https://pagure.io/freeipa/issue/6766
4.5.1 - I stand corrected. Can add more tomorrow. ------ "Mission Statement: To provide hope and inspiration for collective action, to build collective power, to achieve collective transformation, rooted in grief and rage but pointed towards vision and dreams." - Patrice Cullors, *Black Lives Matter founder* On 18 May 2017 at 19:34, Lachlan Musicman <data...@gmail.com> wrote: > We are seeing this. I'm not at work, but I think it's bug report 6766. > > Patch has already been committed (bot by us), we're waiting for IPA 4.5. > > cheers > L. > > ------ > "Mission Statement: To provide hope and inspiration for collective action, > to build collective power, to achieve collective transformation, rooted in > grief and rage but pointed towards vision and dreams." > > - Patrice Cullors, *Black Lives Matter founder* > > On 18 May 2017 at 18:57, Callum Guy <callum....@x-on.co.uk> wrote: > >> Hi All, >> >> I am currently stuck trying to setup the first replica of our master IPA >> server. I have tried a number of different approaches including escalating >> from a client and nothing is working for me. I perform a full OS reset each >> time I get stuck. >> >> I'm running CentOS 7.2 with the FreeIPA 4.4.0 (rpm -q reports this >> version however having performed ipa-server-upgrade - does this mean i'm on >> 4.4.4?). >> >> The command is shown below - note that i am skipping the conn check as my >> platforms security settings do not allow the SSH session to be established >> back on the master, all ports should be available to the application >> however. >> >> [root@ipa2 ~]# ipa-replica-install --ip-address=172.24.0.101 --setup-ca >> --setup-dns --skip-conncheck --no-forwarders SITE.net.gpg >> >> Directory Manager (existing master) password: >> >> ipa : ERROR Could not resolve hostname ipa2.SITE.net usis >> check queries IPA DNS directly and ignores /etc/hosts.) >> Continue? [no]: yes >> Configuring NTP daemon (ntpd) >> [1/4]: stopping ntpd >> [2/4]: writing configuration >> [3/4]: configuring ntpd to start on boot >> [4/4]: starting ntpd >> Done configuring NTP daemon (ntpd). >> Configuring directory server (dirsrv). Estimated time: 1 minute >> [1/42]: creating directory server user >> [2/42]: creating directory server instance >> [3/42]: updating configuration in dse.ldif >> [4/42]: restarting directory server >> [5/42]: adding default schema >> [6/42]: enabling memberof plugin >> [7/42]: enabling winsync plugin >> [8/42]: configuring replication version plugin >> [9/42]: enabling IPA enrollment plugin >> [10/42]: enabling ldapi >> [11/42]: configuring uniqueness plugin >> [12/42]: configuring uuid plugin >> [13/42]: configuring modrdn plugin >> [14/42]: configuring DNS plugin >> [15/42]: enabling entryUSN plugin >> [16/42]: configuring lockout plugin >> [17/42]: configuring topology plugin >> [18/42]: creating indices >> [19/42]: enabling referential integrity plugin >> [20/42]: configuring ssl for ds instance >> [21/42]: configuring certmap.conf >> [22/42]: configure autobind for root >> [23/42]: configure new location for managed entries >> [24/42]: configure dirsrv ccache >> [25/42]: enabling SASL mapping fallback >> [26/42]: restarting directory server >> [27/42]: setting up initial replication >> Starting replication, please wait until this has completed. >> Update in progress, 4 seconds elapsed >> Update succeeded >> >> [28/42]: adding sasl mappings to the directory >> [29/42]: updating schema >> [30/42]: setting Auto Member configuration >> [31/42]: enabling S4U2Proxy delegation >> [32/42]: importing CA certificates from LDAP >> [33/42]: initializing group membership >> [34/42]: adding master entry >> [35/42]: initializing domain level >> [36/42]: configuring Posix uid/gid generation >> [37/42]: adding replication acis >> [38/42]: enabling compatibility plugin >> [39/42]: activating sidgen plugin >> [40/42]: activating extdom plugin >> [41/42]: tuning directory server >> [42/42]: configuring directory to start on boot >> Done configuring directory server (dirsrv). >> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >> 30 seconds >> [1/27]: creating certificate server user >> [2/27]: configuring certificate server instance >> [3/27]: stopping certificate server instance to update CS.cfg >> [4/27]: backing up CS.cfg >> [5/27]: disabling nonces >> [6/27]: set up CRL publishing >> [7/27]: enable PKIX certificate path discovery and validation >> [8/27]: starting certificate server instance >> >> And here is stays and refuses to move on. The ipareplica-install.log log >> reports: >> 2017-05-18T08:40:07Z DEBUG wait_for_open_ports: localhost [8080, 8443] >> timeout 300 >> 2017-05-18T08:40:09Z DEBUG Waiting until the CA is running >> 2017-05-18T08:40:09Z DEBUG request POST http://ipa2.SITE.net:8080/ca/a >> dmin/ca/getStatus >> 2017-05-18T08:40:09Z DEBUG request body '' >> >> I have tried and that port is indeed inaccessible but I can't establish a >> way to progress this issue from any of the the other log files. Also I have >> seen in the 4.4.4 release notes that IPv6 being disabled on the master can >> cause issues, re-enabling (at least in /etc/hosts) did not seem to help. >> >> If anyone is able to offer ideas that would be very much appreciated. I >> am tempted to remove the --setup-ca option to see if this helps. >> >> Thanks, >> >> Callum >> >> >> >> *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** >> <https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel> >> <https://twitter.com/xonuk> * >> X-on is a trading name of Storacall Technology Ltd a limited company >> registered in England and Wales. >> Registered Office : Avaland House, 110 London Road, Apsley, Hemel >> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. >> The information in this e-mail is confidential and for use by the >> addressee(s) only. If you are not the intended recipient, please notify >> X-on immediately on +44(0)333 332 0000 <+44%20333%20332%200000> and >> delete the >> message from your computer. If you are not a named addressee you must not >> use, disclose, disseminate, distribute, copy, print or reply to this email. >> Views >> or opinions expressed by an individual >> within this email may not necessarily reflect the views of X-on or its >> associated companies. Although X-on routinely screens for viruses, >> addressees should scan this email and any attachments >> for viruses. X-on makes no representation or warranty as to the absence >> of viruses in this email or any attachments. >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project