Hello Rob,
after modify the /etc/hosts File on ipaserver1 with "192.168.122.102
ipaserver2.intranet.gonicus.de
ipaserver2" the Replica works :)
Regards
Dirk
Am 17.07.19 um 14:30 schrieb Dirk Streubel via FreeIPA-users:
> And here comes the Rest of the output, sorry:
>
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> Check RPC connection to remote master
> Execute check on remote master
> Check connection from master to remote replica
'ipaserver2.linuxtest.gonicus.de':
> ERROR: Port check failed! Unable to resolve host name
'ipaserver2.linuxtest.gonicus.de'
> ERROR: Remote master check failed with following error message(s):
> ipa-replica-conncheck returned non-zero exit code
>
> 2019-07-17T12:22:44Z DEBUG File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line
> 179, in execute
> return_value = self.run()
> File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line
340, in run
> return cfgr.run()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
358, in run
> self.validate()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
368, in validate
> for _nothing in self._validator():
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
455, in
> _handle_validate_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
421, in __runner
> step()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
81, in
> run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
59, in
> run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
633, in _configure
> next(validator)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
455, in
> _handle_validate_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
518, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
515, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
421, in __runner
> step()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
81, in
> run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
59, in
> run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line
65, in _install
> for unused in self._installer(self.parent):
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line
588, in main
> replica_promote_check(self)
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 402, in
> decorated
> func(installer)
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 424, in
> decorated
> func(installer)
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1136, in
> promote_check
> ca_cert_file=cafile)
> File "/usr/lib/python3.7/site-packages/ipaserver/install/replication.py",
line 127, in
> replica_conn_check
> "Connection check failed!"
>
> 2019-07-17T12:22:44Z DEBUG The ipa-replica-install command failed, exception:
ScriptError:
> Connection check failed!
> See /var/log/ipareplica-conncheck.log for more information.
> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
> 2019-07-17T12:22:44Z ERROR Connection check failed!
> See /var/log/ipareplica-conncheck.log for more information.
> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
> 2019-07-17T12:22:44Z ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>
>
> Dirk
>
> Am 17.07.19 um 14:26 schrieb Dirk Streubel via FreeIPA-users:
>> Hello Rob,
>>
>> Here is the ouuput without the --skip-conncheck option:
>>
>>
>> [root@ipaserver2 ~]# ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>> Lookup failed: Preferred host ipaserver2.linuxtest.gonicus.de does not provide
DNS.
>> Could not resolve hostname ipaserver2.linuxtest.gonicus.de using DNS. Clients may
not function
>> properly. Please check your DNS setup. (Note that this check queries IPA DNS
directly and ignores
>> /etc/hosts.)
>> Continue? [no]: yes
>> Checking DNS forwarders, please wait ...
>> Run connection check to master
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> Connection check failed!
>> See /var/log/ipareplica-conncheck.log for more information.
>> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
>> The ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information:
>>
>>
>>
>> 2019-07-17T12:22:35Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
>> 2019-07-17T12:22:36Z DEBUG failed to find session_cookie in persistent storage
for principal
>> 'host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE'
>> 2019-07-17T12:22:36Z DEBUG trying
https://ipaserver1.linuxtest.gonicus.de/ipa/json
>> 2019-07-17T12:22:36Z DEBUG Created connection context.jsonclient_140677757574736
>> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
>> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
>> 2019-07-17T12:22:36Z DEBUG New HTTP connection (ipaserver1.linuxtest.gonicus.de)
>> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>>
'list'>)'['ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;path=/ipa;httponly;secure;']'
>> 2019-07-17T12:22:36Z DEBUG storing cookie
>>
'ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;'
>> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
>> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
>> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
>> 2019-07-17T12:22:36Z DEBUG HTTP connection keep-alive
(ipaserver1.linuxtest.gonicus.de)
>> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>>
'list'>)'['ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;path=/ipa;httponly;secure;']'
>> 2019-07-17T12:22:36Z DEBUG storing cookie
>>
'ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;'
>> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
>> 2019-07-17T12:22:36Z DEBUG Destroyed connection
context.jsonclient_140677757574736
>> 2019-07-17T12:22:36Z DEBUG Created connection context.ldap2_140677767577936
>> 2019-07-17T12:22:36Z DEBUG flushing ldaps://ipaserver1.linuxtest.gonicus.de from
SchemaCache
>> 2019-07-17T12:22:36Z DEBUG retrieving schema for SchemaCache
>> url=ldaps://ipaserver1.linuxtest.gonicus.de
conn=<ldap.ldapobject.SimpleLDAPObject object at
>> 0x7ff217c82d10>
>> 2019-07-17T12:22:36Z DEBUG raw: domainlevel_get(version='2.233')
>> 2019-07-17T12:22:36Z DEBUG domainlevel_get(version='2.233')
>> 2019-07-17T12:22:36Z DEBUG raw: hostgroup_find(None, cn='ipaservers',
version='2.233',
>> host=['ipaserver2.linuxtest.gonicus.de'])
>> 2019-07-17T12:22:36Z DEBUG hostgroup_find(None, cn='ipaservers',
all=False, raw=False,
>> version='2.233', no_members=True, pkey_only=False,
host=('ipaserver2.linuxtest.gonicus.de',))
>> 2019-07-17T12:22:36Z WARNING Lookup failed: Preferred host
ipaserver2.linuxtest.gonicus.de does not
>> provide DNS.
