[Freeipa-users] ipa-replica-install - DatabaseError: Server is unwilling to perform
so its a fresh CentOS 7 box, i installed the "master" ok but getting replicas done is pitching me fits... any ideas? ipa-client-install --domain=optimcloud.com --realm=OPTIMCLOUD.COM --force-join Skip ipa2.optimcloud.com: LDAP server is not responding, unable to verify if this is an IPA server Discovery was successful! Client hostname: ipa2.optimcloud.com Realm: OPTIMCLOUD.COM DNS Domain: optimcloud.com IPA Server: ipa3.optimcloud.com BaseDN: dc=optimcloud,dc=com Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: admin Password for ad...@optimcloud.com: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=OPTIMCLOUD.COM Issuer: CN=Certificate Authority,O=OPTIMCLOUD.COM Valid From: 2017-11-08 09:51:27 Valid Until: 2037-11-08 09:51:27 Enrolled in IPA realm OPTIMCLOUD.COM Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm OPTIMCLOUD.COM trying https://ipa3.optimcloud.com/ipa/json [try 1]: Forwarding 'ping' to json server 'https://ipa3.optimcloud.com/ipa/json' [try 1]: Forwarding 'ca_is_enabled' to json server 'https://ipa3.optimcloud.com/ipa/json' Systemwide CA database updated. Hostname (ipa2.optimcloud.com) does not have A/ record. Missing A/ record(s) for host ipa2.optimcloud.com: 148.251.24.3. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub [try 1]: Forwarding 'host_mod' to json server 'https://ipa3.optimcloud.com/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring optimcloud.com as NIS domain. Client configuration complete. The ipa-client-install command was successful [root@ipa2 ~]# ipa-replica-install --skip-conncheck --setup-dns --no-forwarders ipa : ERRORReverse DNS resolution of address 148.251.24.3 (ipa2.optimcloud.com) failed. Clients may not function properly. Please che ck your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) Continue? [no]: yes Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 30 seconds [1/40]: creating directory server instance [2/40]: enabling ldapi [3/40]: configure autobind for root [4/40]: stopping directory server [5/40]: updating configuration in dse.ldif [6/40]: starting directory server [7/40]: adding default schema [8/40]: enabling memberof plugin [9/40]: enabling winsync plugin [10/40]: configuring replication version plugin [11/40]: enabling IPA enrollment plugin [12/40]: configuring uniqueness plugin [13/40]: configuring uuid plugin [14/40]: configuring modrdn plugin [15/40]: configuring DNS plugin [16/40]: enabling entryUSN plugin [17/40]: configuring lockout plugin [18/40]: configuring topology plugin [19/40]: creating indices [20/40]: enabling referential integrity plugin [21/40]: configuring certmap.conf [22/40]: configure new location for managed entries [23/40]: configure dirsrv ccache [24/40]: enabling SASL mapping fallback [25/40]: restarting directory server [26/40]: creating DS keytab [27/40]: setting up initial replication [error] DatabaseError: Server is unwilling to perform: Entry is managed by topology plugin. Adding of entry not allowed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERRORServer is unwilling to perform: Entry is managed by topology plugin. Adding of entry not allowed. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERRORThe ipa-replica-install command failed. See /var/log/ipareplica-inst all.log for more information ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: AWS FreeIPA install killed ?
Ive actually got it deployed on a 4gb instance now. though how to do this properly with an internal ip different from the external.. somehow its kinda not right On Mon, Aug 28, 2017 at 4:54 PM, Felipe Barreto Volpone wrote: > You can check here the hardware recommendations: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#server-hw-recomendations > > > On Mon, Aug 28, 2017 at 1:35 AM, Fraser Tweedale via FreeIPA-users > wrote: >> >> On Sun, Aug 27, 2017 at 07:13:50AM -0400, Outback Dingo via FreeIPA-users >> wrote: >> > Done configuring directory server (dirsrv). >> > Configuring Kerberos KDC (krb5kdc) >> > [1/10]: adding kerberos container to the directory >> > [2/10]: configuring KDC >> > [3/10]: initialize kerberos container >> > [4/10]: adding default ACIs >> > [5/10]: creating a keytab for the directory >> > [6/10]: creating a keytab for the machine >> > [7/10]: adding the password extension to the directory >> > [8/10]: creating anonymous principal >> > [9/10]: starting the KDC >> > [10/10]: configuring KDC to start on boot >> > Done configuring Kerberos KDC (krb5kdc). >> > Configuring kadmin >> > [1/2]: starting kadmin >> > [2/2]: configuring kadmin to start on boot >> > Done configuring kadmin. >> > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >> > [1/29]: configuring certificate server instance >> > [2/29]: exporting Dogtag certificate store pin >> > [3/29]: stopping certificate server instance to update CS.cfg >> > [4/29]: backing up CS.cfg >> > [5/29]: disabling nonces >> > [6/29]: set up CRL publishing >> > [7/29]: enable PKIX certificate path discovery and validation >> > [8/29]: starting certificate server instance >> > [9/29]: configure certmonger for renewals >> > [10/29]: requesting RA certificate from CA >> > Killed >> > >> Could it be killed due to out of memory? How much memory does the >> instance have? >> >> Cheers, >> Fraser >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] AWS FreeIPA install killed ?
Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc) [1/10]: adding kerberos container to the directory [2/10]: configuring KDC [3/10]: initialize kerberos container [4/10]: adding default ACIs [5/10]: creating a keytab for the directory [6/10]: creating a keytab for the machine [7/10]: adding the password extension to the directory [8/10]: creating anonymous principal [9/10]: starting the KDC [10/10]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [1/29]: configuring certificate server instance [2/29]: exporting Dogtag certificate store pin [3/29]: stopping certificate server instance to update CS.cfg [4/29]: backing up CS.cfg [5/29]: disabling nonces [6/29]: set up CRL publishing [7/29]: enable PKIX certificate path discovery and validation [8/29]: starting certificate server instance [9/29]: configure certmonger for renewals [10/29]: requesting RA certificate from CA Killed ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] No FreeIPA on AWS / Red Hat Enterprise Linux 7.4
Red Hat Enterprise Linux 7.4 (HVM), SSD Volume Type - ami-c998b6b2 Red Hat Enterprise Linux version 7.4 (HVM), EBS General Purpose (SSD) Volume Type yum install ipa-server bind-dyndb-ldap Loaded plugins: priorities, update-motd, upgrade-helper 1054 packages excluded due to repository priority protections No package ipa-server available. No package bind-dyndb-ldap available. Error: Nothing to do what gives ? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org