Re: [Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address
On 7.11.2014 14:08, Traiano Welcome wrote: Hi List I'm trying to configure a replica for a primary freeipa IdM server (both CentOS 7, AD trusts configured on primary), but ipa-replica-install fails with the following error: -- ipa-replica-install -d --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg . . Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address . . -- For context, here is the full output from the replica-install command (I've attached the full debug output): --- [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg WARNING: conflicting timedate synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'lolpr-idm-mstr.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin@IDM.LOCAL password: Check SSH connection to remote master Execute check on remote master Check connection from master to remote replica 'lolpr-idm-slve.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. Connection check OK Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address [root@lolpr-idm-slve ipa]# --- Some things I've tested: 1. disable selinux (followed by reboot) - no change 2. disable IPv6 (followed by reboot) - no change DNS resolution and IP checks seem fine: --- [root@lolpr-idm-slve install]# hostname lolpr-idm-slve.idm.local [root@lolpr-idm-slve install]# ifconfig ens192: flags=4163UP,BROADCAST,RUNNING,MULTICAST mtu 1500 inet 172.16.100.222 netmask 255.255.255.255 broadcast 172.16.100.222 This is the cause: IP address on ens192 interface is 172.16.100.222/32. What is your environment? Is it some kind of weird container? Is it even valid configuration? :-) I don't recall any use case for 32-bit netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point to point links. Petr^2 Spacek ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet) RX packets 17964 bytes 1705674 (1.6 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 3772 bytes 595134 (581.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -- /etc/hosts looks like this: -- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 172.16.100.68 lolpr-idm-mstr.idm.locallolpr-idm-mstr 172.16.100.222 lolpr-idm-slve.idm.locallolpr-idm-slve 172.16.104.231 loltestdc001.loltestdc.com loltestdc001 -- Host naming, forward and reverse resolution seems fine: --- [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname` lolpr-idm-slve.idm.local has address 172.16.100.222 [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname`^C [root@lolpr-idm-slve install]# host `hostname`| cut -d -f 4| xargs -Iname host name 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local. [root@lolpr-idm-slve install]# --- I'd be thankful if anyone could shed a light on why this error is happening and point me in the direction of a fix. Kind Regards, Traiano -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address
Hi Petr On Fri, Nov 7, 2014 at 6:19 PM, Petr Spacek pspa...@redhat.com wrote: On 7.11.2014 14:08, Traiano Welcome wrote: Hi List I'm trying to configure a replica for a primary freeipa IdM server (both CentOS 7, AD trusts configured on primary), but ipa-replica-install fails with the following error: -- ipa-replica-install -d --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg . . Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address . . -- For context, here is the full output from the replica-install command (I've attached the full debug output): --- [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg WARNING: conflicting timedate synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'lolpr-idm-mstr.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin@IDM.LOCAL password: Check SSH connection to remote master Execute check on remote master Check connection from master to remote replica 'lolpr-idm-slve.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. Connection check OK Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address [root@lolpr-idm-slve ipa]# --- Some things I've tested: 1. disable selinux (followed by reboot) - no change 2. disable IPv6 (followed by reboot) - no change DNS resolution and IP checks seem fine: --- [root@lolpr-idm-slve install]# hostname lolpr-idm-slve.idm.local [root@lolpr-idm-slve install]# ifconfig ens192: flags=4163UP,BROADCAST,RUNNING,MULTICAST mtu 1500 inet 172.16.100.222 netmask 255.255.255.255 broadcast 172.16.100.222 This is the cause: IP address on ens192 interface is 172.16.100.222/32. What is your environment? Is it some kind of weird container? Is it even valid configuration? :-) I don't recall any use case for 32-bit netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point to point links. AFAIK, a /32 netmask designates a single address. Should be valid, although I'm not sure how IPA's installutils.py handles that. ipcalc says: root@lol-dev:/opt/automation# ipcalc 172.16.100.222/32 Address: 172.16.100.222 10101100.0001.01100100.1100 Netmask: 255.255.255.255 = 32 ... Wildcard: 0.0.0.0 ... = Hostroute: 172.16.100.222 10101100.0001.01100100.1100 Hosts/Net: 1 Class B, Private Internet Nice reference, seems to confirm this is a single host: http://www.oav.net/mirrors/cidr.html Petr^2 Spacek ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet) RX packets 17964 bytes 1705674 (1.6 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 3772 bytes 595134 (581.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -- /etc/hosts looks like this: -- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 172.16.100.68 lolpr-idm-mstr.idm.locallolpr-idm-mstr 172.16.100.222 lolpr-idm-slve.idm.locallolpr-idm-slve 172.16.104.231 loltestdc001.loltestdc.com loltestdc001 -- Host naming, forward and reverse resolution seems fine: --- [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname` lolpr-idm-slve.idm.local has address 172.16.100.222 [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname`^C [root@lolpr-idm-slve install]# host `hostname`| cut -d -f 4| xargs -Iname host name 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local. [root@lolpr-idm-slve install]# --- I'd be thankful if anyone could shed a light on why this error is happening and point me in the direction of a fix. Kind Regards, Traiano -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users
Re: [Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address
