Am 26.10.2016 um 16:48 schrieb Martin Basti: > > > > On 26.10.2016 16:42, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:27 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:10, Jochen Demmer wrote: >>>> Hi, >>>> >>>> my answers also inline. >>>> >>>> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>>>> >>>>> Hi, comments inline >>>>> >>>>> >>>>> On 26.10.2016 14:28, Jochen Demmer wrote: >>>>>> Hi, >>>>>> >>>>>> I've been running and using a single FreeIPA server successfully, >>>>>> i.e.: >>>>>> Fedora 24 >>>>>> freeipa-server-4.3.2-2.fc24.x86_64 >>>>>> This server is only available via IPv6, because I can't get >>>>>> public lPv4 addresses no more. >>>>>> >>>>>> Now I want to setup a FreeIPA replica at another site also >>>>>> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 >>>>>> First I run "ipa-client-install" which succeeds without an error. >>>>>> When I invoke "ipa-replica-install" I get this error: >>>>>> ipa : ERROR Could not resolve hostname >>>>>> *hostname.mydoma.in* using DNS. Clients may not function >>>>>> properly. Please check your DNS setup. (Note that this check >>>>>> queries IPA DNS directly and ignores /etc/hosts.) >>>>>> LOG: >>>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* >>>>>> (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for >>>>>> *hostname.mydoma.in* >>>>> >>>>> Can you check with dig or host command if the hostname is really >>>>> resolvable on that machine? do you have proper resolver in >>>>> /etc/resolv.conf? >>>> There is a resolver given in /etc/resolv.conf. When I do "host >>>> <<hostname.mydoma.in>>" I get the right IPv6 back. >>> That is weird because IPA is doing basically the same. >>> >>>>> >>>>>> >>>>>> *hostname.mydoma.in* is actually the DNS entry for the old >>>>>> FreeIPA server, which actually resolves, but only to an IPv6 >>>>>> address of course. >>>>>> I can continue the installation though by entering "yes". >>>>>> >>>>>> I then get asked: >>>>>> Enter the IP address to use, or press Enter to finish. >>>>>> Please provide the IP address to be used for this host name: >>>>>> >>>>>> When I enter the IPv6 address of the new replica host it doesn't >>>>>> accept but infinitely asks this question instead. >>>>> >>>>> Have you pressed enter twice? It should end prompt and continue >>>>> with installation >>>> Enter without an IP -> No usable IP address provided nor resolved. >>>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot >>>> use IP network address 2a02:1:2:3::4 >>> >>> How do you have configured IP address on your interface? Does it >>> have prefix /128? >> Yes, that's right. It's an IP being assigned statefully by a DHCPv6 >> server. >> There is also another dynamic IP within the same prefix having /64. I >> don't want to use this one of course, because its IID changes. >> > Could you set (temporarily) prefix for that address to /64 and re-run > installer? IPA 4.3 has check that prevents you to use /128 prefix Well now I don't even get asked for the IP. The setup wizard continues, but I now get this error:
[27/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart [email protected]' returned non-zero exit status 1). See the installation log for details. [28/43]: setting up initial replication [error] error: [Errno 111] Connection refused LOG: 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 2016-10-26T15:14:46Z DEBUG stdout= 2016-10-26T15:14:46Z DEBUG stderr=Job for [email protected] failed because the control process exited with error code. See "systemctl status [email protected]" and "journalctl -xe" for details. 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart [email protected]' returned non-zero exit status 1). See the installation log for details. 2016-10-26T15:14:46Z DEBUG duration: 1 seconds 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): When I try to restart manually with, "/bin/systemctl restart [email protected]" this is what systemd logs: https://paste.fedoraproject.org/461439/raw/ > > >>> >>>>> >>>>>> >>>>>> Honestly, I can't see what I might have done wrong. >>>>>> Old FreeIPA has hostname is in sync forward and reverse record. >>>>>> New FreeIPA host as well has hostname that symmetrically >>>>>> resolves, even though the hostname is using another second level >>>>>> domain. >>>>>> >>>>>> Any hints? >>>>>> Jochen Demmer >>>>>> >>>>>> >>>>> >>>>> Martin >>>> Jochen >>>> >>> >> >
0x54A5283E.asc
Description: application/pgp-keys
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
