I meant traceback fot the DNS issue :-)
Could you please provide the reason why gssaproxy didn't start?
journalctl -xe
systemctl status gssproxy
journalctl -u gssproxy
2018-01-09 21:29 GMT+01:00 Alex Corcoles via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>:
Hi,
I have reproduced the problem on the LXC container. The full debug log is
at:
https://gist.github.com/alexpdp7/b3d7fd48660a1ffb78cb64fd5dc34476
The bit failing is:
[root@ctipa ~]# ipa-replica-install -v -n
ipa.pdp7.net -P alex -w $pw
--mkhomedir
...
ipa : DEBUG [11/22]: configuring Gssproxy
[11/22]: configuring Gssproxy
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/sbin/selinuxenabled
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl restart gssproxy.service
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=A dependency job for gssproxy.service
failed. See 'journalctl -xe' for details.
ipa : DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
line 242, in configure_gssproxy
services.knownservices.gssproxy.restart()
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
line 322, in restart
capture_output, wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
line 310, in _restart_base
skip_output=not capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 512,
in run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/bin/systemctl restart gssproxy.service'
returned non-zero exit status 1
ipa : DEBUG [error] CalledProcessError: Command
'/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
[error] CalledProcessError: Command '/bin/systemctl restart
gssproxy.service' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
333, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
368, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
392, in execute
for _nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
658, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for _nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py",
line 617, in main
replica_install(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 386, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1440, in install
ca_file=cafile)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 166, in install_http
subject_base=config.subject_base, master_fqdn=config.master_host_name)
File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
line 190, in create_instance
self.start_creation()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
line 242, in configure_gssproxy
services.knownservices.gssproxy.restart()
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
line 322, in restart
capture_output, wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
line 310, in _restart_base
skip_output=not capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 512,
in run
raise CalledProcessError(p.returncode, arg_string, str(output))
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
DEBUG The ipa-replica-install command failed, exception:
CalledProcessError: Command '/bin/systemctl restart gssproxy.service'
returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
ERROR Command '/bin/systemctl restart gssproxy.service' returned
non-zero exit status 1
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
Cheers,
Álex
On Tue, Jan 9, 2018 at 7:45 PM, Martin Basti via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> do you have a traceback in log? I'm curious where exactly this happened,
> what is your FreeIPA version?
>
> [1]
> I haven't install FreeIPA in LXC, but I'm happy user of FreeIPA running
> in LXC :-) So it should work
>
> 2018-01-09 11:40 GMT+01:00 Alex Corcoles via FreeIPA-users <
> freeipa-users(a)lists.fedorahosted.org>:
>
>> Hi Marti,
>>
>> On Tue, Jan 9, 2018 at 12:46 AM, Martin Basti via FreeIPA-users <
>> freeipa-users(a)lists.fedorahosted.org> wrote:
>>
>>> it looks that replica is trying to add records to your forward zone.
>>> What is the hostname of the replica?
>>>
>>
>> Yeah, it's
xxx.h2.int.pdp7.net, which is within the forwarded zone.
>>
>> I have a dnsmasq acting as DHCP/DNS server in
h2.int.pdp7.net to
>> provide automatic network configuration to VMs. It's a non-routable
>> network, so I'm not sure what the right setup would be.
>>
>> 1. what is not working on lxc?
>>>
>>
>> It was something about GSSAPI or something like that, I'll try to
>> reproduce and start a new thread about that- but I guess it's more of an
>> LXC problem (ideally I would like to run my replica on LXC so it consumes
>> less RAM, but I can live with a full VM).
>>
>> Cheers,
>>
>> Álex
>>
>> 2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <
>> freeipa-users(a)lists.fedorahosted.org>:
>>
>>> Hi,
>>>
>>> I'm labbing a FreeIPA environment for personal use, and I'm getting
>>> that while bringing up a replica.
>>>
>>> I set up my first freeipa-server instance on a cheap VPS on a public
>>> IP, intend on making it publicly accessible so I can always authenticate my
>>> laptop even on wild public networks.
>>>
>>> I'm adding the replica as a VM(1) on a Proxmox VE, on a private network
>>> with VPN connectivity to the first public freeipa-server, but I'm
getting:
>>>
>>> 2018-01-06T20:56:04Z DEBUG The ipa-replica-install command failed,
>>> exception: ValidationError: invalid 'dnszoneidnsname': only master
zones
>>> can contain records
>>>
>>> . I'm trying to create the replica with CA and DNS, and I had set up
>>> DNS forwarding to the internal DNS on the Proxmox system with:
>>>
>>> $ ipa dnsforwardzone-add
h2.int.pdp7.net --forwarder=10.42.42.1
>>> $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24
>>> --forwarder=10.42.42.1 --forward-policy=only
>>>
>>> on the first server (I run dnsmasq on Proxmox VE, 10.42.42.0/24 -
>>>
h2.int.pdp7.net is the network it manages), and I guess that's messing
>>> with the replica, but I'm not sure how to troubleshoot this.
>>>
>>> Thoughts? Ideas?
>>>
>>> Thanks,
>>>
>>> Álex
>>>
>>> (1) I can't seem to create a freeipa-replica on an LXC container. Is
>>> this something that can be discussed here or should I take it to LXC?
>>>
>>> --
>>> ___
>>> {~._.~}
>>> ( Y )
>>> ()~*~() mail: alex at corcoles dot net
>>> (_)-(_)
http://alex.corcoles.net/
>>>
>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>>>
rahosted.org
>>>
>>>
>>
>>
>> --
>> S pozdravom Martin Bašti.
>>
>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>>>
rahosted.org
>>>
>>>
>>
>>
>> --
>> ___
>> {~._.~}
>> ( Y )
>> ()~*~() mail: alex at corcoles dot net
>> (_)-(_)
http://alex.corcoles.net/
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>>
rahosted.org
>>
>>
>
>
> --
> S pozdravom Martin Bašti.
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>
rahosted.org
>
>
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)
http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org