6:31 a.m.
Hello,
i've got a little Problem with ipa-replica install
After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
--skip-conncheck
the replica install interrupt with the following comment:
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://ipaserver1.linuxtest.gonicus.de:389] reports: Update failed! Status: [Error (-1) -
LDAP
error: Can't contact LDAP server - no response received]
I have tested the IPA Replica with Fedora 30 and Rawhide, the error is the same.
Here comes the last entries of the /var/log/ipareplica-install.log, i think this may
help.
[root@ipaserver2 ~]# tail -n +1846 /var/log/ipareplica-install.log
2019-07-17T10:51:15Z DEBUG stderr=ldap_initialize(
ldapi://%2Fvar%2Frun%2Fslapd-LINUXTEST-GONICUS-DE.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-07-17T10:51:15Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.02 sec
2019-07-17T10:51:15Z DEBUG [25/41]: restarting directory server
2019-07-17T10:51:15Z DEBUG Destroyed connection context.ldap2_140587719084688
2019-07-17T10:51:15Z DEBUG Starting external process
2019-07-17T10:51:15Z DEBUG args=['/bin/systemctl', '--system',
'daemon-reload']
2019-07-17T10:51:15Z DEBUG Process finished, return code=0
2019-07-17T10:51:15Z DEBUG stdout=
2019-07-17T10:51:15Z DEBUG stderr=
2019-07-17T10:51:15Z DEBUG Starting external process
2019-07-17T10:51:15Z DEBUG args=['/bin/systemctl', 'restart',
'dirsrv(a)LINUXTEST-GONICUS-DE.service']
2019-07-17T10:51:18Z DEBUG Process finished, return code=0
2019-07-17T10:51:18Z DEBUG stdout=
2019-07-17T10:51:18Z DEBUG stderr=
2019-07-17T10:51:18Z DEBUG Starting external process
2019-07-17T10:51:18Z DEBUG args=['/bin/systemctl', 'is-active',
'dirsrv(a)LINUXTEST-GONICUS-DE.service']
2019-07-17T10:51:18Z DEBUG Process finished, return code=0
2019-07-17T10:51:18Z DEBUG stdout=active
2019-07-17T10:51:18Z DEBUG stderr=
2019-07-17T10:51:18Z DEBUG wait_for_open_ports: localhost [389] timeout 120
2019-07-17T10:51:18Z DEBUG waiting for port: 389
2019-07-17T10:51:18Z DEBUG SUCCESS: port: 389
2019-07-17T10:51:18Z DEBUG Restart of dirsrv(a)LINUXTEST-GONICUS-DE.service complete
2019-07-17T10:51:18Z DEBUG Starting external process
2019-07-17T10:51:18Z DEBUG args=['/bin/systemctl', 'is-active',
'dirsrv(a)LINUXTEST-GONICUS-DE.service']
2019-07-17T10:51:18Z DEBUG Process finished, return code=0
2019-07-17T10:51:18Z DEBUG stdout=active
2019-07-17T10:51:18Z DEBUG stderr=
2019-07-17T10:51:18Z DEBUG Created connection context.ldap2_140587719084688
2019-07-17T10:51:18Z DEBUG step duration: dirsrv __restart_instance 3.15 sec
2019-07-17T10:51:18Z DEBUG [26/41]: creating DS keytab
2019-07-17T10:51:18Z DEBUG raw:
service_add('ldap/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE',
force=True, version='2.233')
2019-07-17T10:51:18Z DEBUG
service_add(ipapython.kerberos.Principal('ldap/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE'),
force=True, skip_host_check=False, all=False, raw=False, version='2.233',
no_members=False)
2019-07-17T10:51:18Z DEBUG raw: host_show('ipaserver2.linuxtest.gonicus.de',
version='2.233')
2019-07-17T10:51:18Z DEBUG host_show('ipaserver2.linuxtest.gonicus.de',
rights=False, all=False,
raw=False, version='2.233', no_members=False)
2019-07-17T10:51:18Z DEBUG Backing up system configuration file
'/etc/dirsrv/ds.keytab'
2019-07-17T10:51:18Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab'
doesn't exist
2019-07-17T10:51:18Z DEBUG Starting external process
2019-07-17T10:51:18Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k',
'/etc/dirsrv/ds.keytab', '-p',
'ldap/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE', '-H',
'ldaps://ipaserver1.linuxtest.gonicus.de']
2019-07-17T10:51:18Z DEBUG Process finished, return code=0
2019-07-17T10:51:18Z DEBUG stdout=
2019-07-17T10:51:18Z DEBUG stderr=Keytab successfully retrieved and stored in:
/etc/dirsrv/ds.keytab
2019-07-17T10:51:18Z DEBUG step duration: dirsrv request_service_keytab 0.08 sec
2019-07-17T10:51:18Z DEBUG [27/41]: ignore time skew for initial replication
2019-07-17T10:51:18Z DEBUG Starting external process
2019-07-17T10:51:18Z DEBUG args=['/usr/bin/ldapmodify', '-v',
'-f', '/tmp/tmpijxp8wcg', '-H',
'ldapi://%2Fvar%2Frun%2Fslapd-LINUXTEST-GONICUS-DE.socket', '-Y',
'EXTERNAL']
2019-07-17T10:51:18Z DEBUG Process finished, return code=0
2019-07-17T10:51:18Z DEBUG stdout=replace nsslapd-ignore-time-skew:
on
modifying entry "cn=config"
modify complete
2019-07-17T10:51:18Z DEBUG stderr=ldap_initialize(
ldapi://%2Fvar%2Frun%2Fslapd-LINUXTEST-GONICUS-DE.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2019-07-17T10:51:18Z DEBUG step duration: dirsrv __replica_ignore_initial_time_skew 0.04
sec
2019-07-17T10:51:18Z DEBUG [28/41]: setting up initial replication
