Hey everyone,
just tried to install freeipa on a hetzner cloud server cause i'm actually looking for alternative to UCS. I still dont get it, why FreeIPA is in need to be reachable on a public net, but thats not the point here.
I have a clean, fresh Fedora 40 with running network, hostname resolves, also reverse dns - behind a OPNsense NAT Gateway with its own ipv4 public ip.
I have opened the Ports 389 & 636
When trying to run ipa-server-install, the following error occurs, where i cant understand why it cant access the LDAP server. I've checked up with nmap - port is open. Further LDAP service seems to run.
Maybe someone has an idea whats going on?
INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Connecting to LDAP server at ldap://fsn-ipa.domain.tld:389 ERROR: Unable to access LDAP server: ldap://fsn-ipa.domain.tld:389 Traceback (most recent call last): File "<frozen runpy>", line 198, in _run_module_as_main File "<frozen runpy>", line 88, in _run_code File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 987, in <module> main(sys.argv) File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 560, in main check_ds() File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 722, in check_ds verify_ds_configuration() File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 58, in verify_ds_configuration deployer.ds_bind() File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 2442, in ds_bind self.ds_connection.simple_bind_s( File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 248, in simple_bind_s msgid = self.simple_bind(who,cred,serverctrls,clientctrls) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 242, in simple_bind return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 128, in _ldap_call result = func(*args,**kwargs) ^^^^^^^^^^^^^^^^^^^^ ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not connected'}
2024-06-29T10:58:32Z CRITICAL Failed to configure CA instance 2024-06-29T10:58:32Z CRITICAL See the installation logs and the following files/directories for more information: 2024-06-29T10:58:32Z CRITICAL /var/log/pki/pki-tomcat 2024-06-29T10:58:32Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 686, in start_creation run_step(full_msg, method) File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 672, in run_step method() File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 678, in __spawn_instance DogtagInstance.spawn_instance( File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 227, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 609, in handle_setup_error raise RuntimeError( RuntimeError: CA configuration failed.
2024-06-29T10:58:32Z DEBUG [error] RuntimeError: CA configuration failed. 2024-06-29T10:58:32Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2024-06-29T10:58:32Z DEBUG File "/usr/lib/python3.12/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() ^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/cli.py", line 344, in run return cfgr.run() ^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 360, in run return self.execute() ^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 435, in __runner exc_handler(exc_info) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 458, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 425, in __runner step() File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 419, in step_next return next(self.__gen) ^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) ^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 663, in _configure next(executor) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 435, in __runner exc_handler(exc_info) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 526, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 458, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 523, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 458, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 425, in __runner step() File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 419, in step_next return next(self.__gen) ^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) ^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.12/site-packages/ipaserver/install/server/__init__.py", line 608, in main master_install(self) File "/usr/lib/python3.12/site-packages/ipaserver/install/server/install.py", line 278, in decorated func(installer) File "/usr/lib/python3.12/site-packages/ipaserver/install/server/install.py", line 960, in install ca.install_step_0(False, None, options, custodia=custodia) File "/usr/lib/python3.12/site-packages/ipaserver/install/ca.py", line 607, in install_step_0 ca.configure_instance( File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 515, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 686, in start_creation run_step(full_msg, method) File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 672, in run_step method() File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 678, in __spawn_instance DogtagInstance.spawn_instance( File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 227, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 609, in handle_setup_error raise RuntimeError(
2024-06-29T10:58:32Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. 2024-06-29T10:58:32Z ERROR CA configuration failed. 2024-06-29T10:58:32Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
freeipa-users@lists.fedorahosted.org
-
Meikel Bloch