[Bug 1853863] Re: freeipa replica crashes near end of basic install
I didn't have a DNS setup, so that part remains untested. Also, Fedora/Redhat is still on opendnssec 1.4.x while Debian (and Ubuntu) moved to 2.x some years ago, things like that will still have bugs. Someone with a support contract (and probably more than one customer) should require freeipa support, doubt it will happen otherwise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
Using the ppa, the upgrade to the primary server was successful. Then the replica install was successful, other than, at the end: ... Restarting named Updating DNS system records DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed to answer the query registry1.1.quietfountain.com. IN A: Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL; Server ::1 UDP port 53 answered SERVFAIL DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed to answer the query registry1.1.quietfountain.com. IN A: Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered SERVFAIL; Server 127.0.0.1 UDP port 53 answered SERVFAIL unable to resolve host name registry1.1.quietfountain.com. to IP address, ipa-ca DNS record will be incomplete Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed to answer the query registry1.1.quietfountain.com. IN A: Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered SERVFAIL; Server 127.0.0.1 UDP port 53 answered SERVFAIL DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed to answer the query registry1.1.quietfountain.com. IN A: Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server ::1 UDP port 53 answered SERVFAIL; Server 127.0.0.1 UDP port 53 answered SERVFAIL unable to resolve host name registry1.1.quietfountain.com. to IP address, ipa-ca DNS record will be incomplete WARNING: The CA service is only installed on one server (registry1.1.quietfountain.com). It is strongly recommended to install it on another server. Run ipa-ca-install(1) on another master to accomplish this. The ipa-replica-install command was successful ... The following ipa-ca-install proceeded without error. I suggest that as ubuntu has embraced ceph, it should consider, and for the same reasons, supporting freeipa. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
this is fixed in 4.8.2, I was able to reproduce it on eoan, and then installed 4.8.3 from a ppa (ppa:freeipa/staging) and ipa-replica-install succeeded focal now has 4.8.3 so marking the bug as fixed ** Changed in: freeipa (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1853863] Re: freeipa replica crashes near end of basic install
Good to know. I was using ubuntu eoan. On 11/27/19 11:18 AM, Timo Aaltonen wrote: > for the record, ipa-replica-install works fine on the debian vm's that I > have set up for this (and finally had a go at replicating 4.8) > > my goal is to eventually have it all tested with a CI system somewhere, > and not rely just on the autopkgtests which can't run ipa-replica- > install > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
for the record, ipa-replica-install works fine on the debian vm's that I have set up for this (and finally had a go at replicating 4.8) my goal is to eventually have it all tested with a CI system somewhere, and not rely just on the autopkgtests which can't run ipa-replica- install -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
I appreciate your efforts. The thing is folks who use freeipa put it in the same 'has-got-to-work' 'no-regressions' category as the kernel. While it might lack a feature or need work in this or that area, it just can't 'not install' or have some major user-facing thing like the 'here's how you change your password' UI just not work after an 'upgrade'. There are so many moving parts and subsystems in freeipa I can't imagine how one person could possibly take on keeping up with it. FYI, I put a 30 second sleep just before the query that failed, and it failed the same way so I don't think it was a race issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
'community' supported, by me essentially as time permits, and the next LTS isn't here yet But yes, for critical systems probably use a distro that has official support. Or buy UA and demand it ;) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
The error here could be due to a race, where the first server isn't serving yet when the replica install tries to connect. Also, no mod_nss should be used anywhere anymore, just mod_ssl. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1853863] Re: freeipa replica crashes near end of basic install
Timo, Thank you. I didn't understand freeipa wasn't supported on Ubuntu. You can consider this matter closed, I have to move to a different distro. On 11/25/19 2:20 PM, Timo Aaltonen wrote: > replica install is untested, not surprising to see it being broken > > and freeipa is in universe and not officially supported > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
replica install is untested, not surprising to see it being broken and freeipa is in universe and not officially supported -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
Of some interest, a curl of exactly the same link works (kinit admin in effect,
just after failure above).
