On Mon, Apr 17, 2023 at 1:14 PM Finn Fysj via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Maybe I'm mistaken, however:
Playbook:
- hosts: - master2.example.com
Is it a typo, or you are using the same host for both ipaserver and ipareplica?
roles: - role: freeipa.ansible_freeipa.ipaserver vars: ipaserver: "{{ inventory_hostname }}" ipaserver_hostname: "{{ inventory_hostname }}" ipadm_password: SuperSecret123 ipaadmin_password: SuperSecret123 ipaserver_ip_addresses: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" ipaserver_domain: "example.com" ipaserver_realm: "EXAMPLE.COM" ipaserver_no_host_dns: true ipaserver_mem_check: true ipaserver_idstart: 6000 ipaserver_setup_dns: false ipaserver_no_pkinit: true
- hosts: - master2.example.com become: true roles:
- role: freeipa.ansible_freeipa.ipareplica vars: ipaservers: master1.example.com ipaserver_hostname: master1.example.com ipareplicas: master2.example.com ipareplica_domain: example.com ipaclient_force_join: true ipaadmin_principal: admin ipareplica_setup_dns: false
FreeIPA relies, a lot, on DNS, and it must be correctly configured. From what you have shown so far, it seems like you do not have a proper DNS configuration.
Since you are not using FreeIPA's embedded DNS server, you must add the proper records on the external DNS server. On the first server, run the command:
ipa dns-update-system-records --dry-run
This will show you a list of records that must be available.
More information can be found at:
FreeIPA Quick Start: https://www.freeipa.org/page/Quick_Start_Guide
FreeIPA Deployment Recommendations: https://www.freeipa.org/page/Deployment_Recommendations
RHEL IdM First Server installation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
RHEL IdM Replica installation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
Rafael
As mentioned when running using a cloud dynamic inventory this playbook does not work, however, as preivously mentioned, when creating a static inventory, it works:
[ipaservers] master1.example.com
[ipareplicas] master2.example.com _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue