On 06/10/15 11:06, Jan Pazdziora wrote:
On Mon, Oct 05, 2015 at 09:47:14AM -0400, Simo Sorce wrote:
On 05/10/15 09:42, Oleg Fayans wrote:
1. At one point ipa-replica-install on a configured client has thrown
the following error:

Configuring ipa-custodia
   [1/5]: Generating ipa-custodia config file
   [2/5]: Generating ipa-custodia keys
   [3/5]: Importing RA Key
   [error] HTTPError: 502 Server Error: Proxy Error
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    502 Server
Error: Proxy Error

(corresponding part of the error log of dirsrv attached)

Seem like the peer server was unreachable ?
Was there a networking problem ?

I've hit the same issue, during demo today, on a third replica I was
creating. I was using four VMs on my laptop so no networking issue
should have caused that.

On the replica (being promoted), /var/log/ipareplica-install.log ends with

On the master, in the error_log, I see

[Tue Oct 06 13:22:33.196769 2015] [wsgi:error] [pid 10789] ipa: INFO: 
[jsonserver_session] ad...@example.test: 
service_add(u'HTTP/ipa-4.example.t...@example.test', version=u'2.112'): SUCCESS
[Tue Oct 06 13:22:39.231882 2015] [wsgi:error] [pid 10788] ipa: INFO: 
[xmlserver] host/ipa-4.example.t...@example.test: 
cert_request(u'MIIDWDCCAkACAQAwHTEbMBkGA1UEAxMSaXBhLTQuZXhhbXBsZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1pFdI1FuH1ad882x27i+oi3alabIt1hZjeGyT2zfEWaLajgAcDtT1RjWWFzrWtn9YJAe+3cm7R21MI8eFS1aCBlPaRgBLtefaakQy99k8p3IC8LwZxX9bvPPTuZVuF73DYXmaQAgpe/W7TLhCSFwZqht5D8aG0B7qm2E+mpclqKdlbk9egq8K8zFxs4mbLAuEd95wpSBJWnuaTPwRzrjpniCdl5OFof+ImTIMTVS6+5RUxB6KCi5WpGLbrAZWpHZ80a+weo0RK098r1GMT7LSTTZvOmJ22d15Ub0vQXTqVgAMVtt221vEZ1ZhRsLTbeh89JsDKOonNWk6VwOsYHnQIDAQABoIH1MCUGCSqGSIb3DQEJFDEYHhYAUwBlAHIAdgBlAHIALQBDAGUAcgB0MIHLBgkqhkiG9w0BCQ4xgb0wgbowgYcGA1UdEQEBAAR9MHugNAYKKwYBBAGCNxQCA6AmDCRIVFRQL2lwYS00LmV4YW1wbGUudGVzdEBFWEFNUExFLlRFU1SgQwYGKwYBBQICoDkwN6AOGwxFWEFNUExFLlRFU1ShJTAjoAMCAQGhHDAaGwRIVFRQGxJpcGEtNC5leGFtcGxlLnRlc3QwDAYDVR0TAQH/BAIwADAgBgNVHQ4BAQAEFgQUZsVqOSFYBWZnFs42WMXGAag8w20wDQYJKoZIhvcNAQELBQADggEBAJDlTLM1Iyb4We61xIXttSReAbi0seO/ZevSiPN+orHdr+YL!
SDpbS6CSXm
5X9Asvlo8iu0iRFrj/CUJAyPu+M7v+lfr3VwrKErycrczt5O4xgGPGfs0XODSlwQOG57SUyQyLXdyLPJtks/ah/LkfbCevew0cjhSnjEN7RpbV6Azh05vMyzF6J7NXlRLFzDDcz099Tug4Siuwsi/Y3AD0b+IR6I1ZOfLKzzzSEu+sC32JzaVythN3TbPqjeyGy/on3JsQTlznzn2LEVVoPioyF1oHyI7hG1OheTNjCoZXgfJUp1Ftct6YhsfhzglORcbmqDL00DdCU/789G5IworCCYo=',
 principal=u'HTTP/ipa-4.example.t...@example.test', add=True, version=u'2.51'): 
SUCCESS
[Tue Oct 06 13:22:47.652434 2015] [proxy_http:error] [pid 1394] (20014)Internal 
error: [client 192.168.100.229:49031] AH01102: error reading status line from 
remote server httpd-UDS:0
[Tue Oct 06 13:22:47.652476 2015] [proxy:error] [pid 1394] [client 
192.168.100.229:49031] AH00898: Error reading from remote server returned by 
/ipa/keys/ra/ipaCert
[Tue Oct 06 13:24:31.017069 2015] [wsgi:error] [pid 10789] ipa: INFO: 
[jsonserver_kerb] ad...@example.test: ping(): SUCCESS

Was custodia running ?
Can you check its log file ?

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to