8:49 a.m.
I get an error during freeIPA ansible install which does not seem to make sense.
I have the following inventory file:
```cat inventory/hosts.cluster
[ipaserver]
freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
[ipaserver:vars]
ipaserver_setup_dns=yes
ipaserver_auto_forwarders=yes
ipaserver_no_firewalld=no
ipaadmin_password=ADMPassword1
ipadm_password=DMPassword1
ipaserver_setup_dns=yes
ipaserver_domain=packet.das-schiff.io
ipaserver_realm=packet.das-schiff.io
ipaserver_no_host_dns=false
[ipareplicas]
ipareplica1.test.local
[ipareplicas:vars]
ipaclient_force_join=yes
[ipaclients]
ipaclient1.test.local
ipaclient2.test.local
[ipaclients:vars]
#ipaclient_use_otp=yes
ipaclient_allow_repair=yes
[ipa:children]
ipaserver
ipareplicas
ipaclients
[ipa:vars]
ipaadmin_password=password1
ipadm_password=password1
ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL
```
and the following hosts file contents:
```cat /etc/hosts
::1 freeipa-2.packet.das-schiff.io freeipa-2
10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
```
however I keep getting the following error:
```
<10.27.3.1> (1, b'\n{"failed": true, "msg": "",
"exception": " File
\\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\",
line 350, in main\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in
install_check\\n True, options.ip_addresses)\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line
484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation":
{"module_args": {"dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [],
"domain": "packet.das-schiff.io", "realm":
"PACKET.DAS-SCHIFF.IO", "hostname":
"freeipa-1.packet.das-schiff.io", "no_host_dns": true,
"setup_adtrust": false, "setup_kra": false, "setup_dns":
true, "external_ca": false, "allow_zone_overlap": false,
"reverse_zones": [], "no_reverse": false, "auto_reverse":
false, "forwarders": [], "no_forwar
ders": false, "auto_forwarders": true, "no_dnssec_validation":
false, "enable_compat": false, "setup_ca": true,
"_hostname_overridden": true, "force": false,
"ca_cert_files": [], "external_cert_files": [],
"external_ca_type": null, "external_ca_profile": null,
"subject_base": null, "ca_subject": null, "forward_policy":
null, "netbios_name": null, "rid_base": null,
"secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data
/home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying
options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
/etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re
quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3:
mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session:
master session id: 2\r\nThe hostname resolves to the localhost address
(127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the
ip address of your network interface.\nThe KDC service does not listen on
localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3:
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status
from master 1\r\n')
<10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/casibbald/.ssh/config
debug1: /home/casibbald/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 3029733
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
The hostname resolves to the localhost address (127.0.0.1/::1)
Please change your /etc/hosts file so that the hostname
resolves to the ip address of your network interface.
The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
The full traceback is:
File
"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py",
line 350, in main
File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270, in
install_check
True, options.ip_addresses)
File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py",
line 484, in get_server_ip_address
raise ScriptError()
fatal: [freeipa-1]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"_hostname_overridden": true,
"allow_zone_overlap": false,
"auto_forwarders": true,
"auto_reverse": false,
"ca_cert_files": [],
"ca_subject": null,
"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain": "packet.das-schiff.io",
"enable_compat": false,
"external_ca": false,
"external_ca_profile": null,
"external_ca_type": null,
"external_cert_files": [],
"force": false,
"forward_policy": null,
"forwarders": [],
"hostname": "freeipa-1.packet.das-schiff.io",
"ip_addresses": [],
"netbios_name": null,
"no_dnssec_validation": false,
"no_forwarders": false,
"no_host_dns": true,
"no_reverse": false,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"realm": "PACKET.DAS-SCHIFF.IO",
"reverse_zones": [],
"rid_base": null,
"secondary_rid_base": null,
"setup_adtrust": false,
"setup_ca": true,
"setup_dns": true,
"setup_kra": false,
"subject_base": null
}
},
"msg": ""
}
```
9:04 a.m.
Charles Sibbald via FreeIPA-users wrote:
I get an error during freeIPA ansible install which does not seem to
make sense.
