[Freeipa-users] ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not provided by any .service files

Tue, 17 Jan 2017 06:30:52 -0800 

Hello


Using freeipa 4.3.1-0ubuntu1 on Ubuntu 16.04 servers.

I have setup a FreeIPA master server with the following commands:

    apt install freeipa-server

    ipa-server-install --setup-dns --mkhomedir --auto-forwarders \
      --no-reverse --hostname=ewserv-auth01-prod.unix.ewadmin.ch \
      --ip-address=192.168.251.51 \
      --ds-password='dspassword' --admin-password='adminpassword' \
      --realm=UNIX.EWADMIN.CH --domain=unix.ewadmin.ch \
      --unattended

On a different server, I'm now trying to setup a replica. The
connection tests are good, see replica-master-conncheck.txt and
master-replica-conncheck.txt.

But ipa-replica-install fails (see ipa-replica-install.log.txt):

    $ sudo ipa-replica-install -P admin -w adminpassword
--domain=unix.ewadmin.ch --server=ewserv-auth01-prod.unix.ewadmin.ch
--realm=UNIX.EWADMIN.CH --hostname=ewserv-auth02-prod.unix.ewadmin.ch
    …
    Client configuration complete.

    Run connection check to master
    Removing client side components
    Unenrolling client from IPA server
    …
    ipa.ipapython.install.cli.install_tool(Replica): ERROR
Connection check failed!
    Please fix your network settings according to error messages above.
    If the check results are not valid it can be skipped with
--skip-conncheck parameter.
    ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information

In /var/log/ipareplica-install.log (attached as well), I find:

    […]
       Kerberos Kpasswd: UDP (464): SKIPPED

    Connection from replica to master is OK.
    Start listening on required ports for remote master check
    Get credentials to log in to remote master
    Check RPC connection to remote master
    Execute check on remote master

    2017-01-17T14:48:00Z DEBUG stderr=Remote master check failed with
following error message(s):
    an internal error has occurred

    2017-01-17T14:48:00Z DEBUG Starting external process
    2017-01-17T14:48:00Z DEBUG args=/usr/sbin/ipa-client-install
--unattended --uninstall
    2017-01-17T14:48:06Z DEBUG Process finished, return code=0
    […]

In /var/log/apache2/error.log, I find an error:

    [Tue Jan 17 16:06:05.825724 2017] [wsgi:error] [pid 21773:tid
139626190206720] ipa: INFO: [jsonserver_kerb] ad...@unix.ewadmin.ch:
ping(version=u'2.164'): SUCCESS
    ERROR:dbus.proxies:Introspect error on org.freeipa.server:/:
dbus.exceptions.DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.941909 2017] [wsgi:error] [pid 21772:tid
139626190206720] ipa: ERROR: non-public: DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.942141 2017] [wsgi:error] [pid 21772:tid
139626190206720] Traceback (most recent call last):
    [Tue Jan 17 16:06:05.942325 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 350,
in wsgi_execute
    [Tue Jan 17 16:06:05.942543 2017] [wsgi:error] [pid 21772:tid
139626190206720]     result = self.Command[name](*args, **options)
    [Tue Jan 17 16:06:05.942946 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 446, in
__call__
    [Tue Jan 17 16:06:05.944110 2017] [wsgi:error] [pid 21772:tid
139626190206720]     ret = self.run(*args, **options)
    [Tue Jan 17 16:06:05.944272 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 763, in
run
    [Tue Jan 17 16:06:05.944459 2017] [wsgi:error] [pid 21772:tid
139626190206720]     return self.execute(*args, **options)
    [Tue Jan 17 16:06:05.944638 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/plugins/server.py", line 247,
in execute
    [Tue Jan 17 16:06:05.944825 2017] [wsgi:error] [pid 21772:tid
139626190206720]     ret, stdout, stderr = server.conncheck(keys[-1])
    [Tue Jan 17 16:06:05.945075 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 70, in
__call__
    [Tue Jan 17 16:06:05.945245 2017] [wsgi:error] [pid 21772:tid
139626190206720]     return self._proxy_method(*args, **keywords)
    [Tue Jan 17 16:06:05.945394 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 145, in
__call__
    [Tue Jan 17 16:06:05.945567 2017] [wsgi:error] [pid 21772:tid
139626190206720]     **keywords)
    [Tue Jan 17 16:06:05.945734 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/connection.py", line 651, in
call_blocking
    [Tue Jan 17 16:06:05.945914 2017] [wsgi:error] [pid 21772:tid
139626190206720]     message, timeout)
    [Tue Jan 17 16:06:05.946074 2017] [wsgi:error] [pid 21772:tid
139626190206720] DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.946989 2017] [wsgi:error] [pid 21772:tid
139626190206720] ipa: INFO: [jsonserver_kerb] ad...@unix.ewadmin.ch:
server_conncheck(u'ewserv-auth01-prod.unix.ewadmin.ch',
u'ewserv-auth02-prod.unix.ewadmin.ch', version=u'2.162'):
DBusException
    [Tue Jan 17 16:06:10.595846 2017] [wsgi:error] [pid 21773:tid
139626190206720] ipa: INFO: [xmlserver]
host/ewserv-auth02-prod.unix.ewadmin...@unix.ewadmin.ch:
host_disable(u'ewserv-auth02-prod.unix.ewadmin.ch', version=u'2.51'):
SUCCESS


Thanks for any hints,


Alexander

PS: I also reported this as a bug on launchpad @
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1657134

$ sudo /usr/sbin/ipa-replica-conncheck --replica 
ewserv-auth02-prod.unix.ewadmin.ch
Check connection from master to remote replica 
'ewserv-auth02-prod.unix.ewadmin.ch':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

Connection from master to replica is OK.
2017-01-17T14:47:47Z DEBUG Logging to /var/log/ipareplica-install.log
2017-01-17T14:47:47Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': None, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'verbose': False, 'no_forwarders': None, 'keytab': None, 'ssh_trust_dns': None, 'domain_name': 'unix.ewadmin.ch', 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': None, 'realm_name': 'UNIX.EWADMIN.CH', 'skip_conncheck': None, 'no_ssh': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': 'ewserv-auth01-prod.unix.ewadmin.ch', 'setup_dns': None, 'host_name': 'ewserv-auth02-prod.unix.ewadmin.ch', 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': None}
2017-01-17T14:47:47Z DEBUG IPA version 4.3.1
2017-01-17T14:47:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-17T14:47:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-17T14:47:47Z DEBUG httpd is not configured
2017-01-17T14:47:47Z DEBUG kadmin is not configured
2017-01-17T14:47:47Z DEBUG dirsrv is not configured
2017-01-17T14:47:47Z DEBUG pki-tomcatd is not configured
2017-01-17T14:47:47Z DEBUG install is not configured
2017-01-17T14:47:47Z DEBUG krb5kdc is not configured
2017-01-17T14:47:47Z DEBUG ntpd is not configured
2017-01-17T14:47:47Z DEBUG named is not configured
2017-01-17T14:47:47Z DEBUG ipa_memcached is not configured
2017-01-17T14:47:47Z DEBUG filestore is tracking no files
2017-01-17T14:47:47Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-01-17T14:47:47Z DEBUG Configuring client side components
2017-01-17T14:47:47Z DEBUG Starting external process
2017-01-17T14:47:47Z DEBUG args=/usr/sbin/ipa-client-install --unattended --domain unix.ewadmin.ch --server ewserv-auth01-prod.unix.ewadmin.ch --realm UNIX.EWADMIN.CH --hostname ewserv-auth02-prod.unix.ewadmin.ch --principal admin
2017-01-17T14:47:54Z DEBUG Process finished, return code=0
2017-01-17T14:47:54Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-17T14:47:54Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-17T14:47:54Z DEBUG Starting external process
2017-01-17T14:47:54Z DEBUG args=/usr/sbin/apache2ctl -t -D DUMP_VHOSTS
2017-01-17T14:47:54Z DEBUG Process finished, return code=0
2017-01-17T14:47:54Z DEBUG stdout=VirtualHost configuration:
*:80                   ewserv-auth02-prod.unix.ewadmin.ch (/etc/apache2/sites-enabled/000-default.conf:1)

2017-01-17T14:47:54Z DEBUG stderr=
2017-01-17T14:47:54Z DEBUG Starting external process
2017-01-17T14:47:54Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2017-01-17T14:47:54Z DEBUG Process finished, return code=1
2017-01-17T14:47:54Z DEBUG stdout=
2017-01-17T14:47:54Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory

2017-01-17T14:47:54Z DEBUG Starting external process
2017-01-17T14:47:54Z DEBUG args=/bin/systemctl is-active chronyd.service
2017-01-17T14:47:54Z DEBUG Process finished, return code=3
2017-01-17T14:47:54Z DEBUG stdout=inactive

