Meikel Bloch via FreeIPA-users wrote: > Hey everyone, > > just tried to install freeipa on a hetzner cloud server cause i'm actually > looking for alternative to UCS. I still dont get it, why FreeIPA is in need > to be reachable on a public net, but thats not the point here. > > I have a clean, fresh Fedora 40 with running network, hostname resolves, also > reverse dns - behind a OPNsense NAT Gateway with its own ipv4 public ip. > > I have opened the Ports 389 & 636 > > When trying to run ipa-server-install, the following error occurs, where i > cant understand why it cant access the LDAP server. I've checked up with nmap > - port is open. Further LDAP service seems to run. > > Maybe someone has an idea whats going on? > > INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf > INFO: Connecting to LDAP server at ldap://fsn-ipa.domain.tld:389 > ERROR: Unable to access LDAP server: ldap://fsn-ipa.domain.tld:389 > Traceback (most recent call last): > File "<frozen runpy>", line 198, in _run_module_as_main > File "<frozen runpy>", line 88, in _run_code > File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 987, > in <module> > main(sys.argv) > File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 560, > in main > check_ds() > File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 722, > in check_ds > verify_ds_configuration() > File "/usr/lib/python3.12/site-packages/pki/server/pkispawn.py", line 58, > in verify_ds_configuration > deployer.ds_bind() > File "/usr/lib/python3.12/site-packages/pki/server/deployment/__init__.py", > line 2442, in ds_bind > self.ds_connection.simple_bind_s( > File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 248, in > simple_bind_s > msgid = self.simple_bind(who,cred,serverctrls,clientctrls) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 242, in > simple_bind > return > self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 128, in > _ldap_call > result = func(*args,**kwargs) > ^^^^^^^^^^^^^^^^^^^^ > ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", > 'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not connected'} > > 2024-06-29T10:58:32Z CRITICAL Failed to configure CA instance > 2024-06-29T10:58:32Z CRITICAL See the installation logs and the following > files/directories for more information: > 2024-06-29T10:58:32Z CRITICAL /var/log/pki/pki-tomcat > 2024-06-29T10:58:32Z DEBUG Traceback (most recent call last): > File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line > 686, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line > 672, in run_step > method() > File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", > line 678, in __spawn_instance > DogtagInstance.spawn_instance( > File > "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line > 227, in spawn_instance > self.handle_setup_error(e) > File > "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line > 609, in handle_setup_error > raise RuntimeError( > RuntimeError: CA configuration failed. > > 2024-06-29T10:58:32Z DEBUG [error] RuntimeError: CA configuration failed. > 2024-06-29T10:58:32Z DEBUG Removing /root/.dogtag/pki-tomcat/ca > 2024-06-29T10:58:32Z DEBUG File > "/usr/lib/python3.12/site-packages/ipapython/admintool.py", line 180, in > execute > return_value = self.run() > ^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/cli.py", line > 344, in run > return cfgr.run() > ^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 360, in run > return self.execute() > ^^^^^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 386, in execute > for rval in self._executor(): > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 435, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 468, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 425, in __runner > step() > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 419, in step_next > return next(self.__gen) > ^^^^^^^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > ^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 663, in _configure > next(executor) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 435, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 468, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 526, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 523, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 425, in __runner > step() > File "/usr/lib/python3.12/site-packages/ipapython/install/core.py", line > 419, in step_next > return next(self.__gen) > ^^^^^^^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.12/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.12/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > ^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib/python3.12/site-packages/ipapython/install/common.py", line > 65, in _install > for unused in self._installer(self.parent): > File > "/usr/lib/python3.12/site-packages/ipaserver/install/server/__init__.py", > line 608, in main > master_install(self) > File > "/usr/lib/python3.12/site-packages/ipaserver/install/server/install.py", line > 278, in decorated > func(installer) > File > "/usr/lib/python3.12/site-packages/ipaserver/install/server/install.py", line > 960, in install > ca.install_step_0(False, None, options, custodia=custodia) > File "/usr/lib/python3.12/site-packages/ipaserver/install/ca.py", line 607, > in install_step_0 > ca.configure_instance( > File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", > line 515, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line > 686, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.12/site-packages/ipaserver/install/service.py", line > 672, in run_step > method() > File "/usr/lib/python3.12/site-packages/ipaserver/install/cainstance.py", > line 678, in __spawn_instance > DogtagInstance.spawn_instance( > File > "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line > 227, in spawn_instance > self.handle_setup_error(e) > File > "/usr/lib/python3.12/site-packages/ipaserver/install/dogtaginstance.py", line > 609, in handle_setup_error > raise RuntimeError( > > 2024-06-29T10:58:32Z DEBUG The ipa-server-install command failed, exception: > RuntimeError: CA configuration failed. > 2024-06-29T10:58:32Z ERROR CA configuration failed. > 2024-06-29T10:58:32Z ERROR The ipa-server-install command failed. See > /var/log/ipaserver-install.log for more information >
What do you mean you have "opened ports"? This is all running on the local system so it should have no problem connecting to itself. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
