Am 27.10.2016 um 10:21 schrieb Martin Basti: > > > > On 27.10.2016 10:02, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 17:31 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 17:25, Jochen Demmer wrote: >>>> >>>> >>>> Am 26.10.2016 um 16:48 schrieb Martin Basti: >>>>> >>>>> >>>>> >>>>> On 26.10.2016 16:42, Jochen Demmer wrote: >>>>>> >>>>>> >>>>>> Am 26.10.2016 um 16:27 schrieb Martin Basti: >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 26.10.2016 16:10, Jochen Demmer wrote: >>>>>>>> Hi, >>>>>>>> >>>>>>>> my answers also inline. >>>>>>>> >>>>>>>> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>>>>>>>> >>>>>>>>> Hi, comments inline >>>>>>>>> >>>>>>>>> >>>>>>>>> On 26.10.2016 14:28, Jochen Demmer wrote: >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I've been running and using a single FreeIPA server >>>>>>>>>> successfully, i.e.: >>>>>>>>>> Fedora 24 >>>>>>>>>> freeipa-server-4.3.2-2.fc24.x86_64 >>>>>>>>>> This server is only available via IPv6, because I can't get >>>>>>>>>> public lPv4 addresses no more. >>>>>>>>>> >>>>>>>>>> Now I want to setup a FreeIPA replica at another site also >>>>>>>>>> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 >>>>>>>>>> First I run "ipa-client-install" which succeeds without an error. >>>>>>>>>> When I invoke "ipa-replica-install" I get this error: >>>>>>>>>> ipa : ERROR Could not resolve hostname >>>>>>>>>> *hostname.mydoma.in* using DNS. Clients may not function >>>>>>>>>> properly. Please check your DNS setup. (Note that this check >>>>>>>>>> queries IPA DNS directly and ignores /etc/hosts.) >>>>>>>>>> LOG: >>>>>>>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server >>>>>>>>>> *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', >>>>>>>>>> '2a01:f11:1:1::1']) for *hostname.mydoma.in* >>>>>>>>> >>>>>>>>> Can you check with dig or host command if the hostname is >>>>>>>>> really resolvable on that machine? do you have proper resolver >>>>>>>>> in /etc/resolv.conf? >>>>>>>> There is a resolver given in /etc/resolv.conf. When I do "host >>>>>>>> <<hostname.mydoma.in>>" I get the right IPv6 back. >>>>>>> That is weird because IPA is doing basically the same. >>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> *hostname.mydoma.in* is actually the DNS entry for the old >>>>>>>>>> FreeIPA server, which actually resolves, but only to an IPv6 >>>>>>>>>> address of course. >>>>>>>>>> I can continue the installation though by entering "yes". >>>>>>>>>> >>>>>>>>>> I then get asked: >>>>>>>>>> Enter the IP address to use, or press Enter to finish. >>>>>>>>>> Please provide the IP address to be used for this host name: >>>>>>>>>> >>>>>>>>>> When I enter the IPv6 address of the new replica host it >>>>>>>>>> doesn't accept but infinitely asks this question instead. >>>>>>>>> >>>>>>>>> Have you pressed enter twice? It should end prompt and >>>>>>>>> continue with installation >>>>>>>> Enter without an IP -> No usable IP address provided nor resolved. >>>>>>>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 >>>>>>>> cannot use IP network address 2a02:1:2:3::4 >>>>>>> >>>>>>> How do you have configured IP address on your interface? Does it >>>>>>> have prefix /128? >>>>>> Yes, that's right. It's an IP being assigned statefully by a >>>>>> DHCPv6 server. >>>>>> There is also another dynamic IP within the same prefix having >>>>>> /64. I don't want to use this one of course, because its IID changes. >>>>>> >>>>> Could you set (temporarily) prefix for that address to /64 and >>>>> re-run installer? IPA 4.3 has check that prevents you to use /128 >>>>> prefix >>>> Well now I don't even get asked for the IP. The setup wizard >>>> continues, but I now get this error: >>>> >>>> [27/43]: restarting directory server >>>> ipa : CRITICAL Failed to restart the directory server >>>> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >>>> non-zero exit status 1). See the installation log for details. >>>> [28/43]: setting up initial replication >>>> [error] error: [Errno 111] Connection refused >>>> >>>> LOG: >>>> 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 >>>> 2016-10-26T15:14:46Z DEBUG stdout= >>>> 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service >>>> failed because the control process exited with error code. See >>>> "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for >>>> details. >>>> 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory >>>> server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' >>>> returned non-zero exit status 1). See the installation log for details. >>>> 2016-10-26T15:14:46Z DEBUG duration: 1 seconds >>>> 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication >>>> 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): >>>> >>>> When I try to restart manually with, "/bin/systemctl restart >>>> dirsrv@MY-REALM.service" >>>> this is what systemd logs: >>>> https://paste.fedoraproject.org/461439/raw/ >>>> >>>> >>> >>> Could you please check /var/log/dirsrv/slapd-*/errors there might >>> be more details. >>> >>> Did you reused an old IPA server for this installation? >>> >>> Martin >> This is what the logfile says: >> https://paste.fedoraproject.org/461685/raw/ >> >> I tried to install this server as a replica a couple of times, but I >> even reinstalled all of the software and I keep using >> ipa-client-install --uninstall and >> ipa-server-install --uninstall > > It looks that DS database is somehow corrupted, is possible that there > might be some leftovers from previous installations > > start: Failed to start databases, err=-1 BDB0092 Unknown error: -1 > > I'm not sure what that error means, maybe DS guys will know > > Can you run server uninstall twice? It should remove all leftovers, > and then check /var/lib/dirsrv/ if there are any slapd-* directories, > if yes please remove them > > Martin I uninstalled freeipa-*, deleted /etc/dirsrv and /var/lib/dirsrv, rebooted, reinstalled and ran into the exact same problem. > >>> >>>>> >>>>> >>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Honestly, I can't see what I might have done wrong. >>>>>>>>>> Old FreeIPA has hostname is in sync forward and reverse record. >>>>>>>>>> New FreeIPA host as well has hostname that symmetrically >>>>>>>>>> resolves, even though the hostname is using another second >>>>>>>>>> level domain. >>>>>>>>>> >>>>>>>>>> Any hints? >>>>>>>>>> Jochen Demmer >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> Martin >>>>>>>> Jochen >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
0x54A5283E.asc
Description: application/pgp-keys
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project