On 08/05/2019 14:28, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
> hi guys,
> this must be something trivial and I must have gone blind, can you spot
> what I missed?
> $ ipa-replica-install --setup-dns --no-forwarders --ip-address=10.5.8.65
> WARNING: conflicting time&date synchronization service 'chronyd' will
> be disabled in favor of ntpd
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> ipapython.admintool: ERROR The host name rider.xxx does not match the
> primary host name rider-ring8.xxx. Please check /etc/hosts or DNS name
> $ host -r 10.5.8.97
> 188.8.131.52.in-addr.arpa domain name pointer rider.xxx.
> 184.108.40.206.in-addr.arpa domain name pointer rider-ring8.xxx.
> $ host -r 10.5.8.49
> 220.127.116.11.in-addr.arpa domain name pointer whale.xxx.
> 18.104.22.168.in-addr.arpa domain name pointer whale-ring8.xxx.
> $ host rider-ring8..
> rider-ring8. has address 10.5.8.97
> $ host rider..
> rider. has address 10.5.8.97
> Primary hostname of the box replica-install complains of is rider.xxx.
> Why IPA thinks it is rider-ring8.xxx ?
> What can be wrong?
/etc/hosts perhaps, though it could also be that DNS is doing
round-robin on the reverse lookup so the results are inconsistent.
You can try --no-host-dns to skip the lookup but it may portend future
freaking hell... installation of replica failed and now I have "invalid
'PKINIT enabled server': all masters must have IPA master role enabled"
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/10]: stopping directory server
[2/10]: saving configuration
[3/10]: disabling listeners
[4/10]: enabling DS global lock
[5/10]: disabling Schema Compat
[6/10]: starting directory server
[7/10]: upgrading server
ipaserver.install.upgradeinstance: ERROR Upgrade failed with cannot
connect to 'ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket':
[error] RuntimeError: cannot connect to
[cleanup]: stopping directory server
[cleanup]: restoring configuration
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR Update failed: cannot connect to
ipapython.admintool: ERROR The ipa-replica-install command failed.
See /var/log/ipareplica-install.log for more information
I have that log if somebody would want to have a look. But how to get
out from that "PKINIT enabled server" ??
many thanks, L.