I have the following inventory file:
```cat inventory/hosts.cluster
[ipaserver]
freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
[ipaserver:vars]
ipaserver_setup_dns=yes
ipaserver_auto_forwarders=yes
ipaserver_no_firewalld=no
ipaadmin_password=ADMPassword1
ipadm_password=DMPassword1
ipaserver_setup_dns=yes
ipaserver_domain=packet.das-schiff.io
ipaserver_realm=packet.das-schiff.io
ipaserver_no_host_dns=false
[ipareplicas]
ipareplica1.test.local
[ipareplicas:vars]
ipaclient_force_join=yes
[ipaclients]
ipaclient1.test.local
ipaclient2.test.local
[ipaclients:vars]
#ipaclient_use_otp=yes
ipaclient_allow_repair=yes
[ipa:children]
ipaserver
ipareplicas
ipaclients
[ipa:vars]
ipaadmin_password=password1
ipadm_password=password1
ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL
```
and the following hosts file contents:
```cat /etc/hosts
::1 freeipa-2.packet.das-schiff.io freeipa-2
10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
```
however I keep getting the following error:
```
<10.27.3.1> (1, b'\n{"failed": true, "msg": "",
"exception": " File
\\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\",
line 350, in main\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in
install_check\\n True, options.ip_addresses)\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line
484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation":
{"module_args": {"dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [],
"domain": "packet.das-schiff.io", "realm":
"PACKET.DAS-SCHIFF.IO", "hostname":
"freeipa-1.packet.das-schiff.io", "no_host_dns": true,
"setup_adtrust": false, "setup_kra": false, "setup_dns":
true, "external_ca": false, "allow_zone_overlap": false,
"reverse_zones": [], "no_reverse": false, "auto_reverse":
false, "forwarders": [], "no_forwar
ders": false, "auto_forwarders": true, "no_dnssec_validation":
false, "enable_compat": false, "setup_ca": true,
"_hostname_overridden": true, "force": false,
"ca_cert_files": [], "external_cert_files": [],
"external_ca_type": null, "external_ca_profile": null,
"subject_base": null, "ca_subject": null, "forward_policy":
null, "netbios_name": null, "rid_base": null,
"secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data
/home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying
options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
/etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re
quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3:
mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session:
master session id: 2\r\nThe hostname resolves to the localhost address
(127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the
ip address of your network interface.\nThe KDC service does not listen on
localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3:
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status
from master 1\r\n')
<10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/casibbald/.ssh/config
debug1: /home/casibbald/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 3029733
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
The hostname resolves to the localhost address (127.0.0.1/::1)
Please change your /etc/hosts file so that the hostname
resolves to the ip address of your network interface.
You need to modify /etc/hosts to ensure that the host FQDN does not
point to 127.0.0.1 but to its actual IP address.
rob
The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
The full traceback is:
File
"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py",
line 350, in main
File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270,
in install_check
True, options.ip_addresses)
File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py",
line 484, in get_server_ip_address
raise ScriptError()
fatal: [freeipa-1]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"_hostname_overridden": true,
"allow_zone_overlap": false,
"auto_forwarders": true,
"auto_reverse": false,
"ca_cert_files": [],
"ca_subject": null,
"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain": "packet.das-schiff.io",
"enable_compat": false,
"external_ca": false,
"external_ca_profile": null,
"external_ca_type": null,
"external_cert_files": [],
"force": false,
"forward_policy": null,
"forwarders": [],
"hostname": "freeipa-1.packet.das-schiff.io",
"ip_addresses": [],
"netbios_name": null,
"no_dnssec_validation": false,
"no_forwarders": false,
"no_host_dns": true,
"no_reverse": false,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"realm": "PACKET.DAS-SCHIFF.IO",
"reverse_zones": [],
"rid_base": null,
"secondary_rid_base": null,
"setup_adtrust": false,
"setup_ca": true,
"setup_dns": true,
"setup_kra": false,
"subject_base": null
}
},
"msg": ""
}
```
9:14 a.m.
Hi Rob,
Your advice "You need to modify /etc/hosts to ensure that the host FQDN does not
point to 127.0.0.1 but to its actual IP address.
I am ashamed to say I either do not understand how this is done or I am confused.
I have set the hosts file as follows and there is no 127.0.0.1
I am not entirely sure what else is required to not have 127.0.0.1 not returned.
Config:
[centos@freeipa-1 ~]$ cat /etc/hosts
10.27.3.1 freeipa-1.packet.das-schiff.io freeipa-1
Kind regards, and ashamedly confused by Lentos
Charles
On 27 Oct 2020, at 16:04, Rob Crittenden <rcritten(a)redhat.com>
wrote:
Charles Sibbald via FreeIPA-users wrote:
> I get an error during freeIPA ansible install which does not seem to make sense.
>
> I have the following inventory file:
>
> ```cat inventory/hosts.cluster
> [ipaserver]
> freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
> freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
>
> [ipaserver:vars]
> ipaserver_setup_dns=yes
> ipaserver_auto_forwarders=yes
> ipaserver_no_firewalld=no
> ipaadmin_password=ADMPassword1
> ipadm_password=DMPassword1
> ipaserver_setup_dns=yes
> ipaserver_domain=packet.das-schiff.io
> ipaserver_realm=packet.das-schiff.io
> ipaserver_no_host_dns=false
>
> [ipareplicas]
> ipareplica1.test.local
>
> [ipareplicas:vars]
> ipaclient_force_join=yes
>
>
> [ipaclients]
> ipaclient1.test.local
> ipaclient2.test.local
>
> [ipaclients:vars]
> #ipaclient_use_otp=yes
> ipaclient_allow_repair=yes
>
>
> [ipa:children]
> ipaserver
> ipareplicas
> ipaclients
>
> [ipa:vars]
> ipaadmin_password=password1
> ipadm_password=password1
> ipaserver_domain=test.local
> ipaserver_realm=TEST.LOCAL
> ```
>
> and the following hosts file contents:
> ```cat /etc/hosts
> ::1 freeipa-2.packet.das-schiff.io freeipa-2
> 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
> ```
>
> however I keep getting the following error:
> ```
> <10.27.3.1> (1, b'\n{"failed": true, "msg":
"", "exception": " File
\\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\",
line 350, in main\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in
install_check\\n True, options.ip_addresses)\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line
484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation":
{"module_args": {"dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [],
"domain": "packet.das-schiff.io", "realm":
"PACKET.DAS-SCHIFF.IO", "hostname":
"freeipa-1.packet.das-schiff.io", "no_host_dns": true,
"setup_adtrust": false, "setup_kra": false, "setup_dns":
true, "external_ca": false, "allow_zone_overlap": false,
"reverse_zones": [], "no_reverse": false, "auto_reverse":
false, "forwarders": [], "no_forwar
> ders": false, "auto_forwarders": true,
"no_dnssec_validation": false, "enable_compat": false,
"setup_ca": true, "_hostname_overridden": true, "force":
false, "ca_cert_files": [], "external_cert_files": [],
"external_ca_type": null, "external_ca_profile": null,
"subject_base": null, "ca_subject": null, "forward_policy":
null, "netbios_name": null, "rid_base": null,
"secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data
/home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying
options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
/etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re
> quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid =
3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1:
mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost
address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves
to the ip address of your network interface.\nThe KDC service does not listen on
localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3:
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status
from master 1\r\n')
> <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1
Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
> debug1: Reading configuration data /home/casibbald/.ssh/config
> debug1: /home/casibbald/.ssh/config line 1: Applying options for *
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: auto-mux: Trying existing master
> debug2: fd 3 setting O_NONBLOCK
> debug2: mux_client_hello_exchange: master version 4
> debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
> debug3: mux_client_request_session: entering
> debug3: mux_client_request_alive: entering
> debug3: mux_client_request_alive: done pid = 3029733
> debug3: mux_client_request_session: session request sent
> debug1: mux_client_request_session: master session id: 2
> The hostname resolves to the localhost address (127.0.0.1/::1)
> Please change your /etc/hosts file so that the hostname
> resolves to the ip address of your network interface.
