asked for at least 211202928 bytes which is around 211m. If not specified in podman run, the default is 64m. So I ask myself

  1. why is the old freeipa-server:rocky-9-4.10.0 not throwing that error and running without this option?
  2. if the error message says at least 211m, I gave it 256m, why is it still not enough?
  3. how to determine the optimal size for this setting?
mreynolds389 commented 1 year ago

@vashirov okay it seems to work with --shm-size=2g. According to the old error message, it asked for at least 211202928 bytes which is around 211m. If not specified in podman run, the default is 64m. So I ask myself

1. why is the old `freeipa-server:rocky-9-4.10.0` not throwing that error and running without this option?

In older versions of 389-ds-base we did not use /dev/shm by default, so most likely that version of freeipa is simply using an older version of DS

2. if the error message says at least 211m, I gave it 256m, why is it still not enough?

There might be other processes using /dev/shm that are taking up space? Or maybe there is a bug in that error message code?

3. how to determine the optimal size for this setting?

Well I would go on the heavy side. Set it to 4 gigs. /dev/shm is used for the database memory mapped files, so things like the dbcache, db locks, etc. It's hard to say the exact value but 4 gigs should be plenty.