2017-01-17T14:47:54Z DEBUG stderr=
2017-01-17T14:47:54Z DEBUG importing all plugin modules in ipalib.plugins...
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.aci
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.automember
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.automount
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.baseldap
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.baseuser
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.batch
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.caacl
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.cert
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.certprofile
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.config
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.delegation
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.dns
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.domainlevel
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.group
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.hbacrule
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.hbacsvc
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.hbactest
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.host
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.hostgroup
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.idrange
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.idviews
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.internal
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.krbtpolicy
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.migration
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.misc
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.netgroup
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.otpconfig
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.otptoken
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.passwd
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.permission
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.ping
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.pkinit
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.privilege
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.pwpolicy
2017-01-17T14:47:54Z DEBUG Starting external process
2017-01-17T14:47:54Z DEBUG args=klist -V
2017-01-17T14:47:54Z DEBUG Process finished, return code=0
2017-01-17T14:47:54Z DEBUG stdout=Kerberos 5 version 1.13.2

2017-01-17T14:47:54Z DEBUG stderr=
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.radiusproxy
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.realmdomains
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.role
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.rpcclient
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.selfservice
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.selinuxusermap
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.server
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.service
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.servicedelegation
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.session
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.stageuser
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.sudocmd
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.sudorule
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.topology
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.trust
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.user
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.vault
2017-01-17T14:47:54Z DEBUG importing plugin module ipalib.plugins.virtual
2017-01-17T14:47:54Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.dns
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2017-01-17T14:47:54Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2017-01-17T14:47:55Z DEBUG Check if ewserv-auth02-prod.unix.ewadmin.ch is a primary hostname for localhost
2017-01-17T14:47:55Z DEBUG Primary hostname for localhost: ewserv-auth02-prod.unix.ewadmin.ch
2017-01-17T14:47:55Z DEBUG Search DNS for ewserv-auth02-prod.unix.ewadmin.ch
2017-01-17T14:47:55Z DEBUG Check if ewserv-auth02-prod.unix.ewadmin.ch is not a CNAME
2017-01-17T14:47:55Z DEBUG Check reverse address of 192.168.251.52
2017-01-17T14:47:55Z DEBUG Found reverse name: ewserv-auth02-prod.unix.ewadmin.ch
2017-01-17T14:47:55Z DEBUG Check if ewserv-auth01-prod.unix.ewadmin.ch is a primary hostname for localhost
2017-01-17T14:47:55Z DEBUG Primary hostname for localhost: ewserv-auth01-prod.unix.ewadmin.ch
2017-01-17T14:47:55Z DEBUG Search DNS for ewserv-auth01-prod.unix.ewadmin.ch
2017-01-17T14:47:55Z DEBUG Check if ewserv-auth01-prod.unix.ewadmin.ch is not a CNAME
2017-01-17T14:47:55Z DEBUG Check reverse address of 192.168.251.51
2017-01-17T14:47:55Z DEBUG Found reverse name: ewserv-auth01-prod.unix.ewadmin.ch
2017-01-17T14:47:55Z DEBUG Initializing principal host/ewserv-auth02-prod.unix.ewadmin...@unix.ewadmin.ch using keytab /etc/krb5.keytab
2017-01-17T14:47:55Z DEBUG using ccache /tmp/krbcchJyqJQ/ccache
2017-01-17T14:47:55Z DEBUG Attempt 1/1: success
2017-01-17T14:47:55Z DEBUG importing all plugin modules in ipalib.plugins...
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.aci
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.automember
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.automount
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.baseldap
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.baseuser
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.batch
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.caacl
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.cert
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.certprofile
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.config
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.delegation
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.dns
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.domainlevel
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.group
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.hbacrule
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.hbacsvc
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.hbactest
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.host
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.hostgroup
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.idrange
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.idviews
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.internal
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.krbtpolicy
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.migration
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.misc
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.netgroup
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.otpconfig
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.otptoken
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.passwd
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.permission
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.ping
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.pkinit
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.privilege
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.pwpolicy
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.radiusproxy
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.realmdomains
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.role
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.rpcclient
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.selfservice
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.selinuxusermap
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.server
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.service
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.servicedelegation
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.session
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.stageuser
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.sudocmd
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.sudorule
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.topology
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.trust
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.user
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.vault
2017-01-17T14:47:55Z DEBUG importing plugin module ipalib.plugins.virtual
2017-01-17T14:47:55Z DEBUG importing all plugin modules in ipaserver.plugins...
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.plugins.dogtag
2017-01-17T14:47:55Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.plugins.join
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.plugins.ldap2
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.plugins.rabase
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2017-01-17T14:47:55Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.dns
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2017-01-17T14:47:55Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2017-01-17T14:47:56Z DEBUG Created connection context.ldap2_140231651431696
2017-01-17T14:47:56Z DEBUG raw: domainlevel_get(version=u'2.164')
2017-01-17T14:47:56Z DEBUG domainlevel_get(version=u'2.164')
2017-01-17T14:47:56Z DEBUG flushing ldap://ewserv-auth01-prod.unix.ewadmin.ch from SchemaCache
2017-01-17T14:47:56Z DEBUG retrieving schema for SchemaCache url=ldap://ewserv-auth01-prod.unix.ewadmin.ch conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f8a3d812488>
2017-01-17T14:47:57Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.164', host=[u'ewserv-auth02-prod.unix.ewadmin.ch'])
2017-01-17T14:47:57Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.164', no_members=False, pkey_only=False, host=(u'ewserv-auth02-prod.unix.ewadmin.ch',))
2017-01-17T14:47:57Z DEBUG KRB5CCNAME set to None
2017-01-17T14:47:57Z DEBUG Failed to find default ccache: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): No Kerberos credentials available
2017-01-17T14:47:57Z DEBUG Initializing principal ad...@unix.ewadmin.ch using password
2017-01-17T14:47:57Z DEBUG Starting external process
2017-01-17T14:47:57Z DEBUG args=/usr/bin/kinit ad...@unix.ewadmin.ch -c /tmp/tmpnFCbBY
2017-01-17T14:47:57Z DEBUG Process finished, return code=0
2017-01-17T14:47:57Z DEBUG stdout=Password for ad...@unix.ewadmin.ch: 

2017-01-17T14:47:57Z DEBUG stderr=
2017-01-17T14:47:57Z DEBUG Destroyed connection context.ldap2_140231651431696
2017-01-17T14:47:57Z DEBUG Created connection context.ldap2_140231651431696
2017-01-17T14:47:57Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True, all=True, version=u'2.164')
2017-01-17T14:47:57Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True, raw=False, version=u'2.164', no_members=False)
2017-01-17T14:47:57Z DEBUG flushing ldap://ewserv-auth01-prod.unix.ewadmin.ch from SchemaCache
2017-01-17T14:47:57Z DEBUG retrieving schema for SchemaCache url=ldap://ewserv-auth01-prod.unix.ewadmin.ch conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f8a3d8ad878>
2017-01-17T14:47:57Z DEBUG Destroyed connection context.ldap2_140231651431696
2017-01-17T14:47:57Z DEBUG Created connection context.ldap2_140231651431696
2017-01-17T14:47:57Z DEBUG flushing ldap://ewserv-auth01-prod.unix.ewadmin.ch from SchemaCache
2017-01-17T14:47:57Z DEBUG retrieving schema for SchemaCache url=ldap://ewserv-auth01-prod.unix.ewadmin.ch conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f8a3d812488>
2017-01-17T14:47:58Z DEBUG Check forward/reverse DNS resolution
2017-01-17T14:47:58Z DEBUG Search DNS server ewserv-auth01-prod.unix.ewadmin.ch (['192.168.251.51', '192.168.251.51', '192.168.251.51']) for ewserv-auth01-prod.unix.ewadmin.ch
2017-01-17T14:47:58Z DEBUG Check reverse address 192.168.251.51 (ewserv-auth01-prod.unix.ewadmin.ch)
2017-01-17T14:47:58Z DEBUG Address 192.168.251.51 resolves to: ewserv-auth01-prod.unix.ewadmin.ch.. 
2017-01-17T14:47:58Z DEBUG Search DNS server ewserv-auth01-prod.unix.ewadmin.ch (['192.168.251.51', '192.168.251.51', '192.168.251.51']) for ewserv-auth02-prod.unix.ewadmin.ch
2017-01-17T14:47:58Z DEBUG Check reverse address 192.168.251.52 (ewserv-auth02-prod.unix.ewadmin.ch)
2017-01-17T14:47:58Z DEBUG Address 192.168.251.52 resolves to: ewserv-auth02-prod.unix.ewadmin.ch.. 
2017-01-17T14:47:58Z DEBUG Starting external process
2017-01-17T14:47:58Z DEBUG args=/sbin/ip -family inet -oneline address show
2017-01-17T14:47:58Z DEBUG Process finished, return code=0
2017-01-17T14:47:58Z DEBUG stdout=1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: ens160    inet 192.168.251.52/25 brd 192.168.251.127 scope global ens160\       valid_lft forever preferred_lft forever

2017-01-17T14:47:58Z DEBUG stderr=
2017-01-17T14:47:58Z DEBUG Destroyed connection context.ldap2_140231651431696
2017-01-17T14:47:58Z DEBUG Starting external process
2017-01-17T14:47:58Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master ewserv-auth01-prod.unix.ewadmin.ch --auto-master-check --realm UNIX.EWADMIN.CH --hostname ewserv-auth02-prod.unix.ewadmin.ch --principal admin --password XXXXXXXX --ca-cert-file /etc/ipa/ca.crt
2017-01-17T14:48:00Z DEBUG Process finished, return code=1
2017-01-17T14:48:00Z DEBUG stdout=Check connection from replica to remote master 'ewserv-auth01-prod.unix.ewadmin.ch':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
Execute check on remote master

2017-01-17T14:48:00Z DEBUG stderr=Remote master check failed with following error message(s):
an internal error has occurred

2017-01-17T14:48:00Z DEBUG Starting external process
2017-01-17T14:48:00Z DEBUG args=/usr/sbin/ipa-client-install --unattended --uninstall
2017-01-17T14:48:06Z DEBUG Process finished, return code=0
2017-01-17T14:48:06Z DEBUG   File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 318, in run
    cfgr.run()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 308, in run
    self.validate()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 317, in validate
    for nothing in self._validator():
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 564, in _configure
    next(validator)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 449, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 446, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 63, in _install
    for nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 1650, in main
    promote_check(self)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 375, in decorated
    func(installer)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 397, in decorated
    func(installer)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py", line 1282, in promote_check
    ca_cert_file=cafile)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/replication.py", line 102, in replica_conn_check
    "\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")

2017-01-17T14:48:06Z DEBUG The ipa-replica-install command failed, exception: SystemExit: Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2017-01-17T14:48:06Z ERROR Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2017-01-17T14:48:06Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

$ sudo /usr/sbin/ipa-replica-conncheck --master=192.168.251.51
Check connection from replica to remote master '192.168.251.51':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Listeners are started. Use CTRL+C to terminate the listening part after the 
test.

Please run the following command on remote master:
/usr/sbin/ipa-replica-conncheck --replica ewserv-auth02-prod.unix.ewadmin.ch

^C
Cleaning up...
$ sudo ipa-replica-install -P admin -w adminpassword --domain=unix.ewadmin.ch 
--server=ewserv-auth01-prod.unix.ewadmin.ch --realm=UNIX.EWADMIN.CH 
--hostname=ewserv-auth02-prod.unix.ewadmin.ch
Configuring client side components
Client hostname: ewserv-auth02-prod.unix.ewadmin.ch
Realm: UNIX.EWADMIN.CH
DNS Domain: unix.ewadmin.ch
IPA Server: ewserv-auth01-prod.unix.ewadmin.ch
BaseDN: dc=unix,dc=ewadmin,dc=ch

Synchronizing time with KDC...
Attempting to sync time using ntpd.  Will timeout after 15 seconds
Unable to sync time with NTP server, assuming the time is in sync. Please check 
that 123 UDP port is opened.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=UNIX.EWADMIN.CH
    Issuer:      CN=Certificate Authority,O=UNIX.EWADMIN.CH
    Valid From:  Mon Jan 16 15:23:55 2017 UTC
    Valid Until: Fri Jan 16 15:23:55 2037 UTC

Enrolled in IPA realm UNIX.EWADMIN.CH
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm UNIX.EWADMIN.CH
trying https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json
Forwarding 'ping' to json server 
'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Forwarding 'ca_is_enabled' to json server 
'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Systemwide CA database updated.
Hostname (ewserv-auth02-prod.unix.ewadmin.ch) does not have A/AAAA record.
Failed to update DNS records.
Missing A/AAAA record(s) for host ewserv-auth02-prod.unix.ewadmin.ch: 
192.168.251.52.
Missing reverse record(s) for address(es): 192.168.251.52.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to json server 
'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
No SRV records of NTP servers found. IPA server address will be used
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring unix.ewadmin.ch as NIS domain.
Client configuration complete.

Run connection check to master
Removing client side components
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to 
/etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Connection check 
failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck 
parameter.
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The 
ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
more information
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to