And here comes the Rest of the output, sorry:
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
Execute check on remote master
Check connection from master to remote replica 'ipaserver2.linuxtest.gonicus.de':
ERROR: Port check failed! Unable to resolve host name
'ipaserver2.linuxtest.gonicus.de'
ERROR: Remote master check failed with following error message(s):
ipa-replica-conncheck returned non-zero exit code
2019-07-17T12:22:44Z DEBUG File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line
179, in execute
return_value = self.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 340, in
run
return cfgr.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 358,
in run
self.validate()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 368,
in validate
for _nothing in self._validator():
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 455,
in
_handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 633,
in _configure
next(validator)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 455,
in
_handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py",
line 588, in main
replica_promote_check(self)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 402, in
decorated
func(installer)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 424, in
decorated
func(installer)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1136, in
promote_check
ca_cert_file=cafile)
File "/usr/lib/python3.7/site-packages/ipaserver/install/replication.py", line
127, in
replica_conn_check
"Connection check failed!"
2019-07-17T12:22:44Z DEBUG The ipa-replica-install command failed, exception:
ScriptError:
Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2019-07-17T12:22:44Z ERROR Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2019-07-17T12:22:44Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
Dirk
Am 17.07.19 um 14:26 schrieb Dirk Streubel via FreeIPA-users:
> Hello Rob,
>
> Here is the ouuput without the --skip-conncheck option:
>
>
> [root@ipaserver2 ~]# ipa-replica-install --setup-ca --setup-dns --forwarder=9.9.9.9
> Lookup failed: Preferred host ipaserver2.linuxtest.gonicus.de does not provide DNS.
> Could not resolve hostname ipaserver2.linuxtest.gonicus.de using DNS. Clients may not
function
> properly. Please check your DNS setup. (Note that this check queries IPA DNS directly
and ignores
> /etc/hosts.)
> Continue? [no]: yes
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Connection check failed!
> See /var/log/ipareplica-conncheck.log for more information.
> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
> The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more
information:
>
>
>
> 2019-07-17T12:22:35Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
> 2019-07-17T12:22:36Z DEBUG failed to find session_cookie in persistent storage for
principal
> 'host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE'
> 2019-07-17T12:22:36Z DEBUG trying
https://ipaserver1.linuxtest.gonicus.de/ipa/json
> 2019-07-17T12:22:36Z DEBUG Created connection context.jsonclient_140677757574736
> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
> 2019-07-17T12:22:36Z DEBUG New HTTP connection (ipaserver1.linuxtest.gonicus.de)
> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>
'list'>)'['ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;path=/ipa;httponly;secure;']'
> 2019-07-17T12:22:36Z DEBUG storing cookie
>
'ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;'
> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
> 2019-07-17T12:22:36Z DEBUG HTTP connection keep-alive
(ipaserver1.linuxtest.gonicus.de)
> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>
'list'>)'['ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;path=/ipa;httponly;secure;']'
> 2019-07-17T12:22:36Z DEBUG storing cookie
>
'ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;'
> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
> 2019-07-17T12:22:36Z DEBUG Destroyed connection context.jsonclient_140677757574736
> 2019-07-17T12:22:36Z DEBUG Created connection context.ldap2_140677767577936
> 2019-07-17T12:22:36Z DEBUG flushing ldaps://ipaserver1.linuxtest.gonicus.de from
SchemaCache
> 2019-07-17T12:22:36Z DEBUG retrieving schema for SchemaCache
> url=ldaps://ipaserver1.linuxtest.gonicus.de conn=<ldap.ldapobject.SimpleLDAPObject
object at
> 0x7ff217c82d10>
> 2019-07-17T12:22:36Z DEBUG raw: domainlevel_get(version='2.233')
> 2019-07-17T12:22:36Z DEBUG domainlevel_get(version='2.233')
> 2019-07-17T12:22:36Z DEBUG raw: hostgroup_find(None, cn='ipaservers',
version='2.233',
> host=['ipaserver2.linuxtest.gonicus.de'])
> 2019-07-17T12:22:36Z DEBUG hostgroup_find(None, cn='ipaservers', all=False,
raw=False,
> version='2.233', no_members=True, pkey_only=False,
host=('ipaserver2.linuxtest.gonicus.de',))
> 2019-07-17T12:22:36Z WARNING Lookup failed: Preferred host
ipaserver2.linuxtest.gonicus.de does not
> provide DNS.
