Sorry cobber. We only found 6766 today - we've been tackling it on and off for a couple of weeks :)
------ "Mission Statement: To provide hope and inspiration for collective action, to build collective power, to achieve collective transformation, rooted in grief and rage but pointed towards vision and dreams." - Patrice Cullors, *Black Lives Matter founder* On 18 May 2017 at 19:53, Callum Guy <callum....@x-on.co.uk> wrote: > Ah, thanks for that Lachlan - its always reassuring to hear that its not > just me! > > As mentioned above I have it running without the CA so that's a good > start. I am sure we will upgrade as well once 4.5 becomes stable and GA for > CentOS. I'm not expecting that to happen quickly so will have to work with > what we have for now. > > Do you happen to know if there is any way to build the CA component > separately? > > On Thu, May 18, 2017 at 10:38 AM Lachlan Musicman <data...@gmail.com> > wrote: > >> https://pagure.io/freeipa/issue/6766 >> >> 4.5.1 - I stand corrected. Can add more tomorrow. >> >> ------ >> "Mission Statement: To provide hope and inspiration for collective >> action, to build collective power, to achieve collective transformation, >> rooted in grief and rage but pointed towards vision and dreams." >> >> - Patrice Cullors, *Black Lives Matter founder* >> >> On 18 May 2017 at 19:34, Lachlan Musicman <data...@gmail.com> wrote: >> >>> We are seeing this. I'm not at work, but I think it's bug report 6766. >>> >>> Patch has already been committed (bot by us), we're waiting for IPA 4.5. >>> >>> cheers >>> L. >>> >>> ------ >>> "Mission Statement: To provide hope and inspiration for collective >>> action, to build collective power, to achieve collective transformation, >>> rooted in grief and rage but pointed towards vision and dreams." >>> >>> - Patrice Cullors, *Black Lives Matter founder* >>> >>> On 18 May 2017 at 18:57, Callum Guy <callum....@x-on.co.uk> wrote: >>> >>>> Hi All, >>>> >>>> I am currently stuck trying to setup the first replica of our master >>>> IPA server. I have tried a number of different approaches including >>>> escalating from a client and nothing is working for me. I perform a full OS >>>> reset each time I get stuck. >>>> >>>> I'm running CentOS 7.2 with the FreeIPA 4.4.0 (rpm -q reports this >>>> version however having performed ipa-server-upgrade - does this mean i'm on >>>> 4.4.4?). >>>> >>>> The command is shown below - note that i am skipping the conn check as >>>> my platforms security settings do not allow the SSH session to be >>>> established back on the master, all ports should be available to the >>>> application however. >>>> >>>> [root@ipa2 ~]# ipa-replica-install --ip-address=172.24.0.101 >>>> --setup-ca --setup-dns --skip-conncheck --no-forwarders SITE.net.gpg >>>> >>>> Directory Manager (existing master) password: >>>> >>>> ipa : ERROR Could not resolve hostname ipa2.SITE.net usis >>>> check queries IPA DNS directly and ignores /etc/hosts.) >>>> Continue? [no]: yes >>>> Configuring NTP daemon (ntpd) >>>> [1/4]: stopping ntpd >>>> [2/4]: writing configuration >>>> [3/4]: configuring ntpd to start on boot >>>> [4/4]: starting ntpd >>>> Done configuring NTP daemon (ntpd). >>>> Configuring directory server (dirsrv). Estimated time: 1 minute >>>> [1/42]: creating directory server user >>>> [2/42]: creating directory server instance >>>> [3/42]: updating configuration in dse.ldif >>>> [4/42]: restarting directory server >>>> [5/42]: adding default schema >>>> [6/42]: enabling memberof plugin >>>> [7/42]: enabling winsync plugin >>>> [8/42]: configuring replication version plugin >>>> [9/42]: enabling IPA enrollment plugin >>>> [10/42]: enabling ldapi >>>> [11/42]: configuring uniqueness plugin >>>> [12/42]: configuring uuid plugin >>>> [13/42]: configuring modrdn plugin >>>> [14/42]: configuring DNS plugin >>>> [15/42]: enabling entryUSN plugin >>>> [16/42]: configuring lockout plugin >>>> [17/42]: configuring topology plugin >>>> [18/42]: creating indices >>>> [19/42]: enabling referential integrity plugin >>>> [20/42]: configuring ssl for ds instance >>>> [21/42]: configuring certmap.conf >>>> [22/42]: configure autobind for root >>>> [23/42]: configure new location for managed entries >>>> [24/42]: configure dirsrv ccache >>>> [25/42]: enabling SASL mapping fallback >>>> [26/42]: restarting directory server >>>> [27/42]: setting up initial replication >>>> Starting replication, please wait until this has completed. >>>> Update in progress, 4 seconds elapsed >>>> Update succeeded >>>> >>>> [28/42]: adding sasl mappings to the directory >>>> [29/42]: updating schema >>>> [30/42]: setting Auto Member configuration >>>> [31/42]: enabling S4U2Proxy delegation >>>> [32/42]: importing CA certificates from LDAP >>>> [33/42]: initializing group membership >>>> [34/42]: adding master entry >>>> [35/42]: initializing domain level >>>> [36/42]: configuring Posix uid/gid generation >>>> [37/42]: adding replication acis >>>> [38/42]: enabling compatibility plugin >>>> [39/42]: activating sidgen plugin >>>> [40/42]: activating extdom plugin >>>> [41/42]: tuning directory server >>>> [42/42]: configuring directory to start on boot >>>> Done configuring directory server (dirsrv). >>>> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >>>> 30 seconds >>>> [1/27]: creating certificate server user >>>> [2/27]: configuring certificate server instance >>>> [3/27]: stopping certificate server instance to update CS.cfg >>>> [4/27]: backing up CS.cfg >>>> [5/27]: disabling nonces >>>> [6/27]: set up CRL publishing >>>> [7/27]: enable PKIX certificate path discovery and validation >>>> [8/27]: starting certificate server instance >>>> >>>> And here is stays and refuses to move on. The ipareplica-install.log >>>> log reports: >>>> 2017-05-18T08:40:07Z DEBUG wait_for_open_ports: localhost [8080, 8443] >>>> timeout 300 >>>> 2017-05-18T08:40:09Z DEBUG Waiting until the CA is running >>>> 2017-05-18T08:40:09Z DEBUG request POST http://ipa2.SITE.net:8080/ca/ >>>> admin/ca/getStatus >>>> 2017-05-18T08:40:09Z DEBUG request body '' >>>> >>>> I have tried and that port is indeed inaccessible but I can't establish >>>> a way to progress this issue from any of the the other log files. Also I >>>> have seen in the 4.4.4 release notes that IPv6 being disabled on the master >>>> can cause issues, re-enabling (at least in /etc/hosts) did not seem to >>>> help. >>>> >>>> If anyone is able to offer ideas that would be very much appreciated. I >>>> am tempted to remove the --setup-ca option to see if this helps. >>>> >>>> Thanks, >>>> >>>> Callum >>>> >>>> >>>> >>>> *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** >>>> <https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel> >>>> <https://twitter.com/xonuk> * >>>> X-on is a trading name of Storacall Technology Ltd a limited company >>>> registered in England and Wales. >>>> Registered Office : Avaland House, 110 London Road, Apsley, Hemel >>>> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. >>>> The information in this e-mail is confidential and for use by the >>>> addressee(s) only. If you are not the intended recipient, please notify >>>> X-on immediately on +44(0)333 332 0000 <+44%20333%20332%200000> and >>>> delete the >>>> message from your computer. If you are not a named addressee you must >>>> not use, disclose, disseminate, distribute, copy, print or reply to this >>>> email. Views or opinions expressed by an individual >>>> within this email may not necessarily reflect the views of X-on or its >>>> associated companies. Although X-on routinely screens for viruses, >>>> addressees should scan this email and any attachments >>>> for viruses. X-on makes no representation or warranty as to the absence >>>> of viruses in this email or any attachments. >>>> >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>> >>> >> > > *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** > <https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel> > <https://twitter.com/xonuk> * > X-on is a trading name of Storacall Technology Ltd a limited company > registered in England and Wales. > Registered Office : Avaland House, 110 London Road, Apsley, Hemel > Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. > The information in this e-mail is confidential and for use by the > addressee(s) only. If you are not the intended recipient, please notify > X-on immediately on +44(0)333 332 0000 <+44%20333%20332%200000> and > delete the > message from your computer. If you are not a named addressee you must not > use, disclose, disseminate, distribute, copy, print or reply to this email. > Views > or opinions expressed by an individual > within this email may not necessarily reflect the views of X-on or its > associated companies. Although X-on routinely screens for viruses, > addressees should scan this email and any attachments > for viruses. X-on makes no representation or warranty as to the absence of > viruses in this email or any attachments. > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