root@registry2:/tmp# curl
https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.FjcSSiXUpFmdUiDGjqSx6RqQviY_rVOkMuskX-QRUx6boPUox9KvoadV9s9odZc8slpnLF974ew-L_UQ-udd5aO2CD2m0meTVwqLymJOpnjSmD-wFIOxvWYH4lPZiZPPnN6DmGmbDc0kFI5O43eL9z3HocN3nYsTNjg-obhZuCVwNsS7xhUqthosBC8XzFadu0N4c800u13SPLAgmFBuXH3_ICMGsf3E9bGppqEo3BZWSiyBYacMSP40etk9YQaxzknWM4hCxIzH_UALuhubTvnrHswUlqpuQFfCxYAGt-RswwYCkjG1B_UJ1-YKmcSPdw7dePgvxd8aHs-CeztU-g.tXofwhux7QSRKzYBB6ek9w.UNrq-g-MfjRsJ8ZGSdPGvQjIKEw9vk4wp04bG0ZZ7AzvsRT1Tf1bwKHqcWWtC5c0FuQ6YB3j1jvObjJOjoD176S710XpGg_DucL1rvDBSCPTQTHH06QDaE_LwcUIpLZH3bjyyAh9L3yh07-6WCCYDvuHQgfkASeWb916Q7-yTyGuKxk6Tg6wf27gFQS2_q91vllv4g148DX2cREaDb60HOhdkAn3BdWuyomoT3tdwLXX2kUavc-UmUth2WWqPICBaCFXbE1pNVxOMB0cMHD43WPxBzQqQgHV7Xz7QlpyAYJmjJZj0KSu4K4AzXZzX7DPCmBkjReuJvcIOL_zOmn-E38G-ApKLdzXFpr_GFJamzKx5A2AiTzQkivnN_1mwZK65si7NM1wi-10BRQcUL3cz5u2uDxBQZHA0eN26uOHS_OFXke37zuKjqw319GQnXfw_Mlys6Cxilnc0vcjmk6vpx4gJFoQbobbtfaFgzfmYtI3sACLXJLhS8yNQgv03d3zbAaFrZHc7LLv6iKQ_w-jBFxBQf_PepLIaoeebtA1Fld0r3OqZokXAE1vaFfN0nVBAhh4sx-BD3gHpVopCZQHsoeZvKZF23xCbXQCKMAe_8rgNEtuhig2dgXY_3vL2V0xbD_7c2eNcsvutBm-9DGkGiotCOJhrUR2riXCvSIPb-Vt-G2WDg_U8z44JfyvkVHo.3nNEjhuACxacf-BrFl5aN5F0XNUbsF-plMhJ6Sbzt5c
[1] 4501
root@registry2:/tmp#
IPA: Identity Policy Audit
var dojoConfig = {
baseUrl: "../ui/js",
has: {
'dojo-firebug': false,
'dojo-debug-messages': true
},
parseOnLoad: false,
async: true,
packages: [
{
name:'dojo',
location:'dojo'
},
{
name: 'freeipa',
location: 'freeipa'
}
]
};
(function() {
var icons = [
'../ui/favicon.ico'
];
var styles = [
'../ui/css/patternfly.css',
'../ui/css/ipa.css'
];
var scripts = [
'../ui/js/libs/jquery.js',
'../ui/js/libs/jquery.ordered-map.js',
'../ui/js/dojo/dojo.js'
];
ipa_loader.scripts(scripts, function() {
require([
'dojo/dom',
'freeipa/core',
'dojo/domReady!'
],
function(dom) {
var text = require('freeipa/text');
var msg = text.get('@i18n:unauthorized-page');
if (msg) {
dom.byId('unauthorized-msg').innerHTML=msg;
}
});
});
ipa_loader.styles(styles);
ipa_loader.icons(icons);
})();
Unable to verify your Kerberos credentials
Please make sure that you have valid Kerberos tickets (obtainable via
kinit), and that you have configured your browser correctly.
