[Freeipa-users] Re: Replica install Error ?

Günther J . Niederwimmer via FreeIPA-users Fri, 03 Jan 2020 09:33:36 -0800

Am Freitag, 3. Januar 2020, 17:58:00 CET schrieb Rob Crittenden via FreeIPA-
users:
> Günther J. Niederwimmer via FreeIPA-users wrote:
> 
> > Am Freitag, 3. Januar 2020, 17:23:46 CET schrieb Rob Crittenden via
> > FreeIPA-
 users:
> > 
> >> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>
> >>
> >>
> >>> Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via
> >>> FreeIPA-
> >  
> >  users:
> >  
> >>>
> >>>
> >>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> Hallo,
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
> >>>>> 
> >>>>> FreeIPA-users:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden
> >>>>>>> via
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> FreeIPA-users:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> Hello,
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> this is a new installed Server CentOS 7.7
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> but it is not possible to configure this for IPA replica
> >>>>>>>>> I have this Error
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> ipapython.admintool: ERROR    [0:0:6]+[128:32:0] not in asn1Spec:
> >>>>>>>>> 
> >>>>>>>>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name', 
> >>>>>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>>>>>> tagId=1)))),
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((), Tag(tagClass=128,
> >>>>>>>>> 
> >>>>>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName', 
> >>>>>>>>> Name(componentType=NamedTypes(NamedType('', RDNSequence())),
> >>>>>>>>> tagSet=TagSet((), 
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  Tag(tagClass=128, tagFormat=0, tagId=4)))),
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>>> NamedType('uniformResourceIdentifier', IA5String(tagSet=TagSet((),
> >>>>>>>>> 
> >>>>>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))), NamedType('iPAddress',
> >>>>>>>>> 
> >>>>>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>>>>>> tagId=7)))),
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> NamedType('registeredID', ObjectIdentifier('<no value>'))))
> >>>>>>>>> ipapython.admintool: ERROR    The ipa-replica-install command
> >>>>>>>>> failed.
> >>>>>>>>> See
> >>>>>>>>> /
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  var/log/ipareplica-install.log for more information
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> I install before ipa-client-install, this is working but
> >>>>>>>>> afterward
> >>>>>>>>> for
> >>>>>>>>> the
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>  replica i Have this Problem?
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>  
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> firewall Ports are open. 
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> More context from the log would help.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> I send it to you Rob
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> And can you confirm what version of python-pyasn1 is installed,
> >>>>>>>> and
> >>>>>>>> that
> >>>>>>>> you don't have a pip-version installed.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> this version is installed
> >>>>>>> Paket python2-pyasn1-0.1.9-7.el7.noarch 
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> normal installation 
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> It is blowing up trying to fetch the subject-alt names out of the
> >>>>>> Apache
> >>>>>> cert on the original master (ipa.xxx.xxx). You didn't happen to
> >>>>>> replace
> >>>>>> the Apache cert on ipa.xxx.xxx did you?
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> NO, this is a "normal" Installation without changing anything ?
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> I make no experiments with certificates?
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> the only thing I remember
> >>>>> I have set in host
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> xxx.xxx.xxx.xxx ipa.example.com
> >>>>> 2000:yy:yy:yy:yy ipa.example.com
> >>>>> xxx.xxx.xxx.xxx ipa.example.com.lan
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>  
> >>>>>  
> >>>>>  
> >>>>>  
> >>>>>> Can you provide the PEM for that cert?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>  
> >>>>>  
> >>>>>  
> >>>>>  
> >>>>>> On ipa.xxx.xxx:
> >>>>>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> I have a normal certificate
> >>>>> -----BEGIN CERTIFICATE-----
> >>>>> ................................
> >>>>> ................
> >>>>> .........
> >>>>> -----END CERTIFICATE-----
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> It could be useful for us to see the contents of the cert to see if we
> >>>> can duplicate the failure.
> >>>
> >>>
> >>>
> >>>
> >>> OK is on the way ;)
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> Can you provide the output of:
> >>
> >>
> >>
> >> python -c 'from urllib3.contrib import pyopenssl'
> > 
> > 
> > there is NO output on master or replica
> > 
> > Thanks for the Help.
> > 
> 
> 
> So that's the problem.
> 
> See if you have python[2]-ndg[-_]httpsclient installed.
> 
> I don't believe that RHEL ships this package, maybe it is available in
> CentOS. You could try removing the package and trying the install again.


Yes I found a package from epel ??
python-ndg_httpsclient.noarch                                 0.3.2-1.el7       
                          
@epel

why this installed I cant say I install only fail2ban from epel ?

NEW information by erase this package, it is from the certbot installation ?

now I test the installation again!

thanks for the Help for the Moment ;-)
-- 
mit freundlichen Grüßen / best regards

  Günther J. Niederwimmer

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Replica install Error ?

Reply via email to