OK, just reproduced the error:

[root@ipa2 ~]# ipa-replica-install -v -w $pw -n ipa.pdp7.net -P alex
--mkhomedir --setup-ca --setup-dns --auto-forwarders
[...]
ipa         : DEBUG      [2/8]: setting up our own record
  [2/8]: setting up our own record
ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG    raw: dnsrecord_add(u'
h2.int.pdp7.net', u'ipa2', arecord=u'10.42.42.83', version=u'2.228')
ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG    dnsrecord_add(<DNS name
h2.int.pdp7.net.>, <DNS name ipa2>, arecord=(u'10.42.42.83',),
a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False,
structured=False, all=False, raw=False, version=u'2.228')
ipa         : DEBUG    Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 494, in run_step
    method()
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
852, in __add_self
    self.__add_master_records(self.fqdn, self.ip_addresses)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
843, in __add_master_records
    add_fwd_rr(zone, host, addr, self.api)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
367, in add_fwd_rr
    add_rr(zone, host, "A", ip_address, None, api)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
358, in add_rr
    api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in
__call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in
__do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in
run
    return self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line
3666, in execute
    result = super(dnsrecord_add, self).execute(*keys, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py",
line 1141, in execute
    dn = self.obj.get_dn(*keys, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line
3161, in get_dn
    dn = self.check_zone(keys[-2], **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line
3152, in check_zone
    error=_(u'only master zones can contain records')
ValidationError: invalid 'dnszoneidnsname': only master zones can contain
records

ipa         : DEBUG      [error] ValidationError: invalid
'dnszoneidnsname': only master zones can contain records
  [error] ValidationError: invalid 'dnszoneidnsname': only master zones can
contain records
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
DEBUG      File "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
333, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
368, in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
392, in execute
    for _nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
434, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
463, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
453, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
424, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
421, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
658, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
434, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
463, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
521, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
453, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
518, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
453, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
424, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
421, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line
63, in _install
    for _nothing in self._installer(self.parent):
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py",
line 617, in main
    replica_install(self)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 386, in decorated
    func(installer)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1479, in install
    dns.install(False, True, options, api)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line
338, in install
    bind.create_instance()
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
719, in create_instance
    self.start_creation()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 494, in run_step
    method()
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
852, in __add_self
    self.__add_master_records(self.fqdn, self.ip_addresses)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
843, in __add_master_records
    add_fwd_rr(zone, host, addr, self.api)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
367, in add_fwd_rr
    add_rr(zone, host, "A", ip_address, None, api)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line
358, in add_rr
    api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in
__call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in
__do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in
run
    return self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line
3666, in execute
    result = super(dnsrecord_add, self).execute(*keys, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py",
line 1141, in execute
    dn = self.obj.get_dn(*keys, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line
3161, in get_dn
    dn = self.check_zone(keys[-2], **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line
3152, in check_zone
    error=_(u'only master zones can contain records')

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
DEBUG    The ipa-replica-install command failed, exception:
ValidationError: invalid 'dnszoneidnsname': only master zones can contain
records
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
ERROR    invalid 'dnszoneidnsname': only master zones can contain records
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
ERROR    The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information

, so yeah, it's:

dnsrecord_add(u'h2.int.pdp7.net', u'ipa2', arecord=u'10.42.42.83',
version=u'2.228')

which is the host name of the replica and its IP, which is within the
forwarded zones:

$ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1
$ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24
--forwarder=10.42.42.1 --forward-policy=only

Maybe I can add the replica under an ipa.pdp7.net hostname? I'd really
prefer to keep the replica with its DNS/DHCP setup, but I suppose using a
different hostname is problematic. Can we skip adding this entry?


On Tue, Jan 9, 2018 at 10:05 PM, Alex Corcoles <a...@corcoles.net> wrote:

