lejeczek via FreeIPA-users wrote:
On 08/05/2019 14:28, Rob Crittenden wrote:
> lejeczek via FreeIPA-users wrote:
>> hi guys,
>>
>> this must be something trivial and I must have gone blind, can you spot
>> what I missed?
>>
>>
>> $ ipa-replica-install --setup-dns --no-forwarders --ip-address=10.5.8.65
>> WARNING: conflicting time&date synchronization service 'chronyd'
will
>> be disabled in favor of ntpd
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> ipapython.admintool: ERROR The host name rider.xxx does not match the
>> primary host name rider-ring8.xxx. Please check /etc/hosts or DNS name
>> resolution
>>
>> $ host -r 10.5.8.97
>> 97.8.5.10.in-addr.arpa domain name pointer rider.xxx.
>> 97.8.5.10.in-addr.arpa domain name pointer rider-ring8.xxx.
>> $ host -r 10.5.8.49
>> 49.8.5.10.in-addr.arpa domain name pointer whale.xxx.
>> 49.8.5.10.in-addr.arpa domain name pointer whale-ring8.xxx.
>> $ host rider-ring8..
>> rider-ring8. has address 10.5.8.97
>> $ host rider..
>> rider. has address 10.5.8.97
>>
>> Primary hostname of the box replica-install complains of is rider.xxx.
>> Why IPA thinks it is rider-ring8.xxx ?
>>
>> What can be wrong?
> /etc/hosts perhaps, though it could also be that DNS is doing
> round-robin on the reverse lookup so the results are inconsistent.
>
> You can try --no-host-dns to skip the lookup but it may portend future
> problems.
>
> rob
freaking hell... installation of replica failed and now I have "invalid
'PKINIT enabled server': all masters must have IPA master role enabled"
problem.
replica's failure:
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/10]: stopping directory server
[2/10]: saving configuration
[3/10]: disabling listeners
[4/10]: enabling DS global lock
[5/10]: disabling Schema Compat
[6/10]: starting directory server
[7/10]: upgrading server
ipaserver.install.upgradeinstance: ERROR Upgrade failed with cannot
connect to 'ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket':
[error] RuntimeError: cannot connect to
'ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket':
[cleanup]: stopping directory server
[cleanup]: restoring configuration
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR Update failed: cannot connect to
'ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket':
ipapython.admintool: ERROR The ipa-replica-install command failed.
See /var/log/ipareplica-install.log for more information
I have that log if somebody would want to have a look. But how to get
out from that "PKINIT enabled server" ??
many thanks, L.
See
https://pagure.io/freeipa/issue/7929
A workaround is included in the ticket.
rob