Bob Hinton wrote:
Hello,
I'm using Puppet to try to install ipa masters and replicas. I can
generally get this to work on Vagrant VMs, but on the target VMs the
server part succeeds until it attempts to install the ipa client and
then this fails (please see extracts of logs below).
The /etc/ipa/nssdb directory is left empty. On a replica I can copy this
from the master along with /etc/openldap/ldap.conf and the client works
(apart from mkhomedir) when sssd is started. Should /etc/ipa/nssdb be
populated on the master at this stage of the installation and, if so,
then why isn't this happening? Selinux is enabled on the target VMs, but
presumably this isn't an issue.
Many thanks
Bob Hinton
trying https://ipa001.jackland.co.uk/ipa/json
Forwarding 'ping' to json server 'https://ipa001.jackland.co.uk/ipa/json'
Cannot connect to the server due to generic error: cannot connect to
'https://ipa001.jackland.co.uk/ipa/json': Internal Server Error
Installation failed. As this is IPA server, changes will not be rolled back.
2015-05-28T11:41:25Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 646, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 1292, in main
sys.exit("Configuration of client side components
failed!\nipa-client-install returned: " + str(e))
2015-05-28T11:41:25Z DEBUG The ipa-server-install command failed,
exception: SystemExit: Configuration of client side components failed!
ipa-client-install returned: Command ''/usr/sbin/ipa-client-install'
'--on-master' '--unattended' '--domain' 'jackland.co.uk' '--server'
'ipa001.jackland.co.uk' '--realm' 'JACKLAND.CO.UK' '--hostname'
'ipa001.jackland.co.uk' '--mkhomedir'' returned non-zero exit status 1
[root@ipa001 log]#
3d:a7:7b:d1:a6:45:b5:9d:d0:00:3e:34:de:b4:7f:0c:
37:0d:fa:1b:bb:32:2c:4b:13:35:b3:98:df:d9:62:8a:
97:3b:54:df:fb:46:f0:29:ea:c1:3d:9d:cf:f8:f8:2d:
c7:3d:c0:50:7d:6d:3f:71:ad:fb:0a:74:ef:e5:eb:c0:
12:7c:96:b3:b0:da:bb:65:f9:a6:33:9f:82:af:99:ee:
50:34:44:84:0f:0e:5f:2a:67:84:b3:cc:5f:95:8c:1a
Fingerprint (MD5):
c3:db:00:21:a0:57:a0:d3:a4:31:a8:80:e2:9b:cb:c1
Fingerprint (SHA1):
77:2f:9f:2a:74:3e:62:09:b9:37:70:a3:74:99:5a:a0:
d5:4a:37:ed
2015-05-28T11:41:25Z DEBUG approved_usage = SSL Server intended_usage =
SSL Server
2015-05-28T11:41:25Z DEBUG cert valid True for
"CN=ipa001.jackland.co.uk,O=JACKLAND.CO.UK"
2015-05-28T11:41:25Z DEBUG handshake complete, peer = 10.220.4.250:443
2015-05-28T11:41:25Z DEBUG Protocol: TLS1.1
2015-05-28T11:41:25Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
2015-05-28T11:41:25Z ERROR Cannot connect to the server due to generic
error: cannot connect to 'https://ipa001.jackland.co.uk/ipa/json':
Internal Server Error
2015-05-28T11:41:25Z WARNING Installation failed. As this is IPA server,
changes will not be rolled back.
You'd want to check httpd error logs on the server ipa001 to see what
the error is about.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