>> 2019-07-17T12:22:36Z DEBUG Check forward/reverse DNS resolution
>> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
>> '192.168.122.101', '192.168.122.101']) for
ipaserver1.linuxtest.gonicus.de
>> 2019-07-17T12:22:36Z DEBUG Check reverse address 192.168.122.101
(ipaserver1.linuxtest.gonicus.de)
>> 2019-07-17T12:22:36Z DEBUG Address 192.168.122.101 resolves to:
ipaserver1.linuxtest.gonicus.de..
>> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
>> '192.168.122.101', '192.168.122.101']) for
ipaserver2.linuxtest.gonicus.de
>> 2019-07-17T12:22:36Z ERROR Could not resolve hostname
ipaserver2.linuxtest.gonicus.de using DNS.
>> Clients may not function properly. Please check your DNS setup. (Note that this
check queries IPA
>> DNS directly and ignores /etc/hosts.)
>> 2019-07-17T12:22:41Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
>> 2019-07-17T12:22:41Z DEBUG raw: dns_is_enabled(version='2.233')
>> 2019-07-17T12:22:41Z DEBUG dns_is_enabled(version='2.233')
>> 2019-07-17T12:22:41Z DEBUG Name ipaserver2.linuxtest.gonicus.de resolved to
>> {UnsafeIPAddress('192.168.122.102')}
>> 2019-07-17T12:22:41Z DEBUG Searching for an interface of IP address:
192.168.122.102
>> 2019-07-17T12:22:41Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0
(interface: lo)
>> 2019-07-17T12:22:41Z DEBUG Testing local IP address:
192.168.122.102/255.255.255.0 (interface: ens3)
>> 2019-07-17T12:22:41Z DEBUG IP address 192.168.122.102 belongs to a private range,
using forward
>> policy only
>> 2019-07-17T12:22:41Z DEBUG Checking DNS server: 9.9.9.9
>> 2019-07-17T12:22:41Z DEBUG will use DNS forwarders:
[CheckedIPAddressLoopback('9.9.9.9')]
>>
>> 2019-07-17T12:22:41Z DEBUG Destroyed connection context.ldap2_140677767577936
>> 2019-07-17T12:22:41Z DEBUG Starting external process
>> 2019-07-17T12:22:41Z DEBUG args=['/usr/sbin/ipa-replica-conncheck',
'--master',
>> 'ipaserver1.linuxtest.gonicus.de', '--auto-master-check',
'--realm', 'LINUXTEST.GONICUS.DE',
>> '--hostname', 'ipaserver2.linuxtest.gonicus.de',
'--ca-cert-file', '/etc/ipa/ca.crt']
>> 2019-07-17T12:22:44Z DEBUG Process finished, return code=1
>> 2019-07-17T12:22:44Z DEBUG stdout=
>> 2019-07-17T12:22:44Z DEBUG stderr=Check connection from replica to remote master
>> 'ipaserver1.linuxtest.gonicus.de':
>> Directory Service: Unsecure port (389): OK
>> Directory Service: Secure port (636): OK
>> Kerberos KDC: TCP (88): OK
>> Kerberos Kpasswd: TCP (464): OK
>> HTTP Server: Unsecure port (80): OK
>> HTTP Server: Secure port (443): OK
>>
>> The following list of ports use UDP protocol and would need to be
>> checked manually:
>> Kerberos KDC: UDP (88): SKIPPED
>> Kerberos Kpasswd: UDP (464): SKIPPED
>>
>> In /etc/hosts is an entry for ipaserver1 and in /etc/resolv.conf also.
>>
>> Dirk
>>
>>
>>
>> Am 17.07.19 um 13:58 schrieb Rob Crittenden via FreeIPA-users:
>>> Dirk Streubel via FreeIPA-users wrote:
>>>> Hello,
>>>>
>>>> i've got a little Problem with ipa-replica install
>>>>
>>>> After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>>>> --skip-conncheck
>>> Why are you skipping the connection check? What fails when you do not
>>> pass that option?
>>>
>>> rob
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...