I meant traceback fot the DNS issue :-)

Could you please provide the reason why gssaproxy didn't start?

journalctl -xe
systemctl status gssproxy
journalctl -u gssproxy

2018-01-09 21:29 GMT+01:00 Alex Corcoles via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:

> Hi,
>
> I have reproduced the problem on the LXC container. The full debug log is
> at:
>
> https://gist.github.com/alexpdp7/b3d7fd48660a1ffb78cb64fd5dc34476
>
> The bit failing is:
>
> [root@ctipa ~]# ipa-replica-install -v -n ipa.pdp7.net -P alex -w $pw
> --mkhomedir
> ...
> ipa         : DEBUG      [11/22]: configuring Gssproxy
>   [11/22]: configuring Gssproxy
> ipa         : DEBUG    Starting external process
> ipa         : DEBUG    args=/usr/sbin/selinuxenabled
> ipa         : DEBUG    Process finished, return code=1
> ipa         : DEBUG    stdout=
> ipa         : DEBUG    stderr=
> ipa         : DEBUG    Starting external process
> ipa         : DEBUG    args=/bin/systemctl restart gssproxy.service
> ipa         : DEBUG    Process finished, return code=1
> ipa         : DEBUG    stdout=
> ipa         : DEBUG    stderr=A dependency job for gssproxy.service
> failed. See 'journalctl -xe' for details.
>
> ipa         : DEBUG    Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 504, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 494, in run_step
>     method()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
> line 242, in configure_gssproxy
>     services.knownservices.gssproxy.restart()
>   File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
> line 322, in restart
>     capture_output, wait)
>   File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
> line 310, in _restart_base
>     skip_output=not capture_output)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 512,
> in run
>     raise CalledProcessError(p.returncode, arg_string, str(output))
> CalledProcessError: Command '/bin/systemctl restart gssproxy.service'
> returned non-zero exit status 1
>
> ipa         : DEBUG      [error] CalledProcessError: Command
> '/bin/systemctl restart gssproxy.service' returned non-zero exit status 1
>   [error] CalledProcessError: Command '/bin/systemctl restart
> gssproxy.service' returned non-zero exit status 1
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
> DEBUG      File "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
> line 172, in execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 333, in run
>     cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 368, in run
>     self.execute()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 392, in execute
>     for _nothing in self._executor():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 421, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 658, in _configure
>     next(executor)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 521, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 518, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 421, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
>     for _nothing in self._installer(self.parent):
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py",
> line 617, in main
>     replica_install(self)
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 386, in decorated
>     func(installer)
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1440, in install
>     ca_file=cafile)
>   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 166, in install_http
>     subject_base=config.subject_base, master_fqdn=config.master_host_name)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
> line 190, in create_instance
>     self.start_creation()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 504, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 494, in run_step
>     method()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
> line 242, in configure_gssproxy
>     services.knownservices.gssproxy.restart()
>   File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
> line 322, in restart
>     capture_output, wait)
>   File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py",
> line 310, in _restart_base
>     skip_output=not capture_output)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 512,
> in run
>     raise CalledProcessError(p.returncode, arg_string, str(output))
>
> ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
