subject:"\[Freeipa\-users\] Re\: ipa\-replica\-install hanging at `\[29\/44\]\: setting up initial replication`"

[Freeipa-users] Re: ipa-replica-install hanging at `[29/44]: setting up initial replication`

2017-07-26 Thread John Morris via FreeIPA-users

The `IPA_SERVER_IP` failing to correct the A-record is issue #121:

https://github.com/freeipa/freeipa-container/issues/121

That puts a neat little bow on all my questions in this email thread. 
:D  Thanks-

John

On 07/24/2017 09:26 PM, John Morris via FreeIPA-users wrote:

Never mind, I partly figured out what's wrong, once I found a clue that
this stage requires server->replica connections.

The `ipa-replica-install` process, probably during `ipa-client-install`,
adds the DNS A-record for the server, but uses the container's IP address.

The freeipa-container scripts allow for this, and if the `IPA_SERVER_IP`
environment variable is set, they will attempt to correct the A-record
with `nsupdate`.  This was silently failing (I don't know why yet).

If the A-record is set prior to running `ipa-replica-install`, the
server can find the replica, the replication can be completed, and
everything hums happily.

For folks in the future, I guess if the replica install breaks at this
particular step, it's a good clue to check connectivity from the server
to the replica.

John

On 07/24/2017 04:14 PM, John Morris via FreeIPA-users wrote:

I reinstalled both server and replica with the image you suggest.  The
same problem occurs at the same location; see the new gist:

https://gist.github.com/zultron/d7bed6d0c00ae8daef292ba4bb2c04e0

Thanks-

John

On 07/24/2017 02:47 PM, Felipe Barreto Volpone via FreeIPA-users wrote:

John,

I didn't noticed that you're using adelton's repository.
Could you try more recent image from the official docker hub (/r/freeipa
instead of /r/adelton)?
https://hub.docker.com/r/freeipa/freeipa-server/

On Mon, Jul 24, 2017 at 4:40 PM, John Morris via FreeIPA-users
> wrote:

(Apologies for previously sending off-list, Felipe.)

Sure:

docker run \
--rm \
--interactive \
--restart=no \
--hostname=h01.example.com  \
--security-opt=seccomp=unconfined \
--name=ipa \
--volume=/media/freeipa:/data \
--volume=/media/state:/media/state \
--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
--env=IPA_SERVER_IP=1.2.3.4 \
--add-host=h01.example.com:1 .2.3.4 \
--publish=80:80 \
--publish=443:443 \
--publish=53:53 \
--publish=53:53/udp \
--publish=389:389 \
--publish=636:636 \
--publish=88:88 \
--publish=88:88/udp \
--publish=464:464 \
--publish=464:464/udp \
adelton/freeipa-server:centos-7

Thanks-

John

On 07/24/2017 01:29 PM, Felipe Barreto Volpone wrote:

Hi John,

could you share the command you have run to setup the ipa
server?

On Mon, Jul 24, 2017 at 3:12 PM, John Morris via FreeIPA-users

>> wrote:

Running FreeIPA out of Docker
(`adelton/freeipa-server:centos-7`
image), `ipa-replica-install` hangs at `[29/44]: setting up
initial
replication`.  The `ipa-server-configure-first.log` (debug
output
enabled) is pasted in the below gist, plus output of
`journalctl
-xe` from within the container.

https://gist.github.com/zultron/6f9aeb47d304c7bcab93d023e36484ba

>

The options to `ipa-replica-install` look like this:

--unattended
--principal=admin
--admin-password=redacted
--server=h01.example.com 

--hostname=h11.example.com 

--realm=EXAMPLE.COM 

--domain=example.com 

--setup-ca
--setup-dns
--no-reverse
--no-forwarders
--no-host-dns
--no-ntp
--no-ui-redirect
--allow-zone-overlap
--debug
--skip-conncheck

The docker command looks like this:

docker run \
--rm \
--interactive \
--restart=no \
--hostname=h11.example.com 
 \

[Freeipa-users] Re: ipa-replica-install hanging at `[29/44]: setting up initial replication`

2017-07-24 Thread John Morris via FreeIPA-users

I reinstalled both server and replica with the image you suggest.  The 
same problem occurs at the same location; see the new gist:


https://gist.github.com/zultron/d7bed6d0c00ae8daef292ba4bb2c04e0

Thanks-

John

On 07/24/2017 02:47 PM, Felipe Barreto Volpone via FreeIPA-users wrote:

John,

I didn't noticed that you're using adelton's repository.
Could you try more recent image from the official docker hub (/r/freeipa
instead of /r/adelton)?
https://hub.docker.com/r/freeipa/freeipa-server/



On Mon, Jul 24, 2017 at 4:40 PM, John Morris via FreeIPA-users
> wrote:

(Apologies for previously sending off-list, Felipe.)

Sure:

docker run \
--rm \
--interactive \
--restart=no \
--hostname=h01.example.com  \
--security-opt=seccomp=unconfined \
--name=ipa \
--volume=/media/freeipa:/data \
--volume=/media/state:/media/state \
--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
--env=IPA_SERVER_IP=1.2.3.4 \
--add-host=h01.example.com:1 .2.3.4 \
--publish=80:80 \
--publish=443:443 \
--publish=53:53 \
--publish=53:53/udp \
--publish=389:389 \
--publish=636:636 \
--publish=88:88 \
--publish=88:88/udp \
--publish=464:464 \
--publish=464:464/udp \
adelton/freeipa-server:centos-7

Thanks-

John



On 07/24/2017 01:29 PM, Felipe Barreto Volpone wrote:

Hi John,

could you share the command you have run to setup the ipa server?

On Mon, Jul 24, 2017 at 3:12 PM, John Morris via FreeIPA-users

>> wrote:

Running FreeIPA out of Docker (`adelton/freeipa-server:centos-7`
image), `ipa-replica-install` hangs at `[29/44]: setting up
initial
replication`.  The `ipa-server-configure-first.log` (debug
output
enabled) is pasted in the below gist, plus output of `journalctl
-xe` from within the container.


https://gist.github.com/zultron/6f9aeb47d304c7bcab93d023e36484ba


>

The options to `ipa-replica-install` look like this:

--unattended
--principal=admin
--admin-password=redacted
--server=h01.example.com 

--hostname=h11.example.com 

--realm=EXAMPLE.COM 

--domain=example.com 

--setup-ca
--setup-dns
--no-reverse
--no-forwarders
--no-host-dns
--no-ntp
--no-ui-redirect
--allow-zone-overlap
--debug
--skip-conncheck

The docker command looks like this:

docker run \
--rm \
--interactive \
--restart=no \
--hostname=h11.example.com 
 \
--security-opt=seccomp=unconfined \
--name=ipa \
--volume=/media/freeipa:/data \
--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
--env=IPA_SERVER_IP=2.3.4.5 \
--env=KRB5_TRACE=/dev/stdout \
--add-host=h01.example.com:1
 .2.3.4 \
--publish=80:80 \
--publish=443:443 \
--publish=53:53 \
--publish=53:53/udp \
--publish=389:389 \
--publish=636:636 \
--publish=88:88 \
--publish=88:88/udp \
--publish=464:464 \
--publish=464:464/udp \
adelton/freeipa-server:centos-7 \
ipa-replica-install

I'm starting to track this down starting from
`ipaserver/install/dsinstance.py`, `__setup_replica()`, but I'd
really appreciate suggestions.  Thanks-

John

[Freeipa-users] Re: ipa-replica-install hanging at `[29/44]: setting up initial replication`

2017-07-24 Thread John Morris via FreeIPA-users


(Apologies for previously sending off-list, Felipe.)

Sure:

docker run \
--rm \
--interactive \
--restart=no \
--hostname=h01.example.com \
--security-opt=seccomp=unconfined \
--name=ipa \
--volume=/media/freeipa:/data \
--volume=/media/state:/media/state \
--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
--env=IPA_SERVER_IP=1.2.3.4 \
--add-host=h01.example.com:1.2.3.4 \
--publish=80:80 \
--publish=443:443 \
--publish=53:53 \
--publish=53:53/udp \
--publish=389:389 \
--publish=636:636 \
--publish=88:88 \
--publish=88:88/udp \
--publish=464:464 \
--publish=464:464/udp \
adelton/freeipa-server:centos-7

Thanks-

John



On 07/24/2017 01:29 PM, Felipe Barreto Volpone wrote:

Hi John,

could you share the command you have run to setup the ipa server?

On Mon, Jul 24, 2017 at 3:12 PM, John Morris via FreeIPA-users
> wrote:

Running FreeIPA out of Docker (`adelton/freeipa-server:centos-7`
image), `ipa-replica-install` hangs at `[29/44]: setting up initial
replication`.  The `ipa-server-configure-first.log` (debug output
enabled) is pasted in the below gist, plus output of `journalctl
-xe` from within the container.

https://gist.github.com/zultron/6f9aeb47d304c7bcab93d023e36484ba


The options to `ipa-replica-install` look like this:

--unattended
--principal=admin
--admin-password=redacted
--server=h01.example.com 
--hostname=h11.example.com 
--realm=EXAMPLE.COM 
--domain=example.com 
--setup-ca
--setup-dns
--no-reverse
--no-forwarders
--no-host-dns
--no-ntp
--no-ui-redirect
--allow-zone-overlap
--debug
--skip-conncheck

The docker command looks like this:

docker run \
--rm \
--interactive \
--restart=no \
--hostname=h11.example.com  \
--security-opt=seccomp=unconfined \
--name=ipa \
--volume=/media/freeipa:/data \
--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \
--env=IPA_SERVER_IP=2.3.4.5 \
--env=KRB5_TRACE=/dev/stdout \
--add-host=h01.example.com:1 .2.3.4 \
--publish=80:80 \
--publish=443:443 \
--publish=53:53 \
--publish=53:53/udp \
--publish=389:389 \
--publish=636:636 \
--publish=88:88 \
--publish=88:88/udp \
--publish=464:464 \
--publish=464:464/udp \
adelton/freeipa-server:centos-7 \
ipa-replica-install

I'm starting to track this down starting from
`ipaserver/install/dsinstance.py`, `__setup_replica()`, but I'd
really appreciate suggestions.  Thanks-

John
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org

To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org




___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: ipa-replica-install hanging at `[29/44]: setting up initial replication`

[Freeipa-users] Re: ipa-replica-install hanging at `[29/44]: setting up initial replication`

[Freeipa-users] Re: ipa-replica-install hanging at `[29/44]: setting up initial replication`

3 matches

Site Navigation

Mail list logo

Footer information