We are moving from Centos 7 to 8. I did a test on copies and it worked with 
8.0. i made the mistake of doing it on the production servers under 8.1. It 
fails.

I removed one server and recreated it as a replica. It worked fine. However the 
second one failed near the end of the process:

Restart of krb5kdc.service complete
Waiting up to 300 seconds to see our keys appear on host 
ldap://krb1.cs.rutgers.edu
Starting new HTTPS connection (1): krb1.cs.rutgers.edu:443
https://krb1.cs.rutgers.edu:443 "GET 
/ipa/keys/dm/DMHash?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.KgdU3jtIIC3bRIoqToXzmZIl3QFUKqbrBbT0sBerqmR2YWNWQTEp8ABbTSHINOUhtgPubXhwaAsqPzXTee3urtrK6lmf9wJ6OkecdVPY1PS9sWhMNUz4gEJkR-vVM8bN6gfk4g2Lc8jq2o2LMFloNMgCqUQyeRuiec09NsjIvR8X18xYQfXJXvlhuz-d2OJW1CsKO6_T1z8O_vsxlZ-vAeB8j3dbZiXJOlzdcxYYqjMHY-IM4LroUzCVNXtHloiq28e6R-uVTX9O7ActEbiSy6UePgE76K0cWVl1kJyHFozEZChH1_rzCgP6zdhAf8QqPOdde_860nxIUmroRuECjA.gnnrHcTs9ucgqLntquJltw.GAWBOG_aMTgwzwxQqSIFrThgTTiqg3fM3POZWccCqqs3PiwJq5vW2S-tF9VsV1topXcRdlKb6fUOyjE6wrffJ5hYRyE1c3ocAlG3QTVC8QWRn7Ol_IfoVfW-hTe-cAhELcdIOIEand_BYjSTEO6rDXv83iXRFxwno9ZYYppF8bQY7EC1r_wW5xTdXftILCDmkJbhXmGPnlCQ2Ah9cG3qZAKNBRsvk400_kRQec-4LBKWGYYd0y56zd6-PpcVO6p72AldDF_YoeettzaaxbYyH0bRFt7y9aHH3GaD5BOkVp_ZgSHZWbWf8-2zB76f1OKrz6TktCfcb4_ChUZ6BZZ41MX6T06Xjp3ft6p5KzPfY_gUq0fKWWESHMLOEZg8fAl15l9ZwMiRmpd1PZW3oLVxF3rO94OM4H7_8WVehrcO3dAuAVA7_ykmIKv-WBWvjNHbsXXTyb76a2ka2WYuVxeKGMklEyQgOaMPJa7BqSOCiPljt7juTXAMGRupuDG62bP9PdFQkervv4p_9wvwpEZkuWPLlHqgzrdspgBbQoXkbcyiv9qf7oyB_xHQaoMxlwfvGwlNu8Go9t8oHJkalVdjxCPL-qG0GxKHuh0uFNYR0Z3uP545HkzVECv8uUkm08Jc.SCBVE0utvtniR8-8qAe02swg5GzDZxfN0O6JkKsWN2Y
 HTTP/1.1" 502 415
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

  File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in 
execute
    return_value = self.run()
  File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 340, 
in run
    return cfgr.run()
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360, 
in run
    return self.execute()
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386, 
in execute
    for rval in self._executor():
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, 
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, 
in __runner
    step()
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655, 
in _configure
    next(executor)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, 
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, 
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, 
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, 
in __runner
    step()
  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, 
in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", 
line 590, in main
    replica_install(self)
  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py", 
line 402, in decorated
    func(installer)
  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py", 
line 1298, in install
    custodia.import_dm_password()
  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/custodiainstance.py", line 
211, in import_dm_password
    cli.fetch_key('dm/DMHash')
  File "/usr/lib/python3.6/site-packages/ipaserver/secrets/client.py", line 
120, in fetch_key
    r.raise_for_status()
  File "/usr/lib/python3.6/site-packages/requests/models.py", line 940, in 
raise_for_status
    raise HTTPError(http_error_msg, response=self)

The ipa-replica-install command failed, exception: HTTPError: 502 Server Error: 
Proxy Error for url: https://krb1.cs.rutgers.edu/ipa/keys/dm/DMHash?xxxx
502 Server Error: Proxy Error for url: 
https://krb1.cs.rutgers.edu/ipa/keys/dm/DMHash?ccc

At this point I’m pretty much stuck.

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to