Browser configuration
If this is your first time, please configure your
browser.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853863
Title:
freeipa replica crashes near end of basic install
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853863] Re: freeipa replica crashes near end of basic install
Here's the shell script log root@registry2:~# kinit admin Password for ad...@1.quietfountain.com: root@registry2:~# ipa-replica-install --setup-dns --no-forwarders WARNING: conflicting time synchronization service 'ntp' will be disabled in favor of chronyd Lookup failed: Preferred host registry2.1.quietfountain.com does not provide DNS. Run connection check to master Connection check OK Configuring directory server (dirsrv). Estimated time: 30 seconds [1/41]: creating directory server instance Starting installation... Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@1-QUIETFOUNTAIN-COM.service → /lib/systemd/system/dirsrv@.service. Allocate local instance with ldapi://%2fvar%2frun%2fslapd-1-QUIETFOUNTAIN-COM.socket [2/41]: configure autobind for root [3/41]: stopping directory server [4/41]: updating configuration in dse.ldif [5/41]: starting directory server [6/41]: adding default schema [7/41]: enabling memberof plugin [8/41]: enabling winsync plugin [9/41]: configure password logging [10/41]: configuring replication version plugin [11/41]: enabling IPA enrollment plugin [12/41]: configuring uniqueness plugin [13/41]: configuring uuid plugin [14/41]: configuring modrdn plugin [15/41]: configuring DNS plugin [16/41]: enabling entryUSN plugin [17/41]: configuring lockout plugin [18/41]: configuring topology plugin [19/41]: creating indices [20/41]: enabling referential integrity plugin [21/41]: configuring certmap.conf [22/41]: configure new location for managed entries [23/41]: configure dirsrv ccache and keytab [24/41]: enabling SASL mapping fallback [25/41]: restarting directory server [26/41]: creating DS keytab [27/41]: ignore time skew for initial replication [28/41]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 62 seconds elapsed Update succeeded [29/41]: prevent time skew after initial replication [30/41]: adding sasl mappings to the directory [31/41]: updating schema [32/41]: setting Auto Member configuration [33/41]: enabling S4U2Proxy delegation [34/41]: initializing group membership [35/41]: adding master entry [36/41]: initializing domain level [37/41]: configuring Posix uid/gid generation [38/41]: adding replication acis [39/41]: activating sidgen plugin [40/41]: activating extdom plugin [41/41]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc) [1/5]: configuring KDC [2/5]: adding the password extension to the directory [3/5]: creating anonymous principal [4/5]: starting the KDC [5/5]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [2/3]: importing CA certificates from LDAP [3/3]: restarting directory server Done configuring directory server (dirsrv). Configuring the web interface (httpd) [1/21]: stopping httpd [2/21]: backing up ssl.conf [3/21]: disabling nss.conf [4/21]: configuring mod_ssl certificate paths [5/21]: setting mod_ssl protocol list [6/21]: configuring mod_ssl log directory [7/21]: disabling mod_ssl OCSP [8/21]: adding URL rewriting rules [9/21]: configuring httpd [10/21]: setting up httpd keytab [11/21]: configuring Gssproxy [12/21]: setting up ssl [13/21]: configure certmonger for renewals [14/21]: publish CA cert [15/21]: clean up any existing httpd ccaches [16/21]: configuring SELinux for httpd [17/21]: create KDC proxy config [18/21]: enable KDC proxy [19/21]: starting httpd [20/21]: configuring httpd to start on boot [21/21]: enabling oddjobd Done configuring the web interface (httpd). Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Custodia uses 'registry1.1.quietfountain.com' as master peer. Configuring ipa-custodia [1/4]: Generating ipa-custodia config file [2/4]: Generating ipa-custodia keys [3/4]: starting ipa-custodia [4/4]: configuring ipa-custodia to start on boot Done configuring ipa-custodia. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. 404 Client Error: Not Found for url:
[Bug 1853863] Re: freeipa replica crashes near end of basic install
Both registry1 and registry2 are 'vanilla' eoan mate vms. Host registry1... has a working freeipa-server based on eoan installed. No other packages. It does include the dns support. registry2 is the attempt to install a replica. No other packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853863 Title: freeipa replica crashes near end of basic install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1853863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