On 7.11.2014 17:20, Traiano Welcome wrote: Hi Petr On Fri, Nov 7, 2014 at 6:19 PM, Petr Spacek pspa...@redhat.com wrote: On 7.11.2014 14:08, Traiano Welcome wrote: Hi List I'm trying to configure a replica for a primary freeipa IdM server (both CentOS 7, AD trusts configured on primary), but ipa-replica-install fails with the following error: -- ipa-replica-install -d --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg . . Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address . . -- For context, here is the full output from the replica-install command (I've attached the full debug output): --- [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg WARNING: conflicting timedate synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'lolpr-idm-mstr.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin@IDM.LOCAL password: Check SSH connection to remote master Execute check on remote master Check connection from master to remote replica 'lolpr-idm-slve.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. Connection check OK Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address [root@lolpr-idm-slve ipa]# --- Some things I've tested: 1. disable selinux (followed by reboot) - no change 2. disable IPv6 (followed by reboot) - no change DNS resolution and IP checks seem fine: --- [root@lolpr-idm-slve install]# hostname lolpr-idm-slve.idm.local [root@lolpr-idm-slve install]# ifconfig ens192: flags=4163UP,BROADCAST,RUNNING,MULTICAST mtu 1500 inet 172.16.100.222 netmask 255.255.255.255 broadcast 172.16.100.222 This is the cause: IP address on ens192 interface is 172.16.100.222/32. What is your environment? Is it some kind of weird container? Is it even valid configuration? :-) I don't recall any use case for 32-bit netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point to point links. AFAIK, a /32 netmask designates a single address. Should be valid, although I'm not sure how IPA's installutils.py handles that. ipcalc says: root@lol-dev:/opt/automation# ipcalc 172.16.100.222/32 Address: 172.16.100.222 10101100.0001.01100100.1100 Netmask: 255.255.255.255 = 32 ... Wildcard: 0.0.0.0 ... = Hostroute: 172.16.100.222 10101100.0001.01100100.1100 Hosts/Net: 1 Class B, Private Internet Nice reference, seems to confirm this is a single host: http://www.oav.net/mirrors/cidr.html Sure, but how you can communicate using this address? You need to assign an address to the other end too :-) It is still unclear to me what is your use case. Petr^2 Spacek ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet) RX packets 17964 bytes 1705674 (1.6 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 3772 bytes 595134 (581.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -- /etc/hosts looks like this: -- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 172.16.100.68 lolpr-idm-mstr.idm.locallolpr-idm-mstr 172.16.100.222 lolpr-idm-slve.idm.locallolpr-idm-slve 172.16.104.231 loltestdc001.loltestdc.com loltestdc001 -- Host naming, forward and reverse resolution seems fine: --- [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname` lolpr-idm-slve.idm.local has address 172.16.100.222 [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname`^C [root@lolpr-idm-slve install]# host `hostname`| cut -d -f 4| xargs -Iname host name 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local. [root@lolpr-idm-slve install]# --- I'd
Re: [Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address
On Fri, Nov 7, 2014 at 7:22 PM, Petr Spacek pspa...@redhat.com wrote: On 7.11.2014 17:20, Traiano Welcome wrote: Hi Petr On Fri, Nov 7, 2014 at 6:19 PM, Petr Spacek pspa...@redhat.com wrote: On 7.11.2014 14:08, Traiano Welcome wrote: Hi List I'm trying to configure a replica for a primary freeipa IdM server (both CentOS 7, AD trusts configured on primary), but ipa-replica-install fails with the following error: -- ipa-replica-install -d --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg . . Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address . . -- For context, here is the full output from the replica-install command (I've attached the full debug output): --- [root@lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg WARNING: conflicting timedate synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'lolpr-idm-mstr.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin@IDM.LOCAL password: Check SSH connection to remote master Execute check on remote master Check connection from master to remote replica 'lolpr-idm-slve.idm.local': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. Connection check OK Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address [root@lolpr-idm-slve ipa]# --- Some things I've tested: 1. disable selinux (followed by reboot) - no change 2. disable IPv6 (followed by reboot) - no change DNS resolution and IP checks seem fine: --- [root@lolpr-idm-slve install]# hostname lolpr-idm-slve.idm.local [root@lolpr-idm-slve install]# ifconfig ens192: flags=4163UP,BROADCAST,RUNNING,MULTICAST mtu 1500 inet 172.16.100.222 netmask 255.255.255.255 broadcast 172.16.100.222 This is the cause: IP address on ens192 interface is 172.16.100.222/32. What is your environment? Is it some kind of weird container? Is it even valid configuration? :-) I don't recall any use case for 32-bit netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point to point links. AFAIK, a /32 netmask designates a single address. Should be valid, although I'm not sure how IPA's installutils.py handles that. ipcalc says: root@lol-dev:/opt/automation# ipcalc 172.16.100.222/32 Address: 172.16.100.222 10101100.0001.01100100.1100 Netmask: 255.255.255.255 = 32 ... Wildcard: 0.0.0.0 ... = Hostroute: 172.16.100.222 10101100.0001.01100100.1100 Hosts/Net: 1 Class B, Private Internet Nice reference, seems to confirm this is a single host: http://www.oav.net/mirrors/cidr.html Sure, but how you can communicate using this address? You need to assign an address to the other end too :-) Doh! Thanks a ton, Petr. Time for me to lay off the coffee :-) It is still unclear to me what is your use case. Simply to have a replica IdM server for clients to failover to should the primary IdM server be unreachable. Which is working wonderfully now ... Petr^2 Spacek ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet) RX packets 17964 bytes 1705674 (1.6 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 3772 bytes 595134 (581.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -- /etc/hosts looks like this: -- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 172.16.100.68 lolpr-idm-mstr.idm.locallolpr-idm-mstr 172.16.100.222 lolpr-idm-slve.idm.locallolpr-idm-slve 172.16.104.231 loltestdc001.loltestdc.com loltestdc001 -- Host naming, forward and reverse resolution seems fine: --- [root@lolpr-idm-slve install]# [root@lolpr-idm-slve install]# host `hostname` lolpr-idm-slve.idm.local has address 172.16.100.222