Hello Community! I am trying to add a new Fedora 34 server as secondary master. The idm01 is still Fedora 33 but versions are the same as I can see.
The issue I am hitting is by installing the replication (Client works fine). Configuring the web interface (httpd) [1/21]: stopping httpd [2/21]: backing up ssl.conf [3/21]: disabling nss.conf [4/21]: configuring mod_ssl certificate paths [5/21]: setting mod_ssl protocol list [6/21]: configuring mod_ssl log directory [7/21]: disabling mod_ssl OCSP [8/21]: adding URL rewriting rules [9/21]: configuring httpd [10/21]: setting up httpd keytab [11/21]: configuring Gssproxy [12/21]: setting up ssl [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Log files: 2021-09-08T11:33:07Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist 2021-09-08T11:33:07Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf' 2021-09-08T11:33:07Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist 2021-09-08T11:33:07Z DEBUG step duration: httpd __configure_http 0.26 sec 2021-09-08T11:33:07Z DEBUG [10/21]: setting up httpd keytab 2021-09-08T11:33:07Z DEBUG raw: service_add('HTTP/[email protected]', force=True, version='2.242') 2021-09-08T11:33:07Z DEBUG service_add(ipapython.kerberos.Principal('HTTP/[email protected]'), force=True, skip_host_check=False, all=False, raw=False, version='2.242', no_members=False) 2021-09-08T11:33:07Z DEBUG flushing ldapi://%2Frun%2Fslapd-TALHEIM-IT-AT.socket from SchemaCache 2021-09-08T11:33:07Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-TALHEIM-IT-AT.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fb640f00160> 2021-09-08T11:33:08Z DEBUG raw: host_show('idm02.example.com', version='2.242') 2021-09-08T11:33:08Z DEBUG host_show('idm02.example.com', rights=False, all=False, raw=False, version='2.242', no_members=False) 2021-09-08T11:33:08Z DEBUG Backing up system configuration file '/var/lib/ipa/gssproxy/http.keytab' 2021-09-08T11:33:08Z DEBUG -> Not backing up - '/var/lib/ipa/gssproxy/http.keytab' doesn't exist 2021-09-08T11:33:08Z DEBUG Starting external process 2021-09-08T11:33:08Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/var/lib/ipa/gssproxy/http.keytab', '-p', 'HTTP/[email protected]', '-H', 'ldapi://%2Frun%2Fslapd-TALHEIM-IT-AT.socket', '-Y', 'EXTERNAL'] 2021-09-08T11:33:08Z DEBUG Process finished, return code=0 2021-09-08T11:33:08Z DEBUG stdout= 2021-09-08T11:33:08Z DEBUG stderr=Keytab successfully retrieved and stored in: /var/lib/ipa/gssproxy/http.keytab 2021-09-08T11:33:08Z DEBUG Waiting up to 300 seconds for replication (ldap://idm01.example.com:389) krbprincipalname=HTTP/[email protected],cn=services,cn=accounts,dc=talheim-it,dc=at (objectclass=*) 2021-09-08T11:33:09Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('krbprincipalname=HTTP/[email protected],cn=services,cn=accounts,dc=talheim-it,dc=at'), {'krbLastPwdChange': [b'20210908113308Z'], 'krbCanonicalName': [b'HTTP/[email protected]'], 'objectClass': [b'krbprincipal', b'krbprincipalaux', b'krbticketpolicyaux', b'ipaobject', b'ipaservice', b'pkiuser', b'ipakrbprincipal', b'top'], 'managedBy': [b'fqdn=idm02.example.com,cn=computers,cn=accounts,dc=talheim-it,dc=at'], 'ipaKrbPrincipalAlias': [b'HTTP/[email protected]'], 'krbPrincipalName': [b'HTTP/[email protected]'], 'ipaUniqueID': [b'8a3a99ec-1098-11ec-b7a5-860000d9fd13']})] 2021-09-08T11:33:09Z DEBUG step duration: httpd request_service_keytab 1.56 sec 2021-09-08T11:33:09Z DEBUG [11/21]: configuring Gssproxy 2021-09-08T11:33:09Z DEBUG Starting external process 2021-09-08T11:33:09Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-08T11:33:09Z DEBUG Process finished, return code=0 2021-09-08T11:33:09Z DEBUG stdout= 2021-09-08T11:33:09Z DEBUG stderr= 2021-09-08T11:33:09Z DEBUG Starting external process 2021-09-08T11:33:09Z DEBUG args=['/sbin/restorecon', '/etc/gssproxy/10-ipa.conf'] 2021-09-08T11:33:09Z DEBUG Process finished, return code=0 2021-09-08T11:33:09Z DEBUG stdout= 2021-09-08T11:33:09Z DEBUG stderr= 2021-09-08T11:33:09Z DEBUG Starting external process 