[Freeipa-devel] [freeipa PR#894][opened] Fixing ipa-replica-install --setup-kra if it's the first KRA in topology

felipevolpone via FreeIPA-devel Fri, 23 Jun 2017 11:51:34 -0700

   URL: https://github.com/freeipa/freeipa/pull/894
Author: felipevolpone
 Title: #894: Fixing ipa-replica-install --setup-kra if it's the first KRA in 
topology
Action: opened


PR body:
"""
I'm trying to fix the ticket, but I'm not quite sure of how to do it. Until 
now, I removed the exception and called the api in kra to install it. However, 
I'm getting an exception:
```
bash-4.3$ sudo python /usr/sbin/ipa-replica-install -r 
DOM-116.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM --setup-kra --setup-ca
WARNING: conflicting time&date synchronization service 'chronyd' will be 
disabled in favor of ntpd

IPA client is already configured on this system, ignoring the --domain, 
--server, --realm, --hostname, --password and --keytab options.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    
Timed out trying to obtain keys.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
more information
```

from /var/log/ipareplica-install.log  
```
2017-06-23T18:38:44Z DEBUG stderr=
2017-06-23T18:38:44Z DEBUG Destroyed connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG Created connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True, 
all=True, version=u'2.228')
2017-06-23T18:38:44Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True, 
raw=False, version=u'2.228', no_members=False)
2017-06-23T18:38:44Z DEBUG flushing 
ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com from SchemaCache
2017-06-23T18:38:44Z DEBUG retrieving schema for SchemaCache 
url=ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f73c6769f38>
2017-06-23T18:38:44Z DEBUG Destroyed connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG Created connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG flushing 
ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com from SchemaCache
2017-06-23T18:38:44Z DEBUG retrieving schema for SchemaCache 
url=ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f73c6769c20>
2017-06-23T18:38:44Z DEBUG No IPA DNS servers, skipping forward/reverse 
resolution check
2017-06-23T18:38:44Z DEBUG Initializing principal 
host/vm-058-064.abc.idm.lab.eng.brq.redhat....@dom-116.abc.idm.lab.eng.brq.redhat.com
 using keytab /etc/krb5.keytab
2017-06-23T18:38:44Z DEBUG using ccache /tmp/krbcc9omA2g/ccache
2017-06-23T18:38:44Z DEBUG Attempt 1/1: success
2017-06-23T18:38:44Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-06-23T18:38:44Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-06-23T18:38:44Z INFO Waiting up to 300 seconds to see our keys appear on 
host: None
2017-06-23T18:38:45Z DEBUG Transient error getting keys: '{'desc': "Can't 
contact LDAP server"}'
2017-06-23T18:43:45Z DEBUG Destroyed connection context.ldap2_140135237350736
2017-06-23T18:43:45Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, 
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, 
in run
    self.validate()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, 
in validate
    for _nothing in self._validator():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, 
in _handle_validate_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, 
in _configure
    next(validator)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, 
in _handle_validate_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, 
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, 
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, 
in _install
    for _nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", 
line 613, in main
    replica_promote_check(self)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 386, in decorated
    func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 408, in decorated
    func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 1270, in promote_check
    raise ScriptError(e)

2017-06-23T18:43:45Z DEBUG The ipa-replica-install command failed, exception: 
ScriptError: Timed out trying to obtain keys.
2017-06-23T18:43:45Z ERROR Timed out trying to obtain keys.
2017-06-23T18:43:45Z ERROR The ipa-replica-install command failed. See 
/var/log/ipareplica-install.log for more information
```

There is a high chance that I'm getting the wrong path here, so if there is 
someone able to help me (pointing to some docs or explaining more details of 
it), it would be great.

Ticket https://pagure.io/freeipa/issue/7008
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/894/head:pr894
git checkout pr894

From 50cec8cdfd5ad16f1b4414a6774e947f3c419d91 Mon Sep 17 00:00:00 2001
From: Felipe Volpone <felipevolp...@gmail.com>
Date: Fri, 23 Jun 2017 15:32:22 -0300
Subject: [PATCH] Fixing ipa-replica-install --setup-kra if it's the first KRA
 in topology

---
 ipaserver/install/server/replicainstall.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 4f28de25bd..0c1545a1c3 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1252,11 +1252,10 @@ def promote_check(installer):
             config.kra_host_name = kra_host
             kra_enabled = True
         else:
-            if options.setup_kra:
-                root_logger.error("There is no KRA server in the domain, "
-                                  "can't setup a KRA clone")
-                raise ScriptError(rval=3)
             kra_enabled = False
+            if options.setup_kra:
+                kra.install(api, config, options)
+                kra_enabled = True
 
         if ca_enabled:
             options.realm_name = config.realm_name

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#894][opened] Fixing ipa-replica-install --setup-kra if it's the first KRA in topology

Reply via email to