Hey everyone,
just tried to install freeipa on a hetzner cloud server cause i'm actually looking for alternative to UCS. I still dont get it, why FreeIPA is in need to be reachable on a public net, but thats not the point here.
I have a clean, fresh Fedora 40 with running network, hostname resolves, also reverse dns - behind a OPNsense NAT Gateway with its own ipv4 public ip.
I have opened the Ports 389 & 636
When trying to run ipa-server-install, the following error occurs, where i cant understand why it cant access the LDAP server. I've checked up with nmap - port is open. Further LDAP service seems to run.
Maybe someone has an idea whats going on?
INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
INFO: Connecting to LDAP server at ldap://fsn-ipa.domain.tld:389
ERROR: Unable to access LDAP server: ldap://fsn-ipa.domain.tld:389
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 987, in <module>
main(sys.argv)
File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 560, in main
check_ds()
File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 722, in check_ds
verify_ds_configuration()
File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 58, in verify_ds_configuration
deployer.ds_bind()
File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", line 2442, in ds_bind
self.ds_connection.simple_bind_s(
File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 248, in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 242, in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
^^^^^^^^^^^^^^^^^^^^
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not connected'}
2024-06-29T10:58:32Z CRITICAL Failed to configure CA instance
2024-06-29T10:58:32Z CRITICAL See the installation logs and the following files/directories for more information:
2024-06-29T10:58:32Z CRITICAL /var/log/pki/pki-tomcat
2024-06-29T10:58:32Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 672, in run_step
method()
File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 678, in __spawn_instance
DogtagInstance.spawn_instance(
File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 227, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 609, in handle_setup_error
raise RuntimeError(
RuntimeError: CA configuration failed.
2024-06-29T10:58:32Z DEBUG [error] RuntimeError: CA configuration failed.
2024-06-29T10:58:32Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
2024-06-29T10:58:32Z DEBUG File "/usr/lib/python3.12/site-packages/ipapython/admintool.py", line 180, in execute
return_value = self.run()
^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/cli.py", line 344, in run
return cfgr.run()
^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 360, in run
return self.execute()
^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 435, in __runner
exc_handler(exc_info)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 458, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 425, in __runner
step()
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 419, in step_next
return next(self.__gen)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 663, in _configure
next(executor)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 435, in __runner
exc_handler(exc_info)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 526, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 458, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 523, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 458, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 425, in __runner
step()
File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line 419, in step_next
return next(self.__gen)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.12/site-packages/ipaserver/install/server/__init__.py", line 608, in main
master_install(self)
File "/usr/lib/python3.12/site-packages/ipaserver/install/server/install.py", line 278, in decorated
func(installer)
File "/usr/lib/python3.12/site-packages/ipaserver/install/server/install.py", line 960, in install
ca.install_step_0(False, None, options, custodia=custodia)
File "/usr/lib/python3.12/site-packages/ipaserver/install/ca.py", line 607, in install_step_0
ca.configure_instance(
File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 515, in configure_instance
self.start_creation(runtime=runtime)
File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line 672, in run_step
method()
File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", line 678, in __spawn_instance
DogtagInstance.spawn_instance(
File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 227, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line 609, in handle_setup_error
raise RuntimeError(
2024-06-29T10:58:32Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed.
2024-06-29T10:58:32Z ERROR CA configuration failed.
2024-06-29T10:58:32Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information