You need to modify /etc/hosts to ensure that the host FQDN does not
point to 127.0.0.1 but to its actual IP address.
rob
> The KDC service does not listen on localhost
>
> Please fix your /etc/hosts file and restart the setup program
> debug3: mux_client_read_packet: read header failed: Broken pipe
> debug2: Received exit status from master 1
> The full traceback is:
> File
"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py",
line 350, in main
> File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line
270, in install_check
> True, options.ip_addresses)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py",
line 484, in get_server_ip_address
> raise ScriptError()
> fatal: [freeipa-1]: FAILED! => {
> "changed": false,
> "invocation": {
> "module_args": {
> "_hostname_overridden": true,
> "allow_zone_overlap": false,
> "auto_forwarders": true,
> "auto_reverse": false,
> "ca_cert_files": [],
> "ca_subject": null,
> "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
> "domain": "packet.das-schiff.io",
> "enable_compat": false,
> "external_ca": false,
> "external_ca_profile": null,
> "external_ca_type": null,
> "external_cert_files": [],
> "force": false,
> "forward_policy": null,
> "forwarders": [],
> "hostname": "freeipa-1.packet.das-schiff.io",
> "ip_addresses": [],
> "netbios_name": null,
> "no_dnssec_validation": false,
> "no_forwarders": false,
> "no_host_dns": true,
> "no_reverse": false,
> "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
> "realm": "PACKET.DAS-SCHIFF.IO",
> "reverse_zones": [],
> "rid_base": null,
> "secondary_rid_base": null,
> "setup_adtrust": false,
> "setup_ca": true,
> "setup_dns": true,
> "setup_kra": false,
> "subject_base": null
> }
> },
> "msg": ""
> }
> ```
9:30 a.m.
Realised the error:
Somehow I deleted the 127.0.0.1 localhost entry.
Cheers
On 27 Oct 2020, at 16:14, Charles Sibbald <casibbald(a)gmail.com>
wrote:
Hi Rob,
Your advice "You need to modify /etc/hosts to ensure that the host FQDN does not
point to 127.0.0.1 but to its actual IP address.
I am ashamed to say I either do not understand how this is done or I am confused.
I have set the hosts file as follows and there is no 127.0.0.1
I am not entirely sure what else is required to not have 127.0.0.1 not returned.
Config:
[centos@freeipa-1 ~]$ cat /etc/hosts
10.27.3.1 freeipa-1.packet.das-schiff.io freeipa-1
Kind regards, and ashamedly confused by Lentos
Charles
> On 27 Oct 2020, at 16:04, Rob Crittenden <rcritten(a)redhat.com> wrote:
>
> Charles Sibbald via FreeIPA-users wrote:
>> I get an error during freeIPA ansible install which does not seem to make sense.
>>
>> I have the following inventory file:
>>
>> ```cat inventory/hosts.cluster
>> [ipaserver]
>> freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
>> freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
>>
>> [ipaserver:vars]
>> ipaserver_setup_dns=yes
>> ipaserver_auto_forwarders=yes
>> ipaserver_no_firewalld=no
>> ipaadmin_password=ADMPassword1
>> ipadm_password=DMPassword1
>> ipaserver_setup_dns=yes
>> ipaserver_domain=packet.das-schiff.io
>> ipaserver_realm=packet.das-schiff.io
>> ipaserver_no_host_dns=false
>>
>> [ipareplicas]
>> ipareplica1.test.local
>>
>> [ipareplicas:vars]
>> ipaclient_force_join=yes
>>
>>
>> [ipaclients]
>> ipaclient1.test.local
>> ipaclient2.test.local
>>
>> [ipaclients:vars]
>> #ipaclient_use_otp=yes
>> ipaclient_allow_repair=yes
>>
>>
>> [ipa:children]
>> ipaserver
>> ipareplicas
>> ipaclients
>>
>> [ipa:vars]
>> ipaadmin_password=password1
>> ipadm_password=password1
>> ipaserver_domain=test.local
>> ipaserver_realm=TEST.LOCAL
>> ```
>>
>> and the following hosts file contents:
>> ```cat /etc/hosts
>> ::1 freeipa-2.packet.das-schiff.io freeipa-2
>> 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
>> ```
>>
>> however I keep getting the following error:
>> ```
>> <10.27.3.1> (1, b'\n{"failed": true, "msg":
"", "exception": " File
\\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\",
line 350, in main\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in
install_check\\n True, options.ip_addresses)\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line
484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation":
{"module_args": {"dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [],
"domain": "packet.das-schiff.io", "realm":
"PACKET.DAS-SCHIFF.IO", "hostname":
"freeipa-1.packet.das-schiff.io", "no_host_dns": true,
"setup_adtrust": false, "setup_kra": false, "setup_dns":
true, "external_ca": false, "allow_zone_overlap": false,