> DEBUG    The ipa-replica-install command failed, exception:
> CalledProcessError: Command '/bin/systemctl restart gssproxy.service'
> returned non-zero exit status 1
> ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
> ERROR    Command '/bin/systemctl restart gssproxy.service' returned
> non-zero exit status 1
> ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
> ERROR    The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>
> Cheers,
>
> Álex
>
> On Tue, Jan 9, 2018 at 7:45 PM, Martin Basti via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> do you have a traceback in log? I'm curious where exactly this happened,
>> what is your FreeIPA version?
>>
>> [1]
>> I haven't install FreeIPA in LXC, but I'm happy user of FreeIPA running
>> in LXC :-) So it should work
>>
>> 2018-01-09 11:40 GMT+01:00 Alex Corcoles via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org>:
>>
>>> Hi Marti,
>>>
>>> On Tue, Jan 9, 2018 at 12:46 AM, Martin Basti via FreeIPA-users <
>>> freeipa-users@lists.fedorahosted.org> wrote:
>>>
>>>> it looks that replica is trying to add records to your forward zone.
>>>> What is the hostname of the replica?
>>>>
>>>
>>> Yeah, it's xxx.h2.int.pdp7.net, which is within the forwarded zone.
>>>
>>> I have a dnsmasq acting as DHCP/DNS server in h2.int.pdp7.net to
>>> provide automatic network configuration to VMs. It's a non-routable
>>> network, so I'm not sure what the right setup would be.
>>>
>>> 1. what is not working on lxc?
>>>>
>>>
>>> It was something about GSSAPI or something like that, I'll try to
>>> reproduce and start a new thread about that- but I guess it's more of an
>>> LXC problem (ideally I would like to run my replica on LXC so it consumes
>>> less RAM, but I can live with a full VM).
>>>
>>> Cheers,
>>>
>>> Álex
>>>
>>> 2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <
>>> freeipa-users@lists.fedorahosted.org>:
>>>
>>>> Hi,
>>>>
>>>> I'm labbing a FreeIPA environment for personal use, and I'm getting
>>>> that while bringing up a replica.
>>>>
>>>> I set up my first freeipa-server instance on a cheap VPS on a public
>>>> IP, intend on making it publicly accessible so I can always authenticate my
>>>> laptop even on wild public networks.
>>>>
>>>> I'm adding the replica as a VM(1) on a Proxmox VE, on a private network
>>>> with VPN connectivity to the first public freeipa-server, but I'm getting:
>>>>
>>>> 2018-01-06T20:56:04Z DEBUG The ipa-replica-install command failed,
>>>> exception: ValidationError: invalid 'dnszoneidnsname': only master zones
>>>> can contain records
>>>>
>>>> . I'm trying to create the replica with CA and DNS, and I had set up
>>>> DNS forwarding to the internal DNS on the Proxmox system with:
>>>>
>>>> $ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1
>>>> $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24
>>>> --forwarder=10.42.42.1 --forward-policy=only
>>>>
>>>> on the first server (I run dnsmasq on Proxmox VE, 10.42.42.0/24 -
>>>> h2.int.pdp7.net is the network it manages), and I guess that's messing
>>>> with the replica, but I'm not sure how to troubleshoot this.
>>>>
>>>> Thoughts? Ideas?
>>>>
>>>> Thanks,
>>>>
>>>> Álex
>>>>
>>>> (1) I can't seem to create a freeipa-replica on an LXC container. Is
>>>> this something that can be discussed here or should I take it to LXC?
>>>>
>>>> --
>>>>    ___
>>>>  {~._.~}
>>>>   ( Y )
>>>>  ()~*~()  mail: alex at corcoles dot net
>>>>  (_)-(_)  http://alex.corcoles.net/
>>>>
>>>>
>>>> _______________________________________________
>>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>>> rahosted.org
>>>>
>>>>
>>>
>>>
>>> --
>>> S pozdravom Martin Bašti.
>>>
>>>>
>>>> _______________________________________________
>>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>>> rahosted.org
>>>>
>>>>
>>>
>>>
>>> --
>>>    ___
>>>  {~._.~}
>>>   ( Y )
>>>  ()~*~()  mail: alex at corcoles dot net
>>>  (_)-(_)  http://alex.corcoles.net/
>>>
>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>> rahosted.org
>>>
>>>
>>
>>
>> --
>> S pozdravom Martin Bašti.
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>>
>
>
> --
>    ___
>  {~._.~}
>   ( Y )
>  ()~*~()  mail: alex at corcoles dot net
>  (_)-(_)  http://alex.corcoles.net/
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
S pozdravom Martin Bašti.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to