> 2019-07-17T12:22:36Z DEBUG Check forward/reverse DNS resolution
> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
> '192.168.122.101', '192.168.122.101']) for
ipaserver1.linuxtest.gonicus.de
> 2019-07-17T12:22:36Z DEBUG Check reverse address 192.168.122.101
(ipaserver1.linuxtest.gonicus.de)
> 2019-07-17T12:22:36Z DEBUG Address 192.168.122.101 resolves to:
ipaserver1.linuxtest.gonicus.de..
> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
> '192.168.122.101', '192.168.122.101']) for
ipaserver2.linuxtest.gonicus.de
> 2019-07-17T12:22:36Z ERROR Could not resolve hostname ipaserver2.linuxtest.gonicus.de
using DNS.
> Clients may not function properly. Please check your DNS setup. (Note that this check
queries IPA
> DNS directly and ignores /etc/hosts.)
> 2019-07-17T12:22:41Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
> 2019-07-17T12:22:41Z DEBUG raw: dns_is_enabled(version='2.233')
> 2019-07-17T12:22:41Z DEBUG dns_is_enabled(version='2.233')
> 2019-07-17T12:22:41Z DEBUG Name ipaserver2.linuxtest.gonicus.de resolved to
> {UnsafeIPAddress('192.168.122.102')}
> 2019-07-17T12:22:41Z DEBUG Searching for an interface of IP address: 192.168.122.102
> 2019-07-17T12:22:41Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface:
lo)
> 2019-07-17T12:22:41Z DEBUG Testing local IP address: 192.168.122.102/255.255.255.0
(interface: ens3)
> 2019-07-17T12:22:41Z DEBUG IP address 192.168.122.102 belongs to a private range,
using forward
> policy only
> 2019-07-17T12:22:41Z DEBUG Checking DNS server: 9.9.9.9
> 2019-07-17T12:22:41Z DEBUG will use DNS forwarders:
[CheckedIPAddressLoopback('9.9.9.9')]
>
> 2019-07-17T12:22:41Z DEBUG Destroyed connection context.ldap2_140677767577936
> 2019-07-17T12:22:41Z DEBUG Starting external process
> 2019-07-17T12:22:41Z DEBUG args=['/usr/sbin/ipa-replica-conncheck',
'--master',
> 'ipaserver1.linuxtest.gonicus.de', '--auto-master-check',
'--realm', 'LINUXTEST.GONICUS.DE',
> '--hostname', 'ipaserver2.linuxtest.gonicus.de',
'--ca-cert-file', '/etc/ipa/ca.crt']
> 2019-07-17T12:22:44Z DEBUG Process finished, return code=1
> 2019-07-17T12:22:44Z DEBUG stdout=
> 2019-07-17T12:22:44Z DEBUG stderr=Check connection from replica to remote master
> 'ipaserver1.linuxtest.gonicus.de':
> Directory Service: Unsecure port (389): OK
> Directory Service: Secure port (636): OK
> Kerberos KDC: TCP (88): OK
> Kerberos Kpasswd: TCP (464): OK
> HTTP Server: Unsecure port (80): OK
> HTTP Server: Secure port (443): OK
>
> The following list of ports use UDP protocol and would need to be
> checked manually:
> Kerberos KDC: UDP (88): SKIPPED
> Kerberos Kpasswd: UDP (464): SKIPPED
>
> In /etc/hosts is an entry for ipaserver1 and in /etc/resolv.conf also.
>
> Dirk
>
>
>
> Am 17.07.19 um 13:58 schrieb Rob Crittenden via FreeIPA-users:
>> Dirk Streubel via FreeIPA-users wrote:
>>> Hello,
>>>
>>> i've got a little Problem with ipa-replica install
>>>
>>> After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>>> --skip-conncheck
>> Why are you skipping the connection check? What fails when you do not
>> pass that option?
>>
>> rob
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...