Hi! I try to setup replication. Freeipa version - 4.8.0, API_VERSION: 2.233 I have installed free ipa server and tried connect replica as describe in https://www.freeipa.org/page/V4/Replica_Setup Aftet this command ipa-client-install --domain=example.test --realm=EXAMPLE.TEST --server=ipa-server.example.test i get an error (full log) :
[root@ldap-replica1 ~]# cat /var/log/ipaclient-install.log 2020-03-26T14:15:39Z DEBUG Logging to /var/log/ipaclient-install.log 2020-03-26T14:15:39Z DEBUG ipa-client-install was invoked with arguments [] and options: {'unattended': False, 'principal': None, 'prompt_password': False, 'on_master': False, 'ca_cert_files': None, 'force': False, 'configure_firefox': False, 'firefox_dir': None, 'keytab': None, 'mkhomedir': False, 'force_join': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'nisdomain': None, 'no_nisdomain': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_sudo': False, 'no_dns_sshfp': False, 'kinit_attempts': None, 'request_cert': False, 'ip_addresses': None, 'all_ip_addresses': False, 'fixed_primary': False, 'permit': False, 'enable_dns_updates': False, 'no_krb5_offline_passwords': False, 'preserve_sssd': False, 'automount_location': None, 'domain_name': 'araxio.tech', 'servers': ['ldap.araxio.tech'], 'realm_name': 'ARAXIO.TECH', 'host_name': None, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} 2020-03-26T14:15:39Z DEBUG IPA version 4.8.0-13.module_el8.1.0+265+e1e65be4 2020-03-26T14:15:39Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2020-03-26T14:15:39Z DEBUG Starting external process 2020-03-26T14:15:39Z DEBUG args=['/usr/sbin/selinuxenabled'] 2020-03-26T14:15:39Z DEBUG Process finished, return code=0 2020-03-26T14:15:39Z DEBUG stdout= 2020-03-26T14:15:39Z DEBUG stderr= 2020-03-26T14:15:39Z DEBUG Starting external process 2020-03-26T14:15:39Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2020-03-26T14:15:39Z DEBUG Process finished, return code=1 2020-03-26T14:15:39Z DEBUG stdout= 2020-03-26T14:15:39Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory
2020-03-26T14:15:39Z DEBUG Starting external process 2020-03-26T14:15:39Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2020-03-26T14:15:39Z DEBUG Process finished, return code=3 2020-03-26T14:15:39Z DEBUG stdout=inactive
2020-03-26T14:15:39Z DEBUG stderr= 2020-03-26T14:15:39Z DEBUG Deleting invalid keytab: '/etc/krb5.keytab'. 2020-03-26T14:15:39Z DEBUG [IPA Discovery] 2020-03-26T14:15:39Z DEBUG Starting IPA discovery with domain=araxio.tech, servers=['ldap.araxio.tech'], hostname=ldap-replica1.araxio.tech 2020-03-26T14:15:39Z DEBUG Server and domain forced 2020-03-26T14:15:39Z DEBUG [Kerberos realm search] 2020-03-26T14:15:39Z DEBUG Kerberos realm forced 2020-03-26T14:15:39Z DEBUG [LDAP server check] 2020-03-26T14:15:39Z DEBUG Verifying that ldap.araxio.tech (realm ARAXIO.TECH) is an IPA server 2020-03-26T14:15:39Z DEBUG Init LDAP connection to: ldap://ldap.araxio.tech:389 2020-03-26T14:15:40Z DEBUG Search LDAP server for IPA base DN 2020-03-26T14:15:40Z DEBUG Check if naming context 'dc=araxio,dc=tech' is for IPA 2020-03-26T14:15:40Z DEBUG Naming context 'dc=araxio,dc=tech' is a valid IPA context 2020-03-26T14:15:40Z DEBUG Search for (objectClass=krbRealmContainer) in dc=araxio,dc=tech (sub) 2020-03-26T14:15:40Z DEBUG Found: cn=ARAXIO.TECH,cn=kerberos,dc=araxio,dc=tech 2020-03-26T14:15:40Z DEBUG Discovery result: Success; server=ldap.araxio.tech, domain=araxio.tech, kdc=ldap.araxio.tech, basedn=dc=araxio,dc=tech 2020-03-26T14:15:40Z DEBUG Validated servers: ldap.araxio.tech 2020-03-26T14:15:40Z DEBUG will use discovered domain: araxio.tech 2020-03-26T14:15:40Z DEBUG Using servers from command line, disabling DNS discovery 2020-03-26T14:15:40Z DEBUG will use provided server: ldap.araxio.tech 2020-03-26T14:15:40Z INFO Autodiscovery of servers for failover cannot work with this configuration. 2020-03-26T14:15:40Z INFO If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. 2020-03-26T14:15:41Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 340, in run return cfgr.run() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 358, in run self.validate() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 368, in validate for _nothing in self._validator(): File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 633, in _configure next(validator) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 3772, in main install_check(self) File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 2311, in install_check raise ScriptError(rval=CLIENT_INSTALL_ERROR)
2020-03-26T14:15:41Z DEBUG The ipa-client-install command failed, exception: ScriptError: 2020-03-26T14:15:41Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
How i can fix it ?