2021-09-08T11:33:09Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service'] 2021-09-08T11:33:09Z DEBUG Process finished, return code=0 2021-09-08T11:33:09Z DEBUG stdout= 2021-09-08T11:33:09Z DEBUG stderr= 2021-09-08T11:33:09Z DEBUG Starting external process 2021-09-08T11:33:09Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service'] 2021-09-08T11:33:09Z DEBUG Process finished, return code=0 2021-09-08T11:33:09Z DEBUG stdout=active 2021-09-08T11:33:09Z DEBUG stderr= 2021-09-08T11:33:09Z DEBUG Restart of gssproxy.service complete 2021-09-08T11:33:09Z DEBUG step duration: httpd configure_gssproxy 0.09 sec 2021-09-08T11:33:09Z DEBUG [12/21]: setting up ssl 2021-09-08T11:33:09Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2021-09-08T11:33:10Z DEBUG certmonger request is in state 'CA_UNREACHABLE' 2021-09-08T11:33:10Z DEBUG Cert request 20210908113309 failed: CA_UNREACHABLE (Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) 2021-09-08T11:33:10Z DEBUG Giving up on cert request 20210908113309 2021-09-08T11:33:10Z DEBUG certmonger request is in state 'GENERATING_CSR' 2021-09-08T11:33:10Z DEBUG certmonger request is in state 'SUBMITTING' 2021-09-08T11:33:11Z DEBUG certmonger request is in state 'CA_UNREACHABLE' 2021-09-08T11:33:11Z DEBUG Cert request 20210908113310 failed: CA_UNREACHABLE (Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) 2021-09-08T11:33:11Z DEBUG Giving up on cert request 20210908113310 2021-09-08T11:33:11Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/ipaserver/install/httpinstance.py", line 398, in __setup_ssl certmonger.request_and_wait_for_cert(**args) File "/usr/lib/python3.9/site-packages/ipalib/install/certmonger.py", line 414, in request_and_wait_for_cert raise RuntimeError( RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 635, in start_creation run_step(full_msg, method) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 621, in run_step method() File "/usr/lib/python3.9/site-packages/ipaserver/install/httpinstance.py", line 402, in __setup_ssl certmonger.request_and_wait_for_cert(**args) File "/usr/lib/python3.9/site-packages/ipalib/install/certmonger.py", line 414, in request_and_wait_for_cert raise RuntimeError( RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) 2021-09-08T11:33:11Z DEBUG [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) 2021-09-08T11:33:11Z DEBUG File "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line 342, in run return cfgr.run() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise raise value File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.9/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py", line 608, in main replica_install(self) File "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", line 401, in decorated func(installer) File "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", line 1301, in install install_http( File "/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py", line 163, in install_http http.create_instance( File "/usr/lib/python3.9/site-packages/ipaserver/install/httpinstance.py", line 151, in create_instance self.start_creation() File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 635, in start_creation run_step(full_msg, method) File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line 621, in run_step method() File "/usr/lib/python3.9/site-packages/ipaserver/install/httpinstance.py", line 402, in __setup_ssl certmonger.request_and_wait_for_cert(**args) File "/usr/lib/python3.9/site-packages/ipalib/install/certmonger.py", line 414, in request_and_wait_for_cert raise RuntimeError( 2021-09-08T11:33:11Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) 2021-09-08T11:33:11Z ERROR Certificate issuance failed (CA_UNREACHABLE: Server at https://idm01.example.com/ipa/json failed request, will retry: 4205 (attribute "entryuuid" not allowed).) 2021-09-08T11:33:11Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Made on a completely fresh deployed VM. Yours, Mathias _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