"reverse_zones": [], "no_reverse": false, "auto_reverse":
false, "forwarders": [], "no_forwar
>> ders": false, "auto_forwarders": true,
"no_dnssec_validation": false, "enable_compat": false,
"setup_ca": true, "_hostname_overridden": true, "force":
false, "ca_cert_files": [], "external_cert_files": [],
"external_ca_type": null, "external_ca_profile": null,
"subject_base": null, "ca_subject": null, "forward_policy":
null, "netbios_name": null, "rid_base": null,
"secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3,
OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data
/home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying
options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
/etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0
remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re
>> quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid =
3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1:
mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost
address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves
to the ip address of your network interface.\nThe KDC service does not listen on
localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3:
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status
from master 1\r\n')
>> <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1
Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
>> debug1: Reading configuration data /home/casibbald/.ssh/config
>> debug1: /home/casibbald/.ssh/config line 1: Applying options for *
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>> debug1: auto-mux: Trying existing master
>> debug2: fd 3 setting O_NONBLOCK
>> debug2: mux_client_hello_exchange: master version 4
>> debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
>> debug3: mux_client_request_session: entering
>> debug3: mux_client_request_alive: entering
>> debug3: mux_client_request_alive: done pid = 3029733
>> debug3: mux_client_request_session: session request sent
>> debug1: mux_client_request_session: master session id: 2
>> The hostname resolves to the localhost address (127.0.0.1/::1)
>> Please change your /etc/hosts file so that the hostname
>> resolves to the ip address of your network interface.
>
> You need to modify /etc/hosts to ensure that the host FQDN does not
> point to 127.0.0.1 but to its actual IP address.
>
> rob
>
>> The KDC service does not listen on localhost
>>
>> Please fix your /etc/hosts file and restart the setup program
>> debug3: mux_client_read_packet: read header failed: Broken pipe
>> debug2: Received exit status from master 1
>> The full traceback is:
>> File
"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py",
line 350, in main
>> File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line
270, in install_check
>> True, options.ip_addresses)
>> File
"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 484,
in get_server_ip_address
>> raise ScriptError()
>> fatal: [freeipa-1]: FAILED! => {
>> "changed": false,
>> "invocation": {
>> "module_args": {
>> "_hostname_overridden": true,
>> "allow_zone_overlap": false,
>> "auto_forwarders": true,
>> "auto_reverse": false,
>> "ca_cert_files": [],
>> "ca_subject": null,
>> "dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
>> "domain": "packet.das-schiff.io",
>> "enable_compat": false,
>> "external_ca": false,
>> "external_ca_profile": null,
>> "external_ca_type": null,
>> "external_cert_files": [],
>> "force": false,
>> "forward_policy": null,
>> "forwarders": [],
>> "hostname": "freeipa-1.packet.das-schiff.io",
>> "ip_addresses": [],
>> "netbios_name": null,
>> "no_dnssec_validation": false,
>> "no_forwarders": false,
>> "no_host_dns": true,
>> "no_reverse": false,
>> "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
>> "realm": "PACKET.DAS-SCHIFF.IO",
>> "reverse_zones": [],
>> "rid_base": null,
>> "secondary_rid_base": null,
>> "setup_adtrust": false,
>> "setup_ca": true,
>> "setup_dns": true,
>> "setup_kra": false,
>> "subject_base": null
>> }
>> },
>> "msg": ""
>> }
>> ```
>
9:08 a.m.
Hi,
As stated in the error, KDC will not work if it resolves to the localhost
(::1) address. To fix your installation, modify your /etc/hosts to
```
::1 localhost localhost6
10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
```
Take care,
Rafael
On Tue, Oct 27, 2020 at 10:50 AM Charles Sibbald via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
I get an error during freeIPA ansible install which does not seem to
make
sense.
