Unable to install shibboleth.x86_64 on AWS EC2 instance
Nate Klingenstein
ndk at sudonym.me
Sun Sep 9 00:01:00 EDT 2018
Ron,
Yes, definitely, if you are not running Amazon Linux(personally, I'm not
quite sure why they felt like they needed their own distribution -- I guess
they plan to eventually add more EC2-specific features and charge for them)
and there is a repo with pre-built RPM's that you are comfortable with,
it's always the easier and generally the smarter choice. Make sure that
the packages are working well.
It was good to get the page updated and I needed to refresh my SRPM
knowledge anyway, so your question was very helpful. :D
If you need to uninstall Shibboleth, yum remove shibboleth is all you
need. It will keep backup copies of configuration files that you may want
to recover someday. You would also want to uninstall any dependencies like
OpenSAML. Here's what it looks like on a testing provider I setup.
[centos at ip-172-31-5-219 ~]$ sudo yum remove shibboleth
Loaded plugins: fastestmirror
Resolving Dependencies
--> Running transaction check
---> Package shibboleth.x86_64 0:3.0.2-1.1 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================================================
Package
Arch
Version
Repository Size
============================================================================================================================================================================================================
Removing:
shibboleth
x86_64
3.0.2-1.1
@shibboleth 5.4 M
Transaction Summary
============================================================================================================================================================================================================
Remove 1 Package
Installed size: 5.4 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Redirecting to /bin/systemctl status httpd.service
Erasing :
shibboleth-3.0.2-1.1.x86_64
1/1
warning: /etc/shibboleth/shibboleth2.xml saved as
/etc/shibboleth/shibboleth2.xml.rpmsave
warning: /etc/httpd/conf.d/shib.conf saved as
/etc/httpd/conf.d/shib.conf.rpmsave
Verifying :
shibboleth-3.0.2-1.1.x86_64
1/1
Removed:
shibboleth.x86_64
0:3.0.2-1.1
Complete!
[centos at ip-172-31-5-219 ~]$ sudo yum remove opensaml
Loaded plugins: fastestmirror
Resolving Dependencies
--> Running transaction check
---> Package libsaml10.x86_64 0:3.0.0-1.1 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================================================
Package
Arch
Version
Repository Size
============================================================================================================================================================================================================
Removing:
libsaml10
x86_64
3.0.0-1.1
@shibboleth 10 M
Transaction Summary
============================================================================================================================================================================================================
Remove 1 Package
Installed size: 10 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing :
libsaml10-3.0.0-1.1.x86_64
1/1
Verifying :
libsaml10-3.0.0-1.1.x86_64
1/1
Removed:
libsaml10.x86_64
0:3.0.0-1.1
Complete!
If we can help out with the other issues that you're facing, let us know.
Thrilled you're in better straits now,
Nate.
On Sun, Sep 9, 2018 at 3:33 AM, Ron Harris <neo204011 at gmail.com> wrote:
> Hi Nate,
>
> Thank you very much for looking into this issue and updating the page.
> I will try to rerun the commands on a new EC2 Instance. It was a bit
> problem to tell my colleagues that I cannot install it again :).
>
> After lot of looking around, I was able to find a quick solution.
> Installing it from repo.
> sudo wget http://download.opensuse.org/repositories/security://
> shibboleth/RHEL_6/security:shibboleth.repo -O /etc/yum.repos.d/shibboleth.
> repo
> sudo yum -y install shibboleth.x86_64
>
> In my AWS release it was written like "Rhel_Fedora", so I tried with the
> above repo.
> Shibboleth was installed with these two steps only. But right now facing
> couple of other issues.
>
> Last query, If I have to uninstall Shibboleth, then below command should
> be enough.
> sudo yum remove shibboleth.x86_64
>
> Thanks
>
>
>
>
> On Sun, Sep 9, 2018 at 5:48 AM Nate Klingenstein <ndk at sudonym.me> wrote:
>
>> I think I have a successful build on Amazon Linux 2018-03 too(it was
>> indeed just too small a VM). I had to explicitly point out the newly built
>> libcurl:
>>
>> export PKG_CONFIG_PATH=/opt/shibboleth/lib64/pkgconfig/
>>
>> which was bizarre and I'm not confident it was necessary although
>> retesting the edited Wiki on a clean machine demonstrated it seemed to be,
>> and the /etc/httpd configuration style is novel, so to actually load the
>> newly built module, you'll need to copy or symlink the apache24.conf file
>> that comes with Shibboleth:
>>
>> ln -s /etc/shibboleth/apache24.config /etc/httpd/conf.modules.d/shib.conf
>>
>> Amazon Linux 2 doesn't have as many irregularities. Either way, the SRPM
>> page of the Wiki has been heavily updated, and if you rerun the commands,
>> noting the comments, it should overwrite the older versions it was pulling
>> and include the additional things necessary for Shibboleth SP 3 to work on
>> Amazon Linux 2018-03.
>>
>> https://wiki.shibboleth.net/confluence/display/SP3/SRPMBuild
>>
>> Hope this is helpful,
>> Nate.
>>
>> On Sat, Sep 8, 2018 at 9:34 PM, Nate Klingenstein <ndk at sudonym.me> wrote:
>>
>>> Ron,
>>>
>>> Okay, I got it to build and load the module fine on Amazon Linux 2 and
>>> you don't need any special apxs directives. I've verified that shibd runs,
>>> /Shibboleth.sso/Status reports OK, and I can auto-generate metadata. You
>>> will need to install libmemcached-devel too. It's otherwise like a
>>> standard SRPM build.