2019-07-17T10:51:18Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2Fvar%2Frun%2Fslapd-LINUXTEST-GONICUS-DE.socket
conn=<ldap.ldapobject.SimpleLDAPObject
object at 0x7fdd1e59a690>
2019-07-17T10:51:19Z DEBUG Destroyed connection context.ldap2_140587719084688
2019-07-17T10:51:19Z DEBUG Starting external process
2019-07-17T10:51:19Z DEBUG args=['/bin/systemctl', '--system',
'daemon-reload']
2019-07-17T10:51:19Z DEBUG Process finished, return code=0
2019-07-17T10:51:19Z DEBUG stdout=
2019-07-17T10:51:19Z DEBUG stderr=
2019-07-17T10:51:19Z DEBUG Starting external process
2019-07-17T10:51:19Z DEBUG args=['/bin/systemctl', 'restart',
'dirsrv(a)LINUXTEST-GONICUS-DE.service']
2019-07-17T10:51:22Z DEBUG Process finished, return code=0
2019-07-17T10:51:22Z DEBUG stdout=
2019-07-17T10:51:22Z DEBUG stderr=
2019-07-17T10:51:22Z DEBUG Restart of dirsrv(a)LINUXTEST-GONICUS-DE.service complete
2019-07-17T10:51:22Z DEBUG Created connection context.ldap2_140587719084688
2019-07-17T10:51:22Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2019-07-17T10:51:22Z DEBUG retrieving schema for SchemaCache
url=ldap://ipaserver1.linuxtest.gonicus.de:389 conn=<ldap.ldapobject.SimpleLDAPObject
object at
0x7fdd1e3f5710>
2019-07-17T10:51:22Z DEBUG Successfully updated nsDS5ReplicaId.
2019-07-17T10:51:22Z DEBUG Add or update replica config
cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping tree,cn=config
2019-07-17T10:51:22Z DEBUG Added replica config
cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping tree,cn=config
2019-07-17T10:51:22Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2019-07-17T10:51:22Z DEBUG Successfully updated nsDS5ReplicaId.
2019-07-17T10:51:22Z DEBUG Add or update replica config
cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping tree,cn=config
2019-07-17T10:51:22Z DEBUG Added replica config
cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping tree,cn=config
2019-07-17T10:51:22Z DEBUG Waiting for replication
(ldap://ipaserver1.linuxtest.gonicus.de:389)
cn=meToipaserver2.linuxtest.gonicus.de,cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping
tree,cn=config (objectclass=*)
2019-07-17T10:51:22Z DEBUG Entry found
[LDAPEntry(ipapython.dn.DN('cn=meToipaserver2.linuxtest.gonicus.de,cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping
tree,cn=config'), {'objectClass': [b'nsds5replicationagreement',
b'top'], 'cn':
[b'meToipaserver2.linuxtest.gonicus.de'], 'nsDS5ReplicaHost':
[b'ipaserver2.linuxtest.gonicus.de'],
'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout':
[b'120'], 'nsDS5ReplicaRoot':
[b'dc=linuxtest,dc=gonicus,dc=de'], 'description': [b'me to
ipaserver2.linuxtest.gonicus.de'],
'nsDS5ReplicatedAttributeList': [b'(objectclass=*) $ EXCLUDE memberof
idnssoaserial entryusn
krblastsuccessfulauth krblastfailedauth krbloginfailedcount'],
'nsDS5ReplicaTransportInfo':
[b'LDAP'], 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'],
'nsds5ReplicaStripAttrs': [b'modifiersName
modifyTimestamp internalModifiersName internalModifyTimestamp'],
'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE entryusn
krblastsuccessfulauth
krblastfailedauth krbloginfailedcount'], 'nsds5replicareapactive':
[b'0'],
'nsds5replicaLastUpdateStart': [b'19700101000000Z'],
'nsds5replicaLastUpdateEnd':
[b'19700101000000Z'], 'nsds5replicaChangesSentSinceStartup':
[b''], 'nsds5replicaLastUpdateStatus':
[b"Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP
server (connection
error)"], 'nsds5replicaLastUpdateStatusJSON': [b'{"state":
"red", "ldap_rc": "-1", "ldap_rc_text":
"Can\'t contact LDAP server", "repl_rc": "16",
"repl_rc_text": "connection error", "date":
"2019-07-17T10:51:22Z", "message": "Error (-1) Problem connecting
to replica - LDAP error: Can\'t
contact LDAP server (connection error)"}'],
'nsds5replicaUpdateInProgress': [b'FALSE'],
'nsds5replicaLastInitStart': [b'19700101000000Z'],
'nsds5replicaLastInitEnd': [b'19700101000000Z']})]
2019-07-17T10:51:22Z DEBUG Waiting for replication
(ldapi://%2Fvar%2Frun%2Fslapd-LINUXTEST-GONICUS-DE.socket)
cn=meToipaserver1.linuxtest.gonicus.de,cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping
tree,cn=config (objectclass=*)
2019-07-17T10:51:22Z DEBUG Entry found
[LDAPEntry(ipapython.dn.DN('cn=meToipaserver1.linuxtest.gonicus.de,cn=replica,cn=dc\=linuxtest\,dc\=gonicus\,dc\=de,cn=mapping
tree,cn=config'), {'objectClass': [b'nsds5replicationagreement',
b'top'], 'cn':
[b'meToipaserver1.linuxtest.gonicus.de'], 'nsDS5ReplicaHost':
[b'ipaserver1.linuxtest.gonicus.de'],
'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout':
[b'120'], 'nsDS5ReplicaRoot':
[b'dc=linuxtest,dc=gonicus,dc=de'], 'description': [b'me to
ipaserver1.linuxtest.gonicus.de'],
