Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start
On 10/27/2016 10:48 AM, Jochen Demmer wrote: Am 27.10.2016 um 10:21 schrieb Martin Basti: On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. That is weird because IPA is doing basically the same. *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 How do you have configured IP address on your interface? Does it have prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. Could you set (temporarily) prefix for that address to /64 and re-run installer? IPA 4.3 has check that prevents you to use /128 prefix Well now I don't even get asked for the IP. The setup wizard continues, but I now get this error: [27/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. [28/43]: setting up initial replication [error] error: [Errno 111] Connection refused LOG: 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 2016-10-26T15:14:46Z DEBUG stdout= 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service failed because the control process exited with error code. See "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for details. 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. 2016-10-26T15:14:46Z DEBUG duration: 1 seconds 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): When I try to restart manually with, "/bin/systemctl restart dirsrv@MY-REALM.service" this is what systemd logs: https://paste.fedoraproject.org/461439/raw/ Could you please check /var/log/dirsrv/slapd-*/errors there might be more details. Did you reused an old IPA server for this installation? Martin This is what the logfile says: https://paste.fedoraproject.org/461685/raw/ I tried to install this server as a replica a couple of times, but I even reinstalled all of the software and I keep using ipa-client-install --uninstall and ipa-server-install --uninstall It looks that DS database is somehow corrupted, is possible that there might be some leftovers from previous installations start: Failed to start databases, err=-1 BDB0092 Unknown error: -1 I'm not sure what that error means, maybe DS guys will know Can you run server uninstall twice? It should remove all leftovers, and then check /var/lib/dirsrv/ if there are any slapd-* directories, if yes please remove them Martin I uninstalled freeipa-*, deleted /etc/dirsrv and
Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start
On 10/27/2016 10:48 AM, Jochen Demmer wrote: Am 27.10.2016 um 10:21 schrieb Martin Basti: On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. That is weird because IPA is doing basically the same. *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 How do you have configured IP address on your interface? Does it have prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. Could you set (temporarily) prefix for that address to /64 and re-run installer? IPA 4.3 has check that prevents you to use /128 prefix Well now I don't even get asked for the IP. The setup wizard continues, but I now get this error: [27/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. [28/43]: setting up initial replication [error] error: [Errno 111] Connection refused LOG: 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 2016-10-26T15:14:46Z DEBUG stdout= 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service failed because the control process exited with error code. See "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for details. 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. 2016-10-26T15:14:46Z DEBUG duration: 1 seconds 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): When I try to restart manually with, "/bin/systemctl restart dirsrv@MY-REALM.service" this is what systemd logs: https://paste.fedoraproject.org/461439/raw/ Could you please check /var/log/dirsrv/slapd-*/errors there might be more details. Did you reused an old IPA server for this installation? Martin This is what the logfile says: https://paste.fedoraproject.org/461685/raw/ I tried to install this server as a replica a couple of times, but I even reinstalled all of the software and I keep using ipa-client-install --uninstall and ipa-server-install --uninstall It looks that DS database is somehow corrupted, is possible that there might be some leftovers from previous installations start: Failed to start databases, err=-1 BDB0092 Unknown error: -1 I'm not sure what that error means, maybe DS guys will know Can you run server uninstall twice? It should remove all leftovers, and then check /var/lib/dirsrv/ if there are any slapd-* directories, if yes please remove them Martin I
Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start
Am 27.10.2016 um 10:21 schrieb Martin Basti: > > > > On 27.10.2016 10:02, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 17:31 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: > > > > On 26.10.2016 16:42, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:27 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: > > Hi, comments inline > > > On 26.10.2016 14:28, Jochen Demmer wrote: >> Hi, >> >> I've been running and using a single FreeIPA server >> successfully, i.e.: >> Fedora 24 >> freeipa-server-4.3.2-2.fc24.x86_64 >> This server is only available via IPv6, because I can't get >> public lPv4 addresses no more. >> >> Now I want to setup a FreeIPA replica at another site also >> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 >> First I run "ipa-client-install" which succeeds without an error. >> When I invoke "ipa-replica-install" I get this error: >> ipa : ERRORCould not resolve hostname >> *hostname.mydoma.in* using DNS. Clients may not function >> properly. Please check your DNS setup. (Note that this check >> queries IPA DNS directly and ignores /etc/hosts.) >> LOG: >> 2016-10-26T12:14:39Z DEBUG Search DNS server >> *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', >> '2a01:f11:1:1::1']) for *hostname.mydoma.in* > > Can you check with dig or host command if the hostname is > really resolvable on that machine? do you have proper resolver > in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. >>> That is weird because IPA is doing basically the same. >>> > >> >> *hostname.mydoma.in* is actually the DNS entry for the old >> FreeIPA server, which actually resolves, but only to an IPv6 >> address of course. >> I can continue the installation though by entering "yes". >> >> I then get asked: >> Enter the IP address to use, or press Enter to finish. >> Please provide the IP address to be used for this host name: >> >> When I enter the IPv6 address of the new replica host it >> doesn't accept but infinitely asks this question instead. > > Have you pressed enter twice? It should end prompt and > continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 >>> >>> How do you have configured IP address on your interface? Does it >>> have prefix /128? >> Yes, that's right. It's an IP being assigned statefully by a >> DHCPv6 server. >> There is also another dynamic IP within the same prefix having >> /64. I don't want to use this one of course, because its IID changes. >> > Could you set (temporarily) prefix for that address to /64 and > re-run installer? IPA 4.3 has check that prevents you to use /128 > prefix Well now I don't even get asked for the IP. The setup wizard continues, but I now get this error: [27/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. [28/43]: setting up initial replication [error] error: [Errno 111] Connection refused LOG: 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 2016-10-26T15:14:46Z DEBUG stdout= 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service failed because the control process exited with error code. See "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for details. 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. 2016-10-26T15:14:46Z DEBUG duration: 1 seconds 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): When I try to restart manually with, "/bin/systemctl restart dirsrv@MY-REALM.service" this is what systemd logs: https://paste.fedoraproject.org/461439/raw/ >>> >>> Could you please check