>>>
>>> I'll try on 2018-03 again now. I suspect I just had too small a VM and
>>> it was running out of memory during the build process. I couldn't even run
>>> top in parallel. If it works, I'll update the Wiki page.
>>>
>>> Thanks,
>>> Nate.
>>>
>>>
>>> On Sat, Sep 8, 2018 at 7:35 PM, Nate Klingenstein <ndk at sudonym.me>
>>> wrote:
>>>
>>>> Ron,
>>>>
>>>> tl;dr: packaging is purgatory
>>>>
>>>> First, I'm not sure which Amazon Linux you're using. With 2018-3,
>>>> using the new releases, I was able to get to the point of building
>>>> OpenSAML, but it failed to compile the SubjectConfirmation part of the SAML
>>>> 2 assertion implementation. With Amazon Linux 2, I'm getting rpmbuild
>>>> using a different path(home directory instead of /usr/src/rpm) among other
>>>> things.
>>>>
>>>> The example on the webpage is not actively maintained and it's pretty
>>>> outdated, so you can't use it with a literal copy/paste. It's also trying
>>>> to pull older releases of many of the dependencies, including xmltooling
>>>> and opensaml. The spec file for the Shibboleth package is just the point
>>>> where you are discovering that you built and installed versions that are
>>>> too old.
>>>>
>>>> %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
>>>> PreReq: xmltooling-schemas%{?_isa} >= 3.0.0,
>>>> opensaml-schemas%{?_isa} >= 3.0.0
>>>> %else
>>>>
>>>> I'll spend some time playing around on Amazon Linux 2 today to see if I
>>>> can get it to build, but it's going to take me awhile. I'll respond again
>>>> to this message later. I may not be able to resolve it myself, but we'll
>>>> see.
>>>>
>>>> Thanks,
>>>> Nate.
>>>>
>>>>
>>>> On Sat, Sep 8, 2018 at 6:46 AM, Ron Harris <neo204011 at gmail.com> wrote:
>>>>
>>>>> Thanks Nate for reply.
>>>>>
>>>>> I somewhat understood what was incorrect.
>>>>> I followed the sets mentioned in example "Amazon Linux with Apache 2.4"
>>>>>
>>>>> when I run this command
>>>>> "sudo rpmbuild --rebuild --without builtinapache -D 'shib_options
>>>>> -with-apxs24=/usr/bin/apxs -with-apr1=/usr/bin/apr-1-config
>>>>> -enable-apache-24' shibboleth*"
>>>>>
>>>>> I am getting below error:
>>>>> RPM build errors:
>>>>> line 14: prereq is deprecated: PreReq:
>>>>> xmltooling-schemas(x86-64) >= 3.0.0, opensaml-schemas(x86-64) >= 3.0.0
>>>>> Bad exit status from /var/tmp/rpm-tmp.IRbIyP (%build)
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> On Sat, Sep 8, 2018 at 12:28 AM Nate Klingenstein <ndk at sudonym.me>
>>>>> wrote:
>>>>>
>>>>>> Ron,
>>>>>>
>>>>>> Your install command is trying to pull from the default
>>>>>> pre-configured yum repos rather than installing the locally rebuilt RPM's.
>>>>>> Try localinstall with your RPM's instead as in the example shown on the
>>>>>> page or using a Linux distribution that already has prebuilt RPM's in a
>>>>>> repository you can add to /etc/yum.repos.d/.
>>>>>>
>>>>>> https://wiki.shibboleth.net/confluence/display/SP3/SRPMBuild
>>>>>>
>>>>>> Take care,
>>>>>> Nate.
>>>>>>
>>>>>>
>>>>>> On Fri, Sep 7, 2018 at 6:33 PM, Ron Harris <neo204011 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have previously configured Shibboleth on EC2 instance, but today
>>>>>>> trying to install on new server, I am facing some issue.
>>>>>>>
>>>>>>> I am referring to the following link:
>>>>>>> https://wiki.shibboleth.net/confluence/display/SP3/SRPMBuild
>>>>>>>
>>>>>>> When I run the command:
>>>>>>> sudo yum install log4shib xerces-c xml-security-c curl-openssl
>>>>>>> xmltooling opensaml shibboleth
>>>>>>>
>>>>>>> I am getting below message:
>>>>>>>
>>>>>>> Loaded plugins: priorities, update-motd, upgrade-helper
>>>>>>> amzn-main
>>>>>>> amzn-updates
>>>>>>> No
>>>>>>> package log4shib available.
>>>>>>> No package xerces-c available.
>>>>>>> No package xml-security-c available.
>>>>>>> No package xmltooling available.
>>>>>>> No package opensaml available.
>>>>>>> No package shibboleth available.
>>>>>>> Nothing to do
>>>>>>>
>>>>>>> Can you please help me understand what I maybe missing.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> For Consortium Member technical support, see
>>>>>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>>>>>> To unsubscribe from this list send an email to
>>>>>>> users-unsubscribe at shibboleth.net
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> For Consortium Member technical support, see
>>>>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>>>>> To unsubscribe from this list send an email to
>>>>>> users-unsubscribe at shibboleth.net
>>>>>
>>>>>
>>>>> --
>>>>> For Consortium Member technical support, see
>>>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>>>> To unsubscribe from this list send an email to
>>>>> users-unsubscribe at shibboleth.net
>>>>>
>>>>
>>>>
>>>
>> --
>> For Consortium Member technical support, see https://wiki.shibboleth.net/
>> confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180909/4d4e4ed5/attachment.html>
More information about the users
mailing list