Am 27.10.2016 um 10:02 schrieb Jochen Demmer: > > > Am 26.10.2016 um 17:31 schrieb Martin Basti: >> >> >> >> On 26.10.2016 17:25, Jochen Demmer wrote: >>> >>> >>> Am 26.10.2016 um 16:48 schrieb Martin Basti: >>>> >>>> >>>> >>>> On 26.10.2016 16:42, Jochen Demmer wrote: >>>>> >>>>> >>>>> Am 26.10.2016 um 16:27 schrieb Martin Basti: >>>>>> >>>>>> >>>>>> >>>>>> On 26.10.2016 16:10, Jochen Demmer wrote: >>>>>>> Hi, >>>>>>> >>>>>>> my answers also inline. >>>>>>> >>>>>>> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>>>>>>> >>>>>>>> Hi, comments inline >>>>>>>> >>>>>>>> >>>>>>>> On 26.10.2016 14:28, Jochen Demmer wrote: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I've been running and using a single FreeIPA server >>>>>>>>> successfully, i.e.: >>>>>>>>> Fedora 24 >>>>>>>>> freeipa-server-4.3.2-2.fc24.x86_64 >>>>>>>>> This server is only available via IPv6, because I can't get >>>>>>>>> public lPv4 addresses no more. >>>>>>>>> >>>>>>>>> Now I want to setup a FreeIPA replica at another site also >>>>>>>>> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 >>>>>>>>> First I run "ipa-client-install" which succeeds without an error. >>>>>>>>> When I invoke "ipa-replica-install" I get this error: >>>>>>>>> ipa : ERROR Could not resolve hostname >>>>>>>>> *hostname.mydoma.in* using DNS. Clients may not function >>>>>>>>> properly. Please check your DNS setup. (Note that this check >>>>>>>>> queries IPA DNS directly and ignores /etc/hosts.) >>>>>>>>> LOG: >>>>>>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server >>>>>>>>> *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', >>>>>>>>> '2a01:f11:1:1::1']) for *hostname.mydoma.in* >>>>>>>> >>>>>>>> Can you check with dig or host command if the hostname is >>>>>>>> really resolvable on that machine? do you have proper resolver >>>>>>>> in /etc/resolv.conf? >>>>>>> There is a resolver given in /etc/resolv.conf. When I do "host >>>>>>> <<hostname.mydoma.in>>" I get the right IPv6 back. >>>>>> That is weird because IPA is doing basically the same. >>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> *hostname.mydoma.in* is actually the DNS entry for the old >>>>>>>>> FreeIPA server, which actually resolves, but only to an IPv6 >>>>>>>>> address of course. >>>>>>>>> I can continue the installation though by entering "yes". >>>>>>>>> >>>>>>>>> I then get asked: >>>>>>>>> Enter the IP address to use, or press Enter to finish. >>>>>>>>> Please provide the IP address to be used for this host name: >>>>>>>>> >>>>>>>>> When I enter the IPv6 address of the new replica host it >>>>>>>>> doesn't accept but infinitely asks this question instead. >>>>>>>> >>>>>>>> Have you pressed enter twice? It should end prompt and continue >>>>>>>> with installation >>>>>>> Enter without an IP -> No usable IP address provided nor resolved. >>>>>>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 >>>>>>> cannot use IP network address 2a02:1:2:3::4 >>>>>> >>>>>> How do you have configured IP address on your interface? Does it >>>>>> have prefix /128? >>>>> Yes, that's right. It's an IP being assigned statefully by a >>>>> DHCPv6 server. >>>>> There is also another dynamic IP within the same prefix having >>>>> /64. I don't want to use this one of course, because its IID changes. >>>>> >>>> Could you set (temporarily) prefix for that address to /64 and >>>> re-run installer? IPA 4.3 has check that prevents you to use /128 >>>> prefix >>> Well now I don't even get asked for the IP. The setup wizard >>> continues, but I now get this error: >>> >>> [27/43]: restarting directory server >>> ipa : CRITICAL Failed to restart the directory server >>> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >>> non-zero exit status 1). See the installation log for details. >>> [28/43]: setting up initial replication >>> [error] error: [Errno 111] Connection refused >>> >>> LOG: >>> 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 >>> 2016-10-26T15:14:46Z DEBUG stdout= >>> 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service >>> failed because the control process exited with error code. See >>> "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for >>> details. >>> 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server >>> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >>> non-zero exit status 1). See the installation log for details. >>> 2016-10-26T15:14:46Z DEBUG duration: 1 seconds >>> 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication >>> 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): >>> >>> When I try to restart manually with, "/bin/systemctl restart >>> dirsrv@MY-REALM.service" >>> this is what systemd logs: >>> https://paste.fedoraproject.org/461439/raw/ >>> >>> >> >> Could you please check /var/log/dirsrv/slapd-*/errors there might be >> more details. >> >> Did you reused an old IPA server for this installation? >> >> Martin > This is what the logfile says: > https://paste.fedoraproject.org/461685/raw/ > > I tried to install this server as a replica a couple of times, but I > even reinstalled all of the software and I keep using > ipa-client-install --uninstall and > ipa-server-install --uninstall It looks like you encountered that problem yourself nearly a year ago: https://fedorahosted.org/freeipa/ticket/5561 >> >>>> >>>> >>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Honestly, I can't see what I might have done wrong. >>>>>>>>> Old FreeIPA has hostname is in sync forward and reverse record. >>>>>>>>> New FreeIPA host as well has hostname that symmetrically >>>>>>>>> resolves, even though the hostname is using another second >>>>>>>>> level domain. >>>>>>>>> >>>>>>>>> Any hints? >>>>>>>>> Jochen Demmer >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Martin >>>>>>> Jochen >>>>>>> >>>>>> >>>>> >>>> >>> >> > > >
0x54A5283E.asc
Description: application/pgp-keys
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project