'nsDS5ReplicatedAttributeList': [b'(objectclass=*) $ EXCLUDE memberof
idnssoaserial entryusn
krblastsuccessfulauth krblastfailedauth krbloginfailedcount'],
'nsDS5ReplicaTransportInfo':
[b'LDAP'], 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'],
'nsds5ReplicaStripAttrs': [b'modifiersName
modifyTimestamp internalModifiersName internalModifyTimestamp'],
'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE entryusn
krblastsuccessfulauth
krblastfailedauth krbloginfailedcount'], 'nsds5replicareapactive':
[b'0'],
'nsds5replicaLastUpdateStart': [b'19700101000000Z'],
'nsds5replicaLastUpdateEnd':
[b'19700101000000Z'], 'nsds5replicaChangesSentSinceStartup':
[b''], 'nsds5replicaLastUpdateStatus':
[b'Error (0) No replication sessions started since server startup'],
'nsds5replicaLastUpdateStatusJSON': [b'{"state": "green",
"ldap_rc": "0", "ldap_rc_text": "success",
"repl_rc": "0", "repl_rc_text": "replica
acquired", "date": "2019-07-17T10:51:22Z", "message":
"Error (0) No replication sessions started since server startup"}'],
'nsds5replicaUpdateInProgress':
[b'FALSE'], 'nsds5replicaLastInitStart': [b'19700101000000Z'],
'nsds5replicaLastInitEnd':
[b'19700101000000Z']})]
2019-07-17T10:51:38Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
603, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
589, in run_step
method()
File "/usr/lib/python3.7/site-packages/ipaserver/install/dsinstance.py", line
427, in __setup_replica
cacert=self.ca_file
File "/usr/lib/python3.7/site-packages/ipaserver/install/replication.py", line
1860, in
setup_promote_replication
raise RuntimeError("Failed to start replication")
RuntimeError: Failed to start replication
2019-07-17T10:51:38Z DEBUG [error] RuntimeError: Failed to start replication
2019-07-17T10:51:38Z DEBUG Destroyed connection context.ldap2_140587706624720
2019-07-17T10:51:38Z DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2019-07-17T10:51:38Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2019-07-17T10:51:38Z DEBUG Writing configuration file /etc/ipa/default.conf
2019-07-17T10:51:38Z DEBUG [global]
basedn = dc=linuxtest,dc=gonicus,dc=de
host = ipaserver2.linuxtest.gonicus.de
realm = LINUXTEST.GONICUS.DE
domain = linuxtest.gonicus.de
xmlrpc_uri = https://ipaserver2.linuxtest.gonicus.de/ipa/xml
ldap_uri = ldapi://%2Fvar%2Frun%2Fslapd-LINUXTEST-GONICUS-DE.socket
mode = production
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
2019-07-17T10:51:38Z DEBUG File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line
179, in execute
return_value = self.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 340, in
run
return cfgr.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 360,
in run
return self.execute()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 386,
in execute
for rval in self._executor():
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460,
in
_handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 655,
in _configure
next(executor)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460,
in
_handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py",
line 590, in main
replica_install(self)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 402, in
decorated
func(installer)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1207, in
install
fstore=fstore)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 112, in
install_replica_ds
setup_pkinit=not options.no_pkinit,
File "/usr/lib/python3.7/site-packages/ipaserver/install/dsinstance.py", line
391, in create_replica
self.start_creation(runtime=30)
File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
603, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
589, in run_step
method()
File "/usr/lib/python3.7/site-packages/ipaserver/install/dsinstance.py", line
427, in __setup_replica
cacert=self.ca_file
File "/usr/lib/python3.7/site-packages/ipaserver/install/replication.py", line
1860, in
setup_promote_replication
raise RuntimeError("Failed to start replication")
2019-07-17T10:51:38Z DEBUG The ipa-replica-install command failed, exception:
RuntimeError: Failed
to start replication
2019-07-17T10:51:38Z ERROR Failed to start replication
2019-07-17T10:51:38Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
For me it is interesting to see that the Replica does not work with Fedora 30 and Rawhide,
always
the same error.
And no, firewalld is masked and not in use.
Have somebody any ideas for me?
Regards
Dirk
6:58 a.m.
Dirk Streubel via FreeIPA-users wrote:
Hello,
i've got a little Problem with ipa-replica install
After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
--skip-conncheck
Why are you skipping the connection check? What fails when you do not
pass that option?
rob
7:26 a.m.
