feeling the squeeze of the python. as it turns out, I was barking up the right tree on this mod_wsgi issue.
when I tried to remove: python36u-mod_wsgi python36u python36u-libs python36u-setuptools yum wanted to take ipa-server and ipa-server-dns with it. - nope, didn’t want to do that
I installed mod_wsgi-3.4-12
then ran my remove of the python36u bits.
I rebooted the host. I came up with: grant@ef-idm03:~[20181206-16:39][#22]$ ipa-replica-manage dnarange-show ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] Permission denied: u'/var/log/ipa/cli.log' ef-idm01.production.efilm.com: 457200144-457300499 ef-idm02.production.efilm.com: 457300502-457399999 ef-idm03.production.efilm.com: No range set grant@ef-idm03:~[20181206-16:39][#23]$
the web interface loads now.
I added a user on the new replica, and verified it was created locally by checking the logs. I have my dnarange now on replica 3:
grant@ef-idm03:~[20181206-16:40][#24]$ ipa-replica-manage dnarange-show ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] Permission denied: u'/var/log/ipa/cli.log' ef-idm01.production.efilm.com: 457200144-457250499 ef-idm02.production.efilm.com: 457300502-457399999 ef-idm03.production.efilm.com: 457250501-457300499 grant@ef-idm03:~[20181206-16:40][#25]$
all appears in order now with the exception of the ipa_check_consistency. I expected another column for the new replica.
grant@ef-idm03:~[20181206-16:49][#29]$ ipa_check_consistency -d PRODUCTION.EFILM.COM -W ******* FreeIPA servers: ef-idm01 ef-idm02 STATE ================================================= Active Users 127 127 OK Stage Users 7 7 OK Preserved Users 0 0 OK User Groups 22 22 OK Hosts 158 158 OK Host Groups 16 16 OK HBAC Rules 5 5 OK SUDO Rules 14 14 OK DNS Zones ERROR ERROR OK LDAP Conflicts NO NO OK Ghost Replicas NO NO OK Anonymous BIND YES YES OK Replication Status ef-idm02 0 ef-idm01 0 ef-idm03 0 ================================================= grant@ef-idm03:~[20181206-16:49][#30]$
the consistency check and the log error appear to be the sole remaining issues. Not deal breakers, but I’d like it to run clean.
if anyone has a suggestion on these remaining issues, I’m listening.
thank you for your help rob.
- grant This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.