Cheers,The bit failing is:Hi,I have reproduced the problem on the LXC container. The full debug log is at:
https://gist.github.com/alexpdp7/ b3d7fd48660a1ffb78cb64fd5dc344 76
[root@ctipa ~]# ipa-replica-install -v -n ipa.pdp7.net -P alex -w $pw --mkhomedir
...
ipa : DEBUG [11/22]: configuring Gssproxy
[11/22]: configuring Gssproxy
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/sbin/selinuxenabled
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl restart gssproxy.service
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=A dependency job for gssproxy.service failed. See 'journalctl -xe' for details.
ipa : DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/ service.py", line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ service.py", line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ httpinstance.py", line 242, in configure_gssproxy
services.knownservices.gssproxy.restart()
File "/usr/lib/python2.7/site-packages/ipaplatform/base/ services.py", line 322, in restart
capture_output, wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/ services.py", line 310, in _restart_base
skip_output=not capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py" , line 512, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
ipa : DEBUG [error] CalledProcessError: Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
[error] CalledProcessError: Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool( CompatServerReplicaInstall): DEBUG File "/usr/lib/python2.7/site- packages/ipapython/admintool. py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/ cli.py", line 333, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 368, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 392, in execute
for _nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/ util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 658, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/ core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/ util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/ util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/ common.py", line 63, in _install
for _nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/ server/__init__.py", line 617, in main
replica_install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ server/replicainstall.py", line 386, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ server/replicainstall.py", line 1440, in install
ca_file=cafile)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ server/replicainstall.py", line 166, in install_http
subject_base=config.subject_base, master_fqdn=config.master_ host_name)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ httpinstance.py", line 190, in create_instance
self.start_creation()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ service.py", line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ service.py", line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ httpinstance.py", line 242, in configure_gssproxy
services.knownservices.gssproxy.restart()
File "/usr/lib/python2.7/site-packages/ipaplatform/base/ services.py", line 322, in restart
capture_output, wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/ services.py", line 310, in _restart_base
skip_output=not capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py" , line 512, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
ipa.ipapython.install.cli.install_tool( CompatServerReplicaInstall): DEBUG The ipa-replica-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool( CompatServerReplicaInstall): ERROR Command '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool( CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install. log for more information
ÁlexOn Tue, Jan 9, 2018 at 7:45 PM, Martin Basti via FreeIPA-users <freeipa-users@lists.fedorahosted.org > wrote:do you have a traceback in log? I'm curious where exactly this happened, what is your FreeIPA version?[1]I haven't install FreeIPA in LXC, but I'm happy user of FreeIPA running in LXC :-) So it should work2018-01-09 11:40 GMT+01:00 Alex Corcoles via FreeIPA-users <freeipa-users@lists.fedorahosted.org >:Hi Marti,On Tue, Jan 9, 2018 at 12:46 AM, Martin Basti via FreeIPA-users <freeipa-users@lists.fedorahosted.org > wrote:it looks that replica is trying to add records to your forward zone. What is the hostname of the replica?I have a dnsmasq acting as DHCP/DNS server in h2.int.pdp7.net to provide automatic network configuration to VMs. It's a non-routable network, so I'm not sure what the right setup would be.1. what is not working on lxc?It was something about GSSAPI or something like that, I'll try to reproduce and start a new thread about that- but I guess it's more of an LXC problem (ideally I would like to run my replica on LXC so it consumes less RAM, but I can live with a full VM).Cheers,
Álex2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <freeipa-users@lists.fedorahosted.org >:______________________________Hi,I'm labbing a FreeIPA environment for personal use, and I'm getting that while bringing up a replica.I set up my first freeipa-server instance on a cheap VPS on a public IP, intend on making it publicly accessible so I can always authenticate my laptop even on wild public networks.I'm adding the replica as a VM(1) on a Proxmox VE, on a private network with VPN connectivity to the first public freeipa-server, but I'm getting:2018-01-06T20:56:04Z DEBUG The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records. I'm trying to create the replica with CA and DNS, and I had set up DNS forwarding to the internal DNS on the Proxmox system with:
$ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1
$ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24 --forwarder=10.42.42.1 --forward-policy=onlyon the first server (I run dnsmasq on Proxmox VE, 10.42.42.0/24 - h2.int.pdp7.net is the network it manages), and I guess that's messing with the replica, but I'm not sure how to troubleshoot this.Thoughts? Ideas?Thanks,
Álex(1) I can't seem to create a freeipa-replica on an LXC container. Is this something that can be discussed here or should I take it to LXC?--_________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
--S pozdravom Martin Bašti.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
--S pozdravom Martin Bašti.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org