alexey safonov via FreeIPA-users wrote: > Hi, > > I'm struggling couple of weeks with installing replica in cloud. I > know that we definitely have no blocked ports, but not sure what is > the issue here: > > from new replica: > > /usr/sbin/ipa-replica-conncheck --master qb-mum-vm01.int > --auto-master-check --realm INT --hostname gcp-nas-vm01.int > --ca-cert-file /etc/ipa/ca.crt > Check connection from replica to remote master 'qb-mum-vm01.int': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos Kpasswd: TCP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > The following list of ports use UDP protocol and would need to be > checked manually: > Kerberos KDC: UDP (88): SKIPPED > Kerberos Kpasswd: UDP (464): SKIPPED > > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > Check RPC connection to remote master > Execute check on remote master > ERROR: Remote master check failed with following error message(s): > an internal error has occurred > > On main server: > [Mon Nov 11 14:32:01.426513 2024] [:warn] [pid 343202:tid 343369] > [client 10.128.0.52:48930] failed to set perms (3140) on file > (/run/ipa/ccaches/asafonov@INT-EqAXFh)!, referer: > https://qb-mum-vm01.int/ipa/xml > [Mon Nov 11 14:32:01.439064 2024] [wsgi:error] [pid 343143:tid 343391] > [remote 10.128.0.52:48930] ipa: INFO: [jsonserver_session] > asafonov@INT: ping(): SUCCESS > [Mon Nov 11 14:32:01.676346 2024] [:warn] [pid 343202:tid 343370] > [client 10.128.0.52:48930] failed to set perms (3140) on file > (/run/ipa/ccaches/asafonov@INT-EqAXFh)!, referer: > https://qb-mum-vm01.int/ipa/xml > [Mon Nov 11 14:32:01.687507 2024] [wsgi:error] [pid 343142:tid 343394] > [remote 10.128.0.52:48930] ipa: INFO: [jsonserver_session] > asafonov@INT: ping/1(version='2.253'): SUCCESS > [Mon Nov 11 14:32:01.924408 2024] [:warn] [pid 343202:tid 343373] > [client 10.128.0.52:48930] failed to set perms (3140) on file > (/run/ipa/ccaches/asafonov@INT-EqAXFh)!, referer: > https://qb-mum-vm01.int/ipa/xml > [Mon Nov 11 14:32:27.028832 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] ipa: ERROR: non-public: DBusException: > org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible > causes include: the remote application did not send a reply, the > message bus security policy blocked the reply, the reply timeout > expired, or the network connection was broken. > [Mon Nov 11 14:32:27.028892 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] Traceback (most recent call last): > [Mon Nov 11 14:32:27.028903 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib/python3.9/site-packages/ipaserver/rpcserver.py", line 417, > in wsgi_execute > [Mon Nov 11 14:32:27.028911 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] result = command(*args, **options) > [Mon Nov 11 14:32:27.028918 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 471, in > __call__ > [Mon Nov 11 14:32:27.028926 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] return self.__do_call(*args, **options) > [Mon Nov 11 14:32:27.028933 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 499, in > __do_call > [Mon Nov 11 14:32:27.028940 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] ret = self.run(*args, **options) > [Mon Nov 11 14:32:27.028947 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 816, in > run > [Mon Nov 11 14:32:27.028959 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] return self.execute(*args, **options) > [Mon Nov 11 14:32:27.028968 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib/python3.9/site-packages/ipaserver/plugins/server.py", line > 948, in execute > [Mon Nov 11 14:32:27.028975 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] ret, stdout, _stderr = > server.conncheck(keys[-1]) > [Mon Nov 11 14:32:27.028984 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib64/python3.9/site-packages/dbus/proxies.py", line 72, in > __call__ > [Mon Nov 11 14:32:27.028993 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] return self._proxy_method(*args, > **keywords) > [Mon Nov 11 14:32:27.029001 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib64/python3.9/site-packages/dbus/proxies.py", line 141, in > __call__ > [Mon Nov 11 14:32:27.029010 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] return > self._connection.call_blocking(self._named_service, > [Mon Nov 11 14:32:27.029017 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] File > "/usr/lib64/python3.9/site-packages/dbus/connection.py", line 652, in > call_blocking > [Mon Nov 11 14:32:27.029024 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] reply_message = > self.send_message_with_reply_and_block( > [Mon Nov 11 14:32:27.029033 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] dbus.exceptions.DBusException: > org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible > causes include: the remote application did not send a reply, the > message bus security policy blocked the reply, the reply timeout > expired, or the network connection was broken. > [Mon Nov 11 14:32:27.029303 2024] [wsgi:error] [pid 343140:tid 343385] > [remote 10.128.0.52:48930] ipa: INFO: [jsonserver_session] > asafonov@INT: server_conncheck('qb-mum-vm01.int', 'gcp-nas-vm01.int', > version='2.162'): InternalError > > > Any ideas what is causing that problem ? >
The connection checker isn't perfect. Have you tried --skip-conncheck when installing a replica? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
