subject:"Re\: \[Freeipa\-users\] Trouble with replica install"

Re: [Freeipa-users] Trouble with replica install

2014-01-02 Thread Martin Kosek

Ah, I see this thread was resolved already, my MUA just failed to properly
attach it to the thread. Please disregard this mail then (but I was right with
the root cause though :)

Martin

On 01/02/2014 05:46 PM, Martin Kosek wrote:
> Hello Les,
> 
> Did you manage to resolve the issue? I just got to it after the Christmas
> break. Reading few resources online, this error seems to come of a
> misconfigured httpd when for example mod_authz_groupfile.so or
> mod_authz_user.so Apache modules are not loaded (I have them loaded in
> /etc/httpd/conf.modules.d/00-base.conf).
> 
> Did you modify httpd configuration before you run ipa-replica-install in any 
> way?
> 
> Martin
> 
> On 12/16/2013 01:44 PM, Les Stott wrote:
>> Petr,
>>
>> The below was the error from apache error logs
>>
>>> Apache logs the following error at the same time...
>>>
>>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration 
>>> error:  couldn't check access.  No groups file?: /ipa/xml, referer: 
>>> https://replica.mydomain.com/ipa/xml
>>
>> Other lines in the /var/log/httpd/error log at the same time...
>>
>> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
>> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: 
>>  couldn't check access.  No groups file?: /ipa/xml, referer: 
>> https://replica.mydomain.com/ipa/xml
>> [Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
>> [Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
>> context unconfined_u:system_r:httpd_t:s0
>>
>> Regards,
>>
>> Les
>>
>> ____
>> From: Petr Spacek [pspa...@redhat.com]
>> Sent: Monday, December 16, 2013 10:38 PM
>> To: Les Stott; freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] Trouble with replica install
>>
>> On 16.12.2013 10:55, Les Stott wrote:
>>> Sorry, when I said "selinux is in permissive mode, but it's the same as on 
>>> the master server, so it should be the issue." It should have read as 
>>> "selinux is in permissive mode, but it's the same as on the master server, 
>>> so it should NOT be the issue."
>>>
>>> Les
>>>
>>> From: freeipa-users-boun...@redhat.com 
>>> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
>>> Sent: Monday, 16 December 2013 8:47 PM
>>> To: freeipa-users@redhat.com
>>> Subject: [Freeipa-users] Trouble with replica install
>>>
>>> Hi,
>>>
>>> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
>>> Already setup master server, now trying to install replica (which I've done 
>>> before and its worked fine).
>>>
>>> The replica install gets all the way to the end but errors out. For the 
>>> most part, it looks like it is complete, but I want to be sure there are no 
>>> lingering issues.
>>>
>>> The error I see in the log is...(domain and ip's changed)
>>>
>>> 
>>> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
>>> Realm: MYDOMAIN.COM
>>> DNS Domain: mydomain.com
>>> IPA Server: replica.mydomain.com
>>> BaseDN: dc=mydomain,dc=com
>>> Domain mydomain.com is already configured in existing SSSD config, creating 
>>> a new one.
>>> The old /etc/sssd/sssd.conf is backed up and will be restored during 
>>> uninstall.
>>> Configured /etc/sssd/sssd.conf
>>> trying https://replica.mydomain.com/ipa/xml
>>> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
>>> Traceback (most recent call last):
>>>File "/usr/sbin/ipa-client-install", line 2377, in 
>>>  sys.exit(main())
>>>File "/usr/sbin/ipa-client-install", line 2363, in main
>>>  rval = install(options, env, fstore, statestore)
>>>File "/usr/sbin/ipa-client-install", line 2167, in install
>>>  remote_env = api.Command['env'](server=True)['result']
>>>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
>>> __call__
>>>  ret = self.run(*args, **options)
>>>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, 
>>> in run
>>>  return self.forward(*args, **options)
>>>File "/us

Re: [Freeipa-users] Trouble with replica install