> Ah, wait, this new replica doesn't have CA and DNS. Will try various
> combinations and post back.
>
> On Tue, Jan 9, 2018 at 10:03 PM, Alex Corcoles <a...@corcoles.net> wrote:
>
>> That's weird. I've now tried a replica install on a fresh VM and it has
>> worked- exact same parameters as before ¬ ¬U, no "invalid
>> 'dnszoneidnsname': only master zones can contain records". Maybe I had a
>> problem with the previous install failing and me cleaning up/retrying
>> incorrectly.
>>
>> Never mind...
>>
>> On Tue, Jan 9, 2018 at 7:45 PM, Martin Basti via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org> wrote:
>>
>>> do you have a traceback in log? I'm curious where exactly this happened,
>>> what is your FreeIPA version?
>>>
>>> [1]
>>> I haven't install FreeIPA in LXC, but I'm happy user of FreeIPA running
>>> in LXC :-) So it should work
>>>
>>> 2018-01-09 11:40 GMT+01:00 Alex Corcoles via FreeIPA-users <
>>> freeipa-users@lists.fedorahosted.org>:
>>>
>>>> Hi Marti,
>>>>
>>>> On Tue, Jan 9, 2018 at 12:46 AM, Martin Basti via FreeIPA-users <
>>>> freeipa-users@lists.fedorahosted.org> wrote:
>>>>
>>>>> it looks that replica is trying to add records to your forward zone.
>>>>> What is the hostname of the replica?
>>>>>
>>>>
>>>> Yeah, it's xxx.h2.int.pdp7.net, which is within the forwarded zone.
>>>>
>>>> I have a dnsmasq acting as DHCP/DNS server in h2.int.pdp7.net to
>>>> provide automatic network configuration to VMs. It's a non-routable
>>>> network, so I'm not sure what the right setup would be.
>>>>
>>>> 1. what is not working on lxc?
>>>>>
>>>>
>>>> It was something about GSSAPI or something like that, I'll try to
>>>> reproduce and start a new thread about that- but I guess it's more of an
>>>> LXC problem (ideally I would like to run my replica on LXC so it consumes
>>>> less RAM, but I can live with a full VM).
>>>>
>>>> Cheers,
>>>>
>>>> Álex
>>>>
>>>> 2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <
>>>> freeipa-users@lists.fedorahosted.org>:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm labbing a FreeIPA environment for personal use, and I'm getting
>>>>> that while bringing up a replica.
>>>>>
>>>>> I set up my first freeipa-server instance on a cheap VPS on a public
>>>>> IP, intend on making it publicly accessible so I can always authenticate 
>>>>> my
>>>>> laptop even on wild public networks.
>>>>>
>>>>> I'm adding the replica as a VM(1) on a Proxmox VE, on a private
>>>>> network with VPN connectivity to the first public freeipa-server, but I'm
>>>>> getting:
>>>>>
>>>>> 2018-01-06T20:56:04Z DEBUG The ipa-replica-install command failed,
>>>>> exception: ValidationError: invalid 'dnszoneidnsname': only master zones
>>>>> can contain records
>>>>>
>>>>> . I'm trying to create the replica with CA and DNS, and I had set up
>>>>> DNS forwarding to the internal DNS on the Proxmox system with:
>>>>>
>>>>> $ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1
>>>>> $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24
>>>>> --forwarder=10.42.42.1 --forward-policy=only
>>>>>
>>>>> on the first server (I run dnsmasq on Proxmox VE, 10.42.42.0/24 -
>>>>> h2.int.pdp7.net is the network it manages), and I guess that's
>>>>> messing with the replica, but I'm not sure how to troubleshoot this.
>>>>>
>>>>> Thoughts? Ideas?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Álex
>>>>>
>>>>> (1) I can't seem to create a freeipa-replica on an LXC container. Is
>>>>> this something that can be discussed here or should I take it to LXC?
>>>>>
>>>>> --
>>>>>    ___
>>>>>  {~._.~}
>>>>>   ( Y )
>>>>>  ()~*~()  mail: alex at corcoles dot net
>>>>>  (_)-(_)  http://alex.corcoles.net/
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>>>> rahosted.org
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> S pozdravom Martin Bašti.
>>>>
>>>>>
>>>>> _______________________________________________
>>>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>>>> rahosted.org
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>    ___
>>>>  {~._.~}
>>>>   ( Y )
>>>>  ()~*~()  mail: alex at corcoles dot net
>>>>  (_)-(_)  http://alex.corcoles.net/
>>>>
>>>>
>>>> _______________________________________________
>>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>>> rahosted.org
>>>>
>>>>
>>>
>>>
>>> --
>>> S pozdravom Martin Bašti.
>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>> rahosted.org
>>>
>>>
>>
>>
>> --
>>    ___
>>  {~._.~}
>>   ( Y )
>>  ()~*~()  mail: alex at corcoles dot net
>>  (_)-(_)  http://alex.corcoles.net/
>>
>>
>
>
> --
>    ___
>  {~._.~}
>   ( Y )
>  ()~*~()  mail: alex at corcoles dot net
>  (_)-(_)  http://alex.corcoles.net/
>
>


-- 
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to