Hello Rob,
Here is the ouuput without the --skip-conncheck option:
[root@ipaserver2 ~]# ipa-replica-install --setup-ca --setup-dns --forwarder=9.9.9.9
Lookup failed: Preferred host ipaserver2.linuxtest.gonicus.de does not provide DNS.
Could not resolve hostname ipaserver2.linuxtest.gonicus.de using DNS. Clients may not
function
properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and
ignores
/etc/hosts.)
Continue? [no]: yes
Checking DNS forwarders, please wait ...
Run connection check to master
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more
information:
2019-07-17T12:22:35Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2019-07-17T12:22:36Z DEBUG failed to find session_cookie in persistent storage for
principal
'host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE'
2019-07-17T12:22:36Z DEBUG trying https://ipaserver1.linuxtest.gonicus.de/ipa/json
2019-07-17T12:22:36Z DEBUG Created connection context.jsonclient_140677757574736
2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
2019-07-17T12:22:36Z DEBUG New HTTP connection (ipaserver1.linuxtest.gonicus.de)
2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
'list'>)'['ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;path=/ipa;httponly;secure;']'
2019-07-17T12:22:36Z DEBUG storing cookie
'ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;'
for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
2019-07-17T12:22:36Z DEBUG HTTP connection keep-alive (ipaserver1.linuxtest.gonicus.de)
2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
'list'>)'['ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;path=/ipa;httponly;secure;']'
2019-07-17T12:22:36Z DEBUG storing cookie
'ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;'
for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
2019-07-17T12:22:36Z DEBUG Destroyed connection context.jsonclient_140677757574736
2019-07-17T12:22:36Z DEBUG Created connection context.ldap2_140677767577936
2019-07-17T12:22:36Z DEBUG flushing ldaps://ipaserver1.linuxtest.gonicus.de from
SchemaCache
2019-07-17T12:22:36Z DEBUG retrieving schema for SchemaCache
url=ldaps://ipaserver1.linuxtest.gonicus.de conn=<ldap.ldapobject.SimpleLDAPObject
object at
0x7ff217c82d10>
2019-07-17T12:22:36Z DEBUG raw: domainlevel_get(version='2.233')
2019-07-17T12:22:36Z DEBUG domainlevel_get(version='2.233')
2019-07-17T12:22:36Z DEBUG raw: hostgroup_find(None, cn='ipaservers',
version='2.233',
host=['ipaserver2.linuxtest.gonicus.de'])
2019-07-17T12:22:36Z DEBUG hostgroup_find(None, cn='ipaservers', all=False,
raw=False,
version='2.233', no_members=True, pkey_only=False,
host=('ipaserver2.linuxtest.gonicus.de',))
2019-07-17T12:22:36Z WARNING Lookup failed: Preferred host ipaserver2.linuxtest.gonicus.de
does not
provide DNS.
2019-07-17T12:22:36Z DEBUG Check forward/reverse DNS resolution
2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
'192.168.122.101', '192.168.122.101']) for
ipaserver1.linuxtest.gonicus.de
2019-07-17T12:22:36Z DEBUG Check reverse address 192.168.122.101
(ipaserver1.linuxtest.gonicus.de)
2019-07-17T12:22:36Z DEBUG Address 192.168.122.101 resolves to:
ipaserver1.linuxtest.gonicus.de..
2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
'192.168.122.101', '192.168.122.101']) for
ipaserver2.linuxtest.gonicus.de
2019-07-17T12:22:36Z ERROR Could not resolve hostname ipaserver2.linuxtest.gonicus.de
using DNS.
Clients may not function properly. Please check your DNS setup. (Note that this check
queries IPA
DNS directly and ignores /etc/hosts.)
2019-07-17T12:22:41Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2019-07-17T12:22:41Z DEBUG raw: dns_is_enabled(version='2.233')
2019-07-17T12:22:41Z DEBUG dns_is_enabled(version='2.233')
2019-07-17T12:22:41Z DEBUG Name ipaserver2.linuxtest.gonicus.de resolved to
{UnsafeIPAddress('192.168.122.102')}
2019-07-17T12:22:41Z DEBUG Searching for an interface of IP address: 192.168.122.102
2019-07-17T12:22:41Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2019-07-17T12:22:41Z DEBUG Testing local IP address: 192.168.122.102/255.255.255.0
(interface: ens3)
2019-07-17T12:22:41Z DEBUG IP address 192.168.122.102 belongs to a private range, using
forward
policy only
2019-07-17T12:22:41Z DEBUG Checking DNS server: 9.9.9.9
2019-07-17T12:22:41Z DEBUG will use DNS forwarders:
[CheckedIPAddressLoopback('9.9.9.9')]
2019-07-17T12:22:41Z DEBUG Destroyed connection context.ldap2_140677767577936
2019-07-17T12:22:41Z DEBUG Starting external process
2019-07-17T12:22:41Z DEBUG args=['/usr/sbin/ipa-replica-conncheck',
'--master',
'ipaserver1.linuxtest.gonicus.de', '--auto-master-check',
'--realm', 'LINUXTEST.GONICUS.DE',
'--hostname', 'ipaserver2.linuxtest.gonicus.de', '--ca-cert-file',
'/etc/ipa/ca.crt']
2019-07-17T12:22:44Z DEBUG Process finished, return code=1
2019-07-17T12:22:44Z DEBUG stdout=
2019-07-17T12:22:44Z DEBUG stderr=Check connection from replica to remote master
'ipaserver1.linuxtest.gonicus.de':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
In /etc/hosts is an entry for ipaserver1 and in /etc/resolv.conf also.
Dirk
Am 17.07.19 um 13:58 schrieb Rob Crittenden via FreeIPA-users:
> Dirk Streubel via FreeIPA-users wrote:
>> Hello,
>>
>> i've got a little Problem with ipa-replica install
>>
>> After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>> --skip-conncheck
> Why are you skipping the connection check? What fails when you do not
> pass that option?
>
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
7:30 a.m.
And here comes the Rest of the output, sorry:
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
Execute check on remote master
Check connection from master to remote replica 'ipaserver2.linuxtest.gonicus.de':
ERROR: Port check failed! Unable to resolve host name
'ipaserver2.linuxtest.gonicus.de'
ERROR: Remote master check failed with following error message(s):
ipa-replica-conncheck returned non-zero exit code
2019-07-17T12:22:44Z DEBUG File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line
179, in execute
return_value = self.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 340, in
run
return cfgr.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 358,
in run
self.validate()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 368,
in validate
for _nothing in self._validator():
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 455,
in
_handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 633,
in _configure
next(validator)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 455,
in
_handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py",
line 588, in main
replica_promote_check(self)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 402, in
decorated
func(installer)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 424, in
decorated
func(installer)
File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1136, in
promote_check
ca_cert_file=cafile)
File "/usr/lib/python3.7/site-packages/ipaserver/install/replication.py", line
127, in
replica_conn_check
"Connection check failed!"
2019-07-17T12:22:44Z DEBUG The ipa-replica-install command failed, exception:
ScriptError:
Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2019-07-17T12:22:44Z ERROR Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2019-07-17T12:22:44Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
Dirk
Am 17.07.19 um 14:26 schrieb Dirk Streubel via FreeIPA-users:
> Hello Rob,
>
> Here is the ouuput without the --skip-conncheck option:
>
>
> [root@ipaserver2 ~]# ipa-replica-install --setup-ca --setup-dns --forwarder=9.9.9.9
> Lookup failed: Preferred host ipaserver2.linuxtest.gonicus.de does not provide DNS.
> Could not resolve hostname ipaserver2.linuxtest.gonicus.de using DNS. Clients may not
function
> properly. Please check your DNS setup. (Note that this check queries IPA DNS directly
and ignores
> /etc/hosts.)
> Continue? [no]: yes
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Connection check failed!
> See /var/log/ipareplica-conncheck.log for more information.
> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
> The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more
information:
>
>
>
> 2019-07-17T12:22:35Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
> 2019-07-17T12:22:36Z DEBUG failed to find session_cookie in persistent storage for
principal
> 'host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE'
> 2019-07-17T12:22:36Z DEBUG trying https://ipaserver1.linuxtest.gonicus.de/ipa/json
> 2019-07-17T12:22:36Z DEBUG Created connection context.jsonclient_140677757574736
> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
> 2019-07-17T12:22:36Z DEBUG New HTTP connection (ipaserver1.linuxtest.gonicus.de)
> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>
'list'>)'['ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;path=/ipa;httponly;secure;']'
> 2019-07-17T12:22:36Z DEBUG storing cookie
>
'ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;'
> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
> 2019-07-17T12:22:36Z DEBUG HTTP connection keep-alive
(ipaserver1.linuxtest.gonicus.de)
> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>
'list'>)'['ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;path=/ipa;httponly;secure;']'
> 2019-07-17T12:22:36Z DEBUG storing cookie
>
'ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;'
> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
> 2019-07-17T12:22:36Z DEBUG Destroyed connection context.jsonclient_140677757574736
> 2019-07-17T12:22:36Z DEBUG Created connection context.ldap2_140677767577936
> 2019-07-17T12:22:36Z DEBUG flushing ldaps://ipaserver1.linuxtest.gonicus.de from
SchemaCache
> 2019-07-17T12:22:36Z DEBUG retrieving schema for SchemaCache
> url=ldaps://ipaserver1.linuxtest.gonicus.de conn=<ldap.ldapobject.SimpleLDAPObject
object at
> 0x7ff217c82d10>
> 2019-07-17T12:22:36Z DEBUG raw: domainlevel_get(version='2.233')
> 2019-07-17T12:22:36Z DEBUG domainlevel_get(version='2.233')
> 2019-07-17T12:22:36Z DEBUG raw: hostgroup_find(None, cn='ipaservers',
version='2.233',
> host=['ipaserver2.linuxtest.gonicus.de'])
> 2019-07-17T12:22:36Z DEBUG hostgroup_find(None, cn='ipaservers', all=False,
raw=False,
> version='2.233', no_members=True, pkey_only=False,
host=('ipaserver2.linuxtest.gonicus.de',))
> 2019-07-17T12:22:36Z WARNING Lookup failed: Preferred host
ipaserver2.linuxtest.gonicus.de does not
> provide DNS.
> 2019-07-17T12:22:36Z DEBUG Check forward/reverse DNS resolution
> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
> '192.168.122.101', '192.168.122.101']) for
ipaserver1.linuxtest.gonicus.de
> 2019-07-17T12:22:36Z DEBUG Check reverse address 192.168.122.101
(ipaserver1.linuxtest.gonicus.de)
> 2019-07-17T12:22:36Z DEBUG Address 192.168.122.101 resolves to:
ipaserver1.linuxtest.gonicus.de..
> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
> '192.168.122.101', '192.168.122.101']) for
ipaserver2.linuxtest.gonicus.de
> 2019-07-17T12:22:36Z ERROR Could not resolve hostname ipaserver2.linuxtest.gonicus.de
using DNS.
> Clients may not function properly. Please check your DNS setup. (Note that this check
queries IPA
> DNS directly and ignores /etc/hosts.)
> 2019-07-17T12:22:41Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
> 2019-07-17T12:22:41Z DEBUG raw: dns_is_enabled(version='2.233')
> 2019-07-17T12:22:41Z DEBUG dns_is_enabled(version='2.233')
> 2019-07-17T12:22:41Z DEBUG Name ipaserver2.linuxtest.gonicus.de resolved to
> {UnsafeIPAddress('192.168.122.102')}
> 2019-07-17T12:22:41Z DEBUG Searching for an interface of IP address: 192.168.122.102
> 2019-07-17T12:22:41Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface:
lo)
> 2019-07-17T12:22:41Z DEBUG Testing local IP address: 192.168.122.102/255.255.255.0
(interface: ens3)
> 2019-07-17T12:22:41Z DEBUG IP address 192.168.122.102 belongs to a private range,
using forward
> policy only
> 2019-07-17T12:22:41Z DEBUG Checking DNS server: 9.9.9.9
> 2019-07-17T12:22:41Z DEBUG will use DNS forwarders:
[CheckedIPAddressLoopback('9.9.9.9')]
>
> 2019-07-17T12:22:41Z DEBUG Destroyed connection context.ldap2_140677767577936
> 2019-07-17T12:22:41Z DEBUG Starting external process
> 2019-07-17T12:22:41Z DEBUG args=['/usr/sbin/ipa-replica-conncheck',
'--master',
> 'ipaserver1.linuxtest.gonicus.de', '--auto-master-check',
'--realm', 'LINUXTEST.GONICUS.DE',
> '--hostname', 'ipaserver2.linuxtest.gonicus.de',
'--ca-cert-file', '/etc/ipa/ca.crt']
> 2019-07-17T12:22:44Z DEBUG Process finished, return code=1
> 2019-07-17T12:22:44Z DEBUG stdout=
> 2019-07-17T12:22:44Z DEBUG stderr=Check connection from replica to remote master
> 'ipaserver1.linuxtest.gonicus.de':
> Directory Service: Unsecure port (389): OK
> Directory Service: Secure port (636): OK
> Kerberos KDC: TCP (88): OK
> Kerberos Kpasswd: TCP (464): OK
> HTTP Server: Unsecure port (80): OK
> HTTP Server: Secure port (443): OK
>
> The following list of ports use UDP protocol and would need to be
> checked manually:
> Kerberos KDC: UDP (88): SKIPPED
> Kerberos Kpasswd: UDP (464): SKIPPED
>
> In /etc/hosts is an entry for ipaserver1 and in /etc/resolv.conf also.
>
> Dirk
>
>
>
> Am 17.07.19 um 13:58 schrieb Rob Crittenden via FreeIPA-users:
>> Dirk Streubel via FreeIPA-users wrote:
>>> Hello,
>>>
>>> i've got a little Problem with ipa-replica install
>>>
>>> After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>>> --skip-conncheck
>> Why are you skipping the connection check? What fails when you do not
>> pass that option?
>>
>> rob
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
7:51 a.m.
Hello Rob,
after modify the /etc/hosts File on ipaserver1 with "192.168.122.102
ipaserver2.intranet.gonicus.de
ipaserver2" the Replica works :)
Regards
Dirk
Am 17.07.19 um 14:30 schrieb Dirk Streubel via FreeIPA-users:
> And here comes the Rest of the output, sorry:
>
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> Check RPC connection to remote master
> Execute check on remote master
> Check connection from master to remote replica
'ipaserver2.linuxtest.gonicus.de':
> ERROR: Port check failed! Unable to resolve host name
'ipaserver2.linuxtest.gonicus.de'
> ERROR: Remote master check failed with following error message(s):
> ipa-replica-conncheck returned non-zero exit code
>
> 2019-07-17T12:22:44Z DEBUG File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line
> 179, in execute
> return_value = self.run()
> File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line
340, in run
> return cfgr.run()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
358, in run
> self.validate()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
368, in validate
> for _nothing in self._validator():
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
455, in
> _handle_validate_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
421, in __runner
> step()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
81, in
> run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
59, in
> run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
633, in _configure
> next(validator)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
455, in
> _handle_validate_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
518, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
515, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
421, in __runner
> step()
> File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line
418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
81, in
> run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line
59, in
> run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line
65, in _install
> for unused in self._installer(self.parent):
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line
588, in main
> replica_promote_check(self)
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 402, in
> decorated
> func(installer)
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 424, in
> decorated
> func(installer)
> File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1136, in
> promote_check
> ca_cert_file=cafile)
> File "/usr/lib/python3.7/site-packages/ipaserver/install/replication.py",
line 127, in
> replica_conn_check
> "Connection check failed!"
>
> 2019-07-17T12:22:44Z DEBUG The ipa-replica-install command failed, exception:
ScriptError:
> Connection check failed!
> See /var/log/ipareplica-conncheck.log for more information.
> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
> 2019-07-17T12:22:44Z ERROR Connection check failed!
> See /var/log/ipareplica-conncheck.log for more information.
> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
> 2019-07-17T12:22:44Z ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>
>
> Dirk
>
> Am 17.07.19 um 14:26 schrieb Dirk Streubel via FreeIPA-users:
>> Hello Rob,
>>
>> Here is the ouuput without the --skip-conncheck option:
>>
>>
>> [root@ipaserver2 ~]# ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>> Lookup failed: Preferred host ipaserver2.linuxtest.gonicus.de does not provide
DNS.
>> Could not resolve hostname ipaserver2.linuxtest.gonicus.de using DNS. Clients may
not function
>> properly. Please check your DNS setup. (Note that this check queries IPA DNS
directly and ignores
>> /etc/hosts.)
>> Continue? [no]: yes
>> Checking DNS forwarders, please wait ...
>> Run connection check to master
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> Connection check failed!
>> See /var/log/ipareplica-conncheck.log for more information.
>> If the check results are not valid it can be skipped with --skip-conncheck
parameter.
>> The ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information:
>>
>>
>>
>> 2019-07-17T12:22:35Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
>> 2019-07-17T12:22:36Z DEBUG failed to find session_cookie in persistent storage
for principal
>> 'host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE'
>> 2019-07-17T12:22:36Z DEBUG trying
https://ipaserver1.linuxtest.gonicus.de/ipa/json
>> 2019-07-17T12:22:36Z DEBUG Created connection context.jsonclient_140677757574736
>> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
>> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
>> 2019-07-17T12:22:36Z DEBUG New HTTP connection (ipaserver1.linuxtest.gonicus.de)
>> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>>
'list'>)'['ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;path=/ipa;httponly;secure;']'
>> 2019-07-17T12:22:36Z DEBUG storing cookie
>>
'ipa_session=MagBearerToken=MBQK%2f22mxm59HGcIC6a6rZB2SmHY21MI5TjVDpbSnMSUUWkmW0%2buv7GEKqYAD80ASs6xsRc6doBuoei%2fdVOEHOe0g8WovLyVyIeZVgzZ0EImAeHlC8P%2f1sS7gj%2fWlc7o4IUVoHMPg5hEkYjfMXBWcyYfvlAWMDDCcdxgOl4MdxE%2bwIaLdfXwnYNPVM6TJW2OauESZCP86OjFpJ4YdP43Hi0J%2b6A1MlK5wXhQ6K9YLYY%2bqycMVjH6sRJYHMRlK7cDFbui2cLXUp7mUVx6MNBkc0RimpzPs95%2b85QSIDkixi51DoNHJ%2bdpWeMEW7Xhzw%2fS3X5KaGAlMB5XQ889WunxryBlKN4kFKMDyeNg8M6mlBU%3d;'
>> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
>> 2019-07-17T12:22:36Z DEBUG [try 1]: Forwarding 'env' to json server
>> 'https://ipaserver1.linuxtest.gonicus.de/ipa/json'
>> 2019-07-17T12:22:36Z DEBUG HTTP connection keep-alive
(ipaserver1.linuxtest.gonicus.de)
>> 2019-07-17T12:22:36Z DEBUG received Set-Cookie (<class
>>
'list'>)'['ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;path=/ipa;httponly;secure;']'
>> 2019-07-17T12:22:36Z DEBUG storing cookie
>>
'ipa_session=MagBearerToken=4X6R5KO62qVu5IItwIUUm5Mb8TuugiSuTtigry8HXa9f04KSpLkK0uxRiDu6vi%2b8Tdms2%2blO45gArJLvKO0O%2bKDChYtd2XBczfeYwsRAfqHXiVP1sxAjXI2kG8t8AdQkkQkCkQjAGBdAuNC2qek%2fUmR%2f%2byL0KqWm9c%2bQIbsayICmKERgsOCMyrs5Vt3poNJsjtx73DU0GrvAOOaBlnd5NVvMw38WHH5z6zLKGy6%2f4QwX2KreSTOaWwNWnordLKenZ5S1%2fvq7ktFn1PvScPjqJGzHiDI0D0t%2feMc9RbTYcNtmmfhG%2f6UgNtj622q7QymEEHldxX%2by%2bIt9rIRAVB2R8sjRhuC%2bEKccV3scQJiLhxI%3d;'
>> for principal host/ipaserver2.linuxtest.gonicus.de(a)LINUXTEST.GONICUS.DE
>> 2019-07-17T12:22:36Z DEBUG Destroyed connection
context.jsonclient_140677757574736
>> 2019-07-17T12:22:36Z DEBUG Created connection context.ldap2_140677767577936
>> 2019-07-17T12:22:36Z DEBUG flushing ldaps://ipaserver1.linuxtest.gonicus.de from
SchemaCache
>> 2019-07-17T12:22:36Z DEBUG retrieving schema for SchemaCache
>> url=ldaps://ipaserver1.linuxtest.gonicus.de
conn=<ldap.ldapobject.SimpleLDAPObject object at
>> 0x7ff217c82d10>
>> 2019-07-17T12:22:36Z DEBUG raw: domainlevel_get(version='2.233')
>> 2019-07-17T12:22:36Z DEBUG domainlevel_get(version='2.233')
>> 2019-07-17T12:22:36Z DEBUG raw: hostgroup_find(None, cn='ipaservers',
version='2.233',
>> host=['ipaserver2.linuxtest.gonicus.de'])
>> 2019-07-17T12:22:36Z DEBUG hostgroup_find(None, cn='ipaservers',
all=False, raw=False,
>> version='2.233', no_members=True, pkey_only=False,
host=('ipaserver2.linuxtest.gonicus.de',))
>> 2019-07-17T12:22:36Z WARNING Lookup failed: Preferred host
ipaserver2.linuxtest.gonicus.de does not
>> provide DNS.
>> 2019-07-17T12:22:36Z DEBUG Check forward/reverse DNS resolution
>> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
>> '192.168.122.101', '192.168.122.101']) for
ipaserver1.linuxtest.gonicus.de
>> 2019-07-17T12:22:36Z DEBUG Check reverse address 192.168.122.101
(ipaserver1.linuxtest.gonicus.de)
>> 2019-07-17T12:22:36Z DEBUG Address 192.168.122.101 resolves to:
ipaserver1.linuxtest.gonicus.de..
>> 2019-07-17T12:22:36Z DEBUG Search DNS server ipaserver1.linuxtest.gonicus.de
(['192.168.122.101',
>> '192.168.122.101', '192.168.122.101']) for
ipaserver2.linuxtest.gonicus.de
>> 2019-07-17T12:22:36Z ERROR Could not resolve hostname
ipaserver2.linuxtest.gonicus.de using DNS.
>> Clients may not function properly. Please check your DNS setup. (Note that this
check queries IPA
>> DNS directly and ignores /etc/hosts.)
>> 2019-07-17T12:22:41Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
>> 2019-07-17T12:22:41Z DEBUG raw: dns_is_enabled(version='2.233')
>> 2019-07-17T12:22:41Z DEBUG dns_is_enabled(version='2.233')
>> 2019-07-17T12:22:41Z DEBUG Name ipaserver2.linuxtest.gonicus.de resolved to
>> {UnsafeIPAddress('192.168.122.102')}
>> 2019-07-17T12:22:41Z DEBUG Searching for an interface of IP address:
192.168.122.102
>> 2019-07-17T12:22:41Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0
(interface: lo)
>> 2019-07-17T12:22:41Z DEBUG Testing local IP address:
192.168.122.102/255.255.255.0 (interface: ens3)
>> 2019-07-17T12:22:41Z DEBUG IP address 192.168.122.102 belongs to a private range,
using forward
>> policy only
>> 2019-07-17T12:22:41Z DEBUG Checking DNS server: 9.9.9.9
>> 2019-07-17T12:22:41Z DEBUG will use DNS forwarders:
[CheckedIPAddressLoopback('9.9.9.9')]
>>
>> 2019-07-17T12:22:41Z DEBUG Destroyed connection context.ldap2_140677767577936
>> 2019-07-17T12:22:41Z DEBUG Starting external process
>> 2019-07-17T12:22:41Z DEBUG args=['/usr/sbin/ipa-replica-conncheck',
'--master',
>> 'ipaserver1.linuxtest.gonicus.de', '--auto-master-check',
'--realm', 'LINUXTEST.GONICUS.DE',
>> '--hostname', 'ipaserver2.linuxtest.gonicus.de',
'--ca-cert-file', '/etc/ipa/ca.crt']
>> 2019-07-17T12:22:44Z DEBUG Process finished, return code=1
>> 2019-07-17T12:22:44Z DEBUG stdout=
>> 2019-07-17T12:22:44Z DEBUG stderr=Check connection from replica to remote master
>> 'ipaserver1.linuxtest.gonicus.de':
>> Directory Service: Unsecure port (389): OK
>> Directory Service: Secure port (636): OK
>> Kerberos KDC: TCP (88): OK
>> Kerberos Kpasswd: TCP (464): OK
>> HTTP Server: Unsecure port (80): OK
>> HTTP Server: Secure port (443): OK
>>
>> The following list of ports use UDP protocol and would need to be
>> checked manually:
>> Kerberos KDC: UDP (88): SKIPPED
>> Kerberos Kpasswd: UDP (464): SKIPPED
>>
>> In /etc/hosts is an entry for ipaserver1 and in /etc/resolv.conf also.
>>
>> Dirk
>>
>>
>>
>> Am 17.07.19 um 13:58 schrieb Rob Crittenden via FreeIPA-users:
>>> Dirk Streubel via FreeIPA-users wrote:
>>>> Hello,
>>>>
>>>> i've got a little Problem with ipa-replica install
>>>>
>>>> After the following command: ipa-replica-install --setup-ca --setup-dns
--forwarder=9.9.9.9
>>>> --skip-conncheck
>>> Why are you skipping the connection check? What fails when you do not
>>> pass that option?
>>>
>>> rob
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
1749
days inactive
1749
days old
freeipa-users@lists.fedorahosted.org
4 comments
2 participants
participants (2)
-
Dirk Streubel -
Rob Crittenden