Hi Petr
On Fri, Nov 7, 2014 at 6:19 PM, Petr Spacek <[email protected]> wrote: > On 7.11.2014 14:08, Traiano Welcome wrote: >> Hi List >> >> I'm trying to configure a replica for a primary freeipa IdM server >> (both CentOS 7, AD trusts configured on primary), but "ipa-replica-install" >> fails with the following error: >> -- >> ipa-replica-install -d --setup-ca --setup-dns --no-forwarders >> /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg >> . >> . >> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use >> IP network address >> . >> . >> -- >> >> For context, here is the full output from the replica-install command (I've >> attached the full debug output): >> >> --- >> [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns >> --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg >> WARNING: conflicting time&date synchronization service 'chronyd' will >> be disabled in favor of ntpd >> >> Directory Manager (existing master) password: >> >> Run connection check to master >> Check connection from replica to remote master 'lolpr-idm-mstr.idm.local': >> Directory Service: Unsecure port (389): OK >> Directory Service: Secure port (636): OK >> Kerberos KDC: TCP (88): OK >> Kerberos Kpasswd: TCP (464): OK >> HTTP Server: Unsecure port (80): OK >> HTTP Server: Secure port (443): OK >> >> The following list of ports use UDP protocol and would need to be >> checked manually: >> Kerberos KDC: UDP (88): SKIPPED >> Kerberos Kpasswd: UDP (464): SKIPPED >> >> Connection from replica to master is OK. >> Start listening on required ports for remote master check >> Get credentials to log in to remote master >> [email protected] password: >> >> Check SSH connection to remote master >> Execute check on remote master >> Check connection from master to remote replica 'lolpr-idm-slve.idm.local': >> Directory Service: Unsecure port (389): OK >> Directory Service: Secure port (636): OK >> Kerberos KDC: TCP (88): OK >> Kerberos KDC: UDP (88): OK >> Kerberos Kpasswd: TCP (464): OK >> Kerberos Kpasswd: UDP (464): OK >> HTTP Server: Unsecure port (80): OK >> HTTP Server: Secure port (443): OK >> >> Connection from master to replica is OK. >> >> Connection check OK >> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use >> IP network address >> [root@lolpr-idm-slve ipa]# >> >> --- >> >> Some things I've tested: >> >> 1. disable selinux (followed by reboot) - no change >> 2. disable IPv6 (followed by reboot) - no change >> >> DNS resolution and IP checks seem fine: >> --- >> >> [root@lolpr-idm-slve install]# hostname >> lolpr-idm-slve.idm.local >> >> >> [root@lolpr-idm-slve install]# ifconfig >> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet 172.16.100.222 netmask 255.255.255.255 broadcast >> 172.16.100.222 > > This is the cause: IP address on ens192 interface is 172.16.100.222/32. > > What is your environment? Is it some kind of weird container? > > Is it even valid configuration? :-) I don't recall any use case for 32-bit > netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point > to point links. > AFAIK, a /32 netmask designates a single address. Should be valid, although I'm not sure how IPA's installutils.py handles that. ipcalc says: ---- root@lol-dev:/opt/automation# ipcalc 172.16.100.222/32 Address: 172.16.100.222 10101100.00010000.01100100.11011110 Netmask: 255.255.255.255 = 32 11111111.11111111.11111111.11111111 Wildcard: 0.0.0.0 00000000.00000000.00000000.00000000 => Hostroute: 172.16.100.222 10101100.00010000.01100100.11011110 Hosts/Net: 1 Class B, Private Internet ---- Nice reference, seems to confirm this is a single host: http://www.oav.net/mirrors/cidr.html > Petr^2 Spacek > >> ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet) >> RX packets 17964 bytes 1705674 (1.6 MiB) >> RX errors 0 dropped 10 overruns 0 frame 0 >> TX packets 3772 bytes 595134 (581.1 KiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> -- >> >> /etc/hosts looks like this: >> >> -- >> 127.0.0.1 localhost localhost.localdomain localhost4 >> localhost4.localdomain4 >> 172.16.100.68 lolpr-idm-mstr.idm.local lolpr-idm-mstr >> 172.16.100.222 lolpr-idm-slve.idm.local lolpr-idm-slve >> 172.16.104.231 loltestdc001.loltestdc.com loltestdc001 >> -- >> >> Host naming, forward and reverse resolution seems fine: >> >> --- >> [root@lolpr-idm-slve install]# >> [root@lolpr-idm-slve install]# host `hostname` >> lolpr-idm-slve.idm.local has address 172.16.100.222 >> [root@lolpr-idm-slve install]# >> [root@lolpr-idm-slve install]# host `hostname`^C >> [root@lolpr-idm-slve install]# host `hostname`| cut -d " " -f 4| xargs >> -Iname host name >> 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local. >> [root@lolpr-idm-slve install]# >> --- >> >> I'd be thankful if anyone could shed a light on why this error is happening >> and point me in the direction of a fix. >> >> Kind Regards, >> Traiano >> >> >> > > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
