On 7.11.2014 14:08, Traiano Welcome wrote:
> Hi List
> 
> I'm trying to configure a replica for a primary freeipa IdM server
> (both CentOS 7, AD trusts configured on primary), but "ipa-replica-install"
> fails with the following error:
> --
>  ipa-replica-install -d  --setup-ca --setup-dns --no-forwarders
> /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
> .
> .
> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
> IP network address
> .
> .
> --
> 
> For context, here is the full output from the replica-install command (I've
> attached the full debug output):
> 
> ---
> [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns
> --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
> WARNING: conflicting time&date synchronization service 'chronyd' will
> be disabled in favor of ntpd
> 
> Directory Manager (existing master) password:
> 
> Run connection check to master
> Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
>    Directory Service: Unsecure port (389): OK
>    Directory Service: Secure port (636): OK
>    Kerberos KDC: TCP (88): OK
>    Kerberos Kpasswd: TCP (464): OK
>    HTTP Server: Unsecure port (80): OK
>    HTTP Server: Secure port (443): OK
> 
> The following list of ports use UDP protocol and would need to be
> checked manually:
>    Kerberos KDC: UDP (88): SKIPPED
>    Kerberos Kpasswd: UDP (464): SKIPPED
> 
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> admin@IDM.LOCAL password:
> 
> Check SSH connection to remote master
> Execute check on remote master
> Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
>    Directory Service: Unsecure port (389): OK
>    Directory Service: Secure port (636): OK
>    Kerberos KDC: TCP (88): OK
>    Kerberos KDC: UDP (88): OK
>    Kerberos Kpasswd: TCP (464): OK
>    Kerberos Kpasswd: UDP (464): OK
>    HTTP Server: Unsecure port (80): OK
>    HTTP Server: Secure port (443): OK
> 
> Connection from master to replica is OK.
> 
> Connection check OK
> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
> IP network address
> [root@lolpr-idm-slve ipa]#
> 
> ---
> 
> Some things I've tested:
> 
> 1. disable  selinux (followed by reboot) - no change
> 2. disable IPv6 (followed by reboot) - no change
> 
> DNS resolution and IP checks seem fine:
> ---
> 
> [root@lolpr-idm-slve install]# hostname
> lolpr-idm-slve.idm.local
> 
> 
> [root@lolpr-idm-slve install]# ifconfig
> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         inet 172.16.100.222  netmask 255.255.255.255  broadcast
> 172.16.100.222

This is the cause: IP address on ens192 interface is 172.16.100.222/32.

What is your environment? Is it some kind of weird container?

Is it even valid configuration? :-) I don't recall any use case for 32-bit
netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point
to point links.

Petr^2 Spacek

>         ether 00:50:56:9c:1e:60  txqueuelen 1000  (Ethernet)
>         RX packets 17964  bytes 1705674 (1.6 MiB)
>         RX errors 0  dropped 10  overruns 0  frame 0
>         TX packets 3772  bytes 595134 (581.1 KiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> --
> 
> /etc/hosts looks like this:
> 
> --
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> 172.16.100.68   lolpr-idm-mstr.idm.local        lolpr-idm-mstr
> 172.16.100.222  lolpr-idm-slve.idm.local        lolpr-idm-slve
> 172.16.104.231  loltestdc001.loltestdc.com      loltestdc001
> --
> 
> Host naming, forward and reverse resolution seems fine:
> 
> ---
> [root@lolpr-idm-slve install]#
> [root@lolpr-idm-slve install]# host `hostname`
> lolpr-idm-slve.idm.local has address 172.16.100.222
> [root@lolpr-idm-slve install]#
> [root@lolpr-idm-slve install]# host `hostname`^C
> [root@lolpr-idm-slve install]# host `hostname`| cut -d " " -f  4| xargs
> -Iname host name
> 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local.
> [root@lolpr-idm-slve install]#
> ---
> 
> I'd be thankful if anyone could shed a light on why this error is happening
> and point me in the direction of a fix.
> 
> Kind Regards,
> Traiano
> 
> 
> 


-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to