dmitriys via FreeIPA-users wrote:
Hi! I try to setup replication. Freeipa version - 4.8.0, API_VERSION: 2.233 I have installed free ipa server and tried connect replica as describe in https://www.freeipa.org/page/V4/Replica_Setup Aftet this command ipa-client-install --domain=example.test --realm=EXAMPLE.TEST --server=ipa-server.example.test i get an error (full log) :
[root@ldap-replica1 ~]# cat /var/log/ipaclient-install.log 2020-03-26T14:15:39Z DEBUG Logging to /var/log/ipaclient-install.log 2020-03-26T14:15:39Z DEBUG ipa-client-install was invoked with arguments [] and options: {'unattended': False, 'principal': None, 'prompt_password': False, 'on_master': False, 'ca_cert_files': None, 'force': False, 'configure_firefox': False, 'firefox_dir': None, 'keytab': None, 'mkhomedir': False, 'force_join': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'nisdomain': None, 'no_nisdomain': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_sudo': False, 'no_dns_sshfp': False, 'kinit_attempts': None, 'request_cert': False, 'ip_addresses': None, 'all_ip_addresses': False, 'fixed_primary': False, 'permit': False, 'enable_dns_updates': False, 'no_krb5_offline_passwords': False, 'preserve_sssd': False, 'automount_location': None, 'domain_name': 'araxio.tech', 'servers': ['ldap.araxio.tech'], 'realm_name': 'ARAXIO.TECH', 'host_name': None, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} 2020-03-26T14:15:39Z DEBUG IPA version 4.8.0-13.module_el8.1.0+265+e1e65be4 2020-03-26T14:15:39Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2020-03-26T14:15:39Z DEBUG Starting external process 2020-03-26T14:15:39Z DEBUG args=['/usr/sbin/selinuxenabled'] 2020-03-26T14:15:39Z DEBUG Process finished, return code=0 2020-03-26T14:15:39Z DEBUG stdout= 2020-03-26T14:15:39Z DEBUG stderr= 2020-03-26T14:15:39Z DEBUG Starting external process 2020-03-26T14:15:39Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2020-03-26T14:15:39Z DEBUG Process finished, return code=1 2020-03-26T14:15:39Z DEBUG stdout= 2020-03-26T14:15:39Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory
2020-03-26T14:15:39Z DEBUG Starting external process 2020-03-26T14:15:39Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2020-03-26T14:15:39Z DEBUG Process finished, return code=3 2020-03-26T14:15:39Z DEBUG stdout=inactive
2020-03-26T14:15:39Z DEBUG stderr= 2020-03-26T14:15:39Z DEBUG Deleting invalid keytab: '/etc/krb5.keytab'. 2020-03-26T14:15:39Z DEBUG [IPA Discovery] 2020-03-26T14:15:39Z DEBUG Starting IPA discovery with domain=araxio.tech, servers=['ldap.araxio.tech'], hostname=ldap-replica1.araxio.tech 2020-03-26T14:15:39Z DEBUG Server and domain forced 2020-03-26T14:15:39Z DEBUG [Kerberos realm search] 2020-03-26T14:15:39Z DEBUG Kerberos realm forced 2020-03-26T14:15:39Z DEBUG [LDAP server check] 2020-03-26T14:15:39Z DEBUG Verifying that ldap.araxio.tech (realm ARAXIO.TECH) is an IPA server 2020-03-26T14:15:39Z DEBUG Init LDAP connection to: ldap://ldap.araxio.tech:389 2020-03-26T14:15:40Z DEBUG Search LDAP server for IPA base DN 2020-03-26T14:15:40Z DEBUG Check if naming context 'dc=araxio,dc=tech' is for IPA 2020-03-26T14:15:40Z DEBUG Naming context 'dc=araxio,dc=tech' is a valid IPA context 2020-03-26T14:15:40Z DEBUG Search for (objectClass=krbRealmContainer) in dc=araxio,dc=tech (sub) 2020-03-26T14:15:40Z DEBUG Found: cn=ARAXIO.TECH,cn=kerberos,dc=araxio,dc=tech 2020-03-26T14:15:40Z DEBUG Discovery result: Success; server=ldap.araxio.tech, domain=araxio.tech, kdc=ldap.araxio.tech, basedn=dc=araxio,dc=tech 2020-03-26T14:15:40Z DEBUG Validated servers: ldap.araxio.tech 2020-03-26T14:15:40Z DEBUG will use discovered domain: araxio.tech 2020-03-26T14:15:40Z DEBUG Using servers from command line, disabling DNS discovery 2020-03-26T14:15:40Z DEBUG will use provided server: ldap.araxio.tech 2020-03-26T14:15:40Z INFO Autodiscovery of servers for failover cannot work with this configuration. 2020-03-26T14:15:40Z INFO If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. 2020-03-26T14:15:41Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 340, in run return cfgr.run() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 358, in run self.validate() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 368, in validate for _nothing in self._validator(): File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 633, in _configure next(validator) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 3772, in main install_check(self) File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 2311, in install_check raise ScriptError(rval=CLIENT_INSTALL_ERROR)
2020-03-26T14:15:41Z DEBUG The ipa-client-install command failed, exception: ScriptError: 2020-03-26T14:15:41Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
How i can fix it ?
You should have been prompted to proceed. If you answer no it will fail in this way.
Proceed with fixed values and no DNS discovery?
Honestly I'd just drop the --server --realm and let autodiscovery do it's thing to avoid this completely.
rob
freeipa-users@lists.fedorahosted.org