On Thu, 2011-12-15 at 21:02 +0100, Ondrej Hamada wrote: > On 12/14/2011 06:58 PM, Dmitri Pal wrote: > > On 12/14/2011 11:04 AM, Mercer, Rodney wrote: > >> I've been attempting to install the virtual machine setup from > >> http://freeipa.org/page/FreeIPA_demonstration_tools > >> > >> I install on fresh Fedora 15 x86_64 host, and I am able to complete the > >> first two steps. > >> > >> When I run the last script, > >> ./ipa-demo.sh > >> I get from the ipa-demo-<date>.log > >> ---- > >> CRITICAL:root:failed to configure ca instance > >> ---- > >> and later in the log: > >> ---- > >> Warning: skipping DNS resolution of host master.example.com > >> The IPA Master Server will be configured with > >> Hostname: master.example.com > >> IP address: 192.168.122.32 > >> Domain name: example.com > >> ---- > >> and > >> ---- > >> Configuring certificate server: Estimated time 3 minutes 30 seconds > >> [1/17]: creating certificate server user > >> [2/17]: creating pki-ca instance > >> [3/17]: configuring certificate server instance > >> Unexpected error - see ipaserver-install.log for details: > >> Configuration of CA failed > >> Server installation failed! > >> Domain f15-ipa-server destroyed > >> > >> Domain f15-ipa-server has been undefined > >> ---- > >> > >> I see the dhcp address changing for master.example.com each time the > >> script is run. > >> Is there a requirement for making the dhcp address consistent for > >> master.example.com > >> and having the address in /etc/hosts so that it can reverse resolve via > >> dnsmasq? > >> > >> Or does the DNS resolution of ip to host have any bearing on the > >> certificate creation as I suspect? > >> > >> > > Consistent name resolution is a requirement for IPA. > > Ondrej, can you please take a closer look and see if this is something > > with the demo scripts or IPA itself? > I don't see a problem in scripts. When the virtual machines are created > by ipa-demo, they acquire addresses from dhcp, then - before > installation of freeipa - they're configured to use static addresses(the > currently assigned ip address is chosen) and also the records are added > into /etc/hosts. > > I wasn't able to reproduce the problem on clean f15 x64, the > installation was successful, but few errors like this one appeared: > > ERROR:root:certmonger failed starting to track certificate: Command > '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert > -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 > root : ERROR certmonger failed starting to track certificate: > Command '/usr/bin/ipa-getcert start-tracking -d /etc/httpd/alias -n > Server-Cert -p /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 1 > WARNING:root:remove: '60' not in nsslapd-pluginPrecedence > > Hmmm, that's odd. I'm currently trying to force mine to work. I've attempted several times with clean installs and no modifications both on a workstation and laptop. I think I will take the laptop home and start over from my home network. Maybe our work dns servers are causing an issue.
In the meantime, I am attempting to make the installation work on my work network with the following libvirt modifications. /var/lib/libvirt/dnsmasq/default.hostsfile fe:54:00:8e:72:76,192.168.122.45,master.example.com fe:54:00:8e:72:77,192.168.122.46,ipa-client1.example.com fe:54:00:8e:72:78,192.168.122.47,ipa-client2.example.com # virsh -c qemu:///system net-destroy default # virsh -c qemu:///system net-edit default <network> <name>default</name> <uuid>9c90ded8-3ed6-4200-98e9-5c668bcdc7cd</uuid> <forward mode='nat'/> <bridge name='virbr0' stp='on' delay='0' /> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <host mac='fe:54:00:8e:72:76' name='master.example.com' ip='192.168.122.45' /> <host mac='fe:54:00:8e:72:77' name='ipa-client1.example.com' ip='192.168.122.46' /> <host mac='fe:54:00:8e:72:78' name='ipa-client2.example.com' ip='192.168.122.47' /> </dhcp> </ip> </network> # virsh -c qemu:///system net-start default -- Rodney Mercer Systems Administrator _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users