On 7.11.2014 14:08, Traiano Welcome wrote: > Hi List > > I'm trying to configure a replica for a primary freeipa IdM server > (both CentOS 7, AD trusts configured on primary), but "ipa-replica-install" > fails with the following error: > -- > ipa-replica-install -d --setup-ca --setup-dns --no-forwarders > /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg > . > . > Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use > IP network address > . > . > -- > > For context, here is the full output from the replica-install command (I've > attached the full debug output): > > --- > [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns > --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg > WARNING: conflicting time&date synchronization service 'chronyd' will > be disabled in favor of ntpd > > Directory Manager (existing master) password: > > Run connection check to master > Check connection from replica to remote master 'lolpr-idm-mstr.idm.local': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos Kpasswd: TCP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > The following list of ports use UDP protocol and would need to be > checked manually: > Kerberos KDC: UDP (88): SKIPPED > Kerberos Kpasswd: UDP (464): SKIPPED > > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > [email protected] password: > > Check SSH connection to remote master > Execute check on remote master > Check connection from master to remote replica 'lolpr-idm-slve.idm.local': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos KDC: UDP (88): OK > Kerberos Kpasswd: TCP (464): OK > Kerberos Kpasswd: UDP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > Connection from master to replica is OK. > > Connection check OK > Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use > IP network address > [root@lolpr-idm-slve ipa]# > > --- > > Some things I've tested: > > 1. disable selinux (followed by reboot) - no change > 2. disable IPv6 (followed by reboot) - no change > > DNS resolution and IP checks seem fine: > --- > > [root@lolpr-idm-slve install]# hostname > lolpr-idm-slve.idm.local > > > [root@lolpr-idm-slve install]# ifconfig > ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.16.100.222 netmask 255.255.255.255 broadcast > 172.16.100.222
This is the cause: IP address on ens192 interface is 172.16.100.222/32. What is your environment? Is it some kind of weird container? Is it even valid configuration? :-) I don't recall any use case for 32-bit netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point to point links. Petr^2 Spacek > ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet) > RX packets 17964 bytes 1705674 (1.6 MiB) > RX errors 0 dropped 10 overruns 0 frame 0 > TX packets 3772 bytes 595134 (581.1 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > -- > > /etc/hosts looks like this: > > -- > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 > 172.16.100.68 lolpr-idm-mstr.idm.local lolpr-idm-mstr > 172.16.100.222 lolpr-idm-slve.idm.local lolpr-idm-slve > 172.16.104.231 loltestdc001.loltestdc.com loltestdc001 > -- > > Host naming, forward and reverse resolution seems fine: > > --- > [root@lolpr-idm-slve install]# > [root@lolpr-idm-slve install]# host `hostname` > lolpr-idm-slve.idm.local has address 172.16.100.222 > [root@lolpr-idm-slve install]# > [root@lolpr-idm-slve install]# host `hostname`^C > [root@lolpr-idm-slve install]# host `hostname`| cut -d " " -f 4| xargs > -Iname host name > 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local. > [root@lolpr-idm-slve install]# > --- > > I'd be thankful if anyone could shed a light on why this error is happening > and point me in the direction of a fix. > > Kind Regards, > Traiano > > > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
