Hi Rob,
Your advice "You need to modify /etc/hosts to ensure that the host FQDN does not
point to 127.0.0.1 but to its actual IP address.
I am ashamed to say I either do not understand how this is done or I am confused.
I have set the hosts file as follows and there is no 127.0.0.1
I am not entirely sure what else is required to not have 127.0.0.1 not returned.
Config:
[centos@freeipa-1 ~]$ cat /etc/hosts
10.27.3.1 freeipa-1.packet.das-schiff.io freeipa-1
Kind regards, and ashamedly confused by Lentos
Charles
On 27 Oct 2020, at 16:04, Rob Crittenden <rcritten(a)redhat.com>
wrote:
Charles Sibbald via FreeIPA-users wrote:
> I get an error during freeIPA ansible install which does not seem to make sense.
>
> I have the following inventory file:
>
> ```cat inventory/hosts.cluster
> [ipaserver]
> freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
> freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
>
> [ipaserver:vars]
> ipaserver_setup_dns=yes
> ipaserver_auto_forwarders=yes
> ipaserver_no_firewalld=no
> ipaadmin_password=ADMPassword1
> ipadm_password=DMPassword1
> ipaserver_setup_dns=yes
> ipaserver_domain=packet.das-schiff.io
> ipaserver_realm=packet.das-schiff.io
> ipaserver_no_host_dns=false
>
> [ipareplicas]
> ipareplica1.test.local
>
> [ipareplicas:vars]
> ipaclient_force_join=yes
>
>
> [ipaclients]
> ipaclient1.test.local
> ipaclient2.test.local
>
> [ipaclients:vars]
> #ipaclient_use_otp=yes
> ipaclient_allow_repair=yes
>
>
> [ipa:children]
> ipaserver
> ipareplicas
> ipaclients
>
> [ipa:vars]
> ipaadmin_password=password1
> ipadm_password=password1
> ipaserver_domain=test.local
> ipaserver_realm=TEST.LOCAL
> ```
>
> and the following hosts file contents:
> ```cat /etc/hosts
> ::1 freeipa-2.packet.das-schiff.io freeipa-2
> 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
> ```
>
> however I keep getting the following error:
> ```
> <10.27.3.1> (1, b'\n{"failed": true, "msg":
"", "exception": " File
\\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\",
line 350, in main\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in
install_check\\n True, options.ip_addresses)\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line
484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation":
{"module_args": {"dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [],
"domain": "packet.das-schiff.io", "realm":
"PACKET.DAS-SCHIFF.IO", "hostname":
"freeipa-1.packet.das-schiff.io", "no_host_dns": true,
"setup_adtrust": false, "setup_kra": false, "setup_dns":
true, "external_ca": false, "allow_zone_overlap": false,
"reverse_zones": [], "no_reverse": false, "auto_reverse":
false, "forwarders": [], "no_forwar
> ders": false, "auto_forwarders": true,
"no_dnssec_validation": false, "enable_compat": false,
"setup_ca": true, "_hostname_overridden": true, "force":
false, "ca_cert_files": [], "external_cert_files": [],
"external_ca_type": null, "external_ca_profile": null,
"subject_base": null, "ca_subject": null, "forward_policy":
null, "netbios_name": null, "rid_base": null,
"secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data
/home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying
options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
/etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re
> quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid =
3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1:
mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost
address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves
to the ip address of your network interface.\nThe KDC service does not listen on
localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3:
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status
from master 1\r\n')
> <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1
Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
> debug1: Reading configuration data /home/casibbald/.ssh/config
> debug1: /home/casibbald/.ssh/config line 1: Applying options for *
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: auto-mux: Trying existing master
> debug2: fd 3 setting O_NONBLOCK
> debug2: mux_client_hello_exchange: master version 4
> debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
> debug3: mux_client_request_session: entering
> debug3: mux_client_request_alive: entering
> debug3: mux_client_request_alive: done pid = 3029733
> debug3: mux_client_request_session: session request sent
> debug1: mux_client_request_session: master session id: 2
> The hostname resolves to the localhost address (127.0.0.1/::1)
> Please change your /etc/hosts file so that the hostname
> resolves to the ip address of your network interface.
You need to modify /etc/hosts to ensure that the host FQDN does not
point to 127.0.0.1 but to its actual IP address.
rob
> The KDC service does not listen on localhost
>
> Please fix your /etc/hosts file and restart the setup program
> debug3: mux_client_read_packet: read header failed: Broken pipe
> debug2: Received exit status from master 1
> The full traceback is:
> File
"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py",
line 350, in main
> File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line
270, in install_check
> True, options.ip_addresses)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py",
line 484, in get_server_ip_address
> raise ScriptError()
> fatal: [freeipa-1]: FAILED! => {
> "changed": false,
> "invocation": {
> "module_args": {
> "_hostname_overridden": true,
> "allow_zone_overlap": false,
> "auto_forwarders": true,
> "auto_reverse": false,
> "ca_cert_files": [],
> "ca_subject": null,
> "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
> "domain": "packet.das-schiff.io",
> "enable_compat": false,
> "external_ca": false,
> "external_ca_profile": null,
> "external_ca_type": null,
> "external_cert_files": [],
> "force": false,
> "forward_policy": null,
> "forwarders": [],
> "hostname": "freeipa-1.packet.das-schiff.io",
> "ip_addresses": [],
> "netbios_name": null,
> "no_dnssec_validation": false,
> "no_forwarders": false,
> "no_host_dns": true,
> "no_reverse": false,
> "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
> "realm": "PACKET.DAS-SCHIFF.IO",
> "reverse_zones": [],
> "rid_base": null,
> "secondary_rid_base": null,
> "setup_adtrust": false,
> "setup_ca": true,
> "setup_dns": true,
> "setup_kra": false,
> "subject_base": null
> }
> },
> "msg": ""
> }
> ```