I have the following inventory file:
```cat inventory/hosts.cluster
[ipaserver]
freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos'
ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
[ipaserver:vars]
ipaserver_setup_dns=yes
ipaserver_auto_forwarders=yes
ipaserver_no_firewalld=no
ipaadmin_password=ADMPassword1
ipadm_password=DMPassword1
ipaserver_setup_dns=yes
ipaserver_domain=packet.das-schiff.io
ipaserver_realm=packet.das-schiff.io
ipaserver_no_host_dns=false
[ipareplicas]
ipareplica1.test.local
[ipareplicas:vars]
ipaclient_force_join=yes
[ipaclients]
ipaclient1.test.local
ipaclient2.test.local
[ipaclients:vars]
#ipaclient_use_otp=yes
ipaclient_allow_repair=yes
[ipa:children]
ipaserver
ipareplicas
ipaclients
[ipa:vars]
ipaadmin_password=password1
ipadm_password=password1
ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL
```
and the following hosts file contents:
```cat /etc/hosts
::1 freeipa-2.packet.das-schiff.io freeipa-2
10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
```
however I keep getting the following error:
```
<10.27.3.1> (1, b'\n{"failed": true, "msg": "",
"exception": " File
\\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\",
line 350, in main\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270,
in install_check\\n True, options.ip_addresses)\\n File
\\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\",
line 484, in get_server_ip_address\\n raise ScriptError()\\n",
"invocation": {"module_args": {"dm_password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [],
"domain": "
packet.das-schiff.io", "realm": "PACKET.DAS-SCHIFF.IO",
"hostname": "
freeipa-1.packet.das-schiff.io", "no_host_dns": true,
"setup_adtrust":
false, "setup_kra": false, "setup_dns": true,
"external_ca": false,
"allow_zone_overlap": false, "reverse_zones": [],
"no_reverse": false,
"auto_reverse": false, "forwarders": [], "no_forwar
ders": false, "auto_forwarders": true, "no_dnssec_validation":
false,
"enable_compat": false, "setup_ca": true,
"_hostname_overridden": true,
"force": false, "ca_cert_files": [], "external_cert_files":
[],
"external_ca_type": null, "external_ca_profile": null,
"subject_base":
null, "ca_subject": null, "forward_policy": null,
"netbios_name": null,
"rid_base": null, "secondary_rid_base": null}}}\n',
b'OpenSSH_7.6p1
Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading
configuration data /home/casibbald/.ssh/config\r\ndebug1:
/home/casibbald/.ssh/config line 1: Applying options for *\r\ndebug1:
Reading configuration data /etc/ssh/ssh_config\r\ndebug1:
/etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux:
Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2:
mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards:
request forwardings: 0 local, 0 remote\r\ndebug3:
mux_client_request_session: entering\r\ndebug3: mux_client_re
quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid =
3029733\r\ndebug3: mux_client_request_session: session request
sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nThe
hostname resolves to the localhost address (127.0.0.1/::1)\nPlease change
your /etc/hosts file so that the hostname\nresolves to the ip address of
your network interface.\nThe KDC service does not listen on
localhost\n\nPlease fix your /etc/hosts file and restart the setup
program\ndebug3: mux_client_read_packet: read header failed: Broken
pipe\r\ndebug2: Received exit status from master 1\r\n')
<10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1
Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/casibbald/.ssh/config
debug1: /home/casibbald/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 3029733
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
The hostname resolves to the localhost address (127.0.0.1/::1)
Please change your /etc/hosts file so that the hostname
resolves to the ip address of your network interface.
The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
The full traceback is:
File
"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py",
line 350, in main
File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line
270, in install_check
True, options.ip_addresses)
File
"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line
484, in get_server_ip_address
raise ScriptError()
fatal: [freeipa-1]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"_hostname_overridden": true,
"allow_zone_overlap": false,
"auto_forwarders": true,
"auto_reverse": false,
"ca_cert_files": [],
"ca_subject": null,
"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"domain": "packet.das-schiff.io",
"enable_compat": false,
"external_ca": false,
"external_ca_profile": null,
"external_ca_type": null,
"external_cert_files": [],
"force": false,
"forward_policy": null,
"forwarders": [],
"hostname": "freeipa-1.packet.das-schiff.io",
"ip_addresses": [],
"netbios_name": null,
"no_dnssec_validation": false,
"no_forwarders": false,
"no_host_dns": true,
"no_reverse": false,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"realm": "PACKET.DAS-SCHIFF.IO",
"reverse_zones": [],
"rid_base": null,
"secondary_rid_base": null,
"setup_adtrust": false,
"setup_ca": true,
"setup_dns": true,
"setup_kra": false,
"subject_base": null
}
},
"msg": ""
}
```
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
1270
days inactive
1270
days old
freeipa-users@lists.fedorahosted.org
4 comments
3 participants
participants (3)
-
Charles Sibbald -
Rafael Jeffman -
Rob Crittenden