That's weird. I've now tried a replica install on a fresh VM and it has
worked- exact same parameters as before ¬ ¬U, no "invalid
'dnszoneidnsname': only master zones can contain records". Maybe I had a
problem with the previous install failing and me cleaning up/retrying
incorrectly.
Never mind...
On Tue, Jan 9, 2018 at 7:45 PM, Martin Basti via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
do you have a traceback in log? I'm curious where exactly this
happened,
what is your FreeIPA version?
[1]
I haven't install FreeIPA in LXC, but I'm happy user of FreeIPA running in
LXC :-) So it should work
2018-01-09 11:40 GMT+01:00 Alex Corcoles via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>:
> Hi Marti,
>
> On Tue, Jan 9, 2018 at 12:46 AM, Martin Basti via FreeIPA-users <
> freeipa-users(a)lists.fedorahosted.org> wrote:
>
>> it looks that replica is trying to add records to your forward zone.
>> What is the hostname of the replica?
>>
>
> Yeah, it's
xxx.h2.int.pdp7.net, which is within the forwarded zone.
>
> I have a dnsmasq acting as DHCP/DNS server in
h2.int.pdp7.net to provide
> automatic network configuration to VMs. It's a non-routable network, so I'm
> not sure what the right setup would be.
>
> 1. what is not working on lxc?
>>
>
> It was something about GSSAPI or something like that, I'll try to
> reproduce and start a new thread about that- but I guess it's more of an
> LXC problem (ideally I would like to run my replica on LXC so it consumes
> less RAM, but I can live with a full VM).
>
> Cheers,
>
> Álex
>
> 2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <
> freeipa-users(a)lists.fedorahosted.org>:
>
>> Hi,
>>
>> I'm labbing a FreeIPA environment for personal use, and I'm getting that
>> while bringing up a replica.
>>
>> I set up my first freeipa-server instance on a cheap VPS on a public IP,
>> intend on making it publicly accessible so I can always authenticate my
>> laptop even on wild public networks.
>>
>> I'm adding the replica as a VM(1) on a Proxmox VE, on a private network
>> with VPN connectivity to the first public freeipa-server, but I'm getting:
>>
>> 2018-01-06T20:56:04Z DEBUG The ipa-replica-install command failed,
>> exception: ValidationError: invalid 'dnszoneidnsname': only master zones
>> can contain records
>>
>> . I'm trying to create the replica with CA and DNS, and I had set up DNS
>> forwarding to the internal DNS on the Proxmox system with:
>>
>> $ ipa dnsforwardzone-add
h2.int.pdp7.net --forwarder=10.42.42.1
>> $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24
>> --forwarder=10.42.42.1 --forward-policy=only
>>
>> on the first server (I run dnsmasq on Proxmox VE, 10.42.42.0/24 -
>>
h2.int.pdp7.net is the network it manages), and I guess that's messing
>> with the replica, but I'm not sure how to troubleshoot this.
>>
>> Thoughts? Ideas?
>>
>> Thanks,
>>
>> Álex
>>
>> (1) I can't seem to create a freeipa-replica on an LXC container. Is
>> this something that can be discussed here or should I take it to LXC?
>>
>> --
>> ___
>> {~._.~}
>> ( Y )
>> ()~*~() mail: alex at corcoles dot net
>> (_)-(_)
http://alex.corcoles.net/
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>>
rahosted.org
>>
>>
>
>
> --
> S pozdravom Martin Bašti.
>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>>
rahosted.org
>>
>>
>
>
> --
> ___
> {~._.~}
> ( Y )
> ()~*~() mail: alex at corcoles dot net
> (_)-(_)
http://alex.corcoles.net/
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
>
rahosted.org
>
>
--
S pozdravom Martin Bašti.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)