Am 26.10.2016 um 17:31 schrieb Martin Basti: > > > > On 26.10.2016 17:25, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:48 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:42, Jochen Demmer wrote: >>>> >>>> >>>> Am 26.10.2016 um 16:27 schrieb Martin Basti: >>>>> >>>>> >>>>> >>>>> On 26.10.2016 16:10, Jochen Demmer wrote: >>>>>> Hi, >>>>>> >>>>>> my answers also inline. >>>>>> >>>>>> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>>>>>> >>>>>>> Hi, comments inline >>>>>>> >>>>>>> >>>>>>> On 26.10.2016 14:28, Jochen Demmer wrote: >>>>>>>> Hi, >>>>>>>> >>>>>>>> I've been running and using a single FreeIPA server >>>>>>>> successfully, i.e.: >>>>>>>> Fedora 24 >>>>>>>> freeipa-server-4.3.2-2.fc24.x86_64 >>>>>>>> This server is only available via IPv6, because I can't get >>>>>>>> public lPv4 addresses no more. >>>>>>>> >>>>>>>> Now I want to setup a FreeIPA replica at another site also >>>>>>>> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 >>>>>>>> First I run "ipa-client-install" which succeeds without an error. >>>>>>>> When I invoke "ipa-replica-install" I get this error: >>>>>>>> ipa : ERROR Could not resolve hostname >>>>>>>> *hostname.mydoma.in* using DNS. Clients may not function >>>>>>>> properly. Please check your DNS setup. (Note that this check >>>>>>>> queries IPA DNS directly and ignores /etc/hosts.) >>>>>>>> LOG: >>>>>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server >>>>>>>> *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', >>>>>>>> '2a01:f11:1:1::1']) for *hostname.mydoma.in* >>>>>>> >>>>>>> Can you check with dig or host command if the hostname is really >>>>>>> resolvable on that machine? do you have proper resolver in >>>>>>> /etc/resolv.conf? >>>>>> There is a resolver given in /etc/resolv.conf. When I do "host >>>>>> <<hostname.mydoma.in>>" I get the right IPv6 back. >>>>> That is weird because IPA is doing basically the same. >>>>> >>>>>>> >>>>>>>> >>>>>>>> *hostname.mydoma.in* is actually the DNS entry for the old >>>>>>>> FreeIPA server, which actually resolves, but only to an IPv6 >>>>>>>> address of course. >>>>>>>> I can continue the installation though by entering "yes". >>>>>>>> >>>>>>>> I then get asked: >>>>>>>> Enter the IP address to use, or press Enter to finish. >>>>>>>> Please provide the IP address to be used for this host name: >>>>>>>> >>>>>>>> When I enter the IPv6 address of the new replica host it >>>>>>>> doesn't accept but infinitely asks this question instead. >>>>>>> >>>>>>> Have you pressed enter twice? It should end prompt and continue >>>>>>> with installation >>>>>> Enter without an IP -> No usable IP address provided nor resolved. >>>>>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 >>>>>> cannot use IP network address 2a02:1:2:3::4 >>>>> >>>>> How do you have configured IP address on your interface? Does it >>>>> have prefix /128? >>>> Yes, that's right. It's an IP being assigned statefully by a DHCPv6 >>>> server. >>>> There is also another dynamic IP within the same prefix having /64. >>>> I don't want to use this one of course, because its IID changes. >>>> >>> Could you set (temporarily) prefix for that address to /64 and >>> re-run installer? IPA 4.3 has check that prevents you to use /128 prefix >> Well now I don't even get asked for the IP. The setup wizard >> continues, but I now get this error: >> >> [27/43]: restarting directory server >> ipa : CRITICAL Failed to restart the directory server >> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >> non-zero exit status 1). See the installation log for details. >> [28/43]: setting up initial replication >> [error] error: [Errno 111] Connection refused >> >> LOG: >> 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 >> 2016-10-26T15:14:46Z DEBUG stdout= >> 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service >> failed because the control process exited with error code. See >> "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for >> details. >> 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server >> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >> non-zero exit status 1). See the installation log for details. >> 2016-10-26T15:14:46Z DEBUG duration: 1 seconds >> 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication >> 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): >> >> When I try to restart manually with, "/bin/systemctl restart >> dirsrv@MY-REALM.service" >> this is what systemd logs: >> https://paste.fedoraproject.org/461439/raw/ >> >> > > Could you please check /var/log/dirsrv/slapd-*/errors there might be > more details. > > Did you reused an old IPA server for this installation? > > Martin This is what the logfile says: https://paste.fedoraproject.org/461685/raw/
I tried to install this server as a replica a couple of times, but I even reinstalled all of the software and I keep using ipa-client-install --uninstall and ipa-server-install --uninstall > >>> >>> >>>>> >>>>>>> >>>>>>>> >>>>>>>> Honestly, I can't see what I might have done wrong. >>>>>>>> Old FreeIPA has hostname is in sync forward and reverse record. >>>>>>>> New FreeIPA host as well has hostname that symmetrically >>>>>>>> resolves, even though the hostname is using another second >>>>>>>> level domain. >>>>>>>> >>>>>>>> Any hints? >>>>>>>> Jochen Demmer >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Martin >>>>>> Jochen >>>>>> >>>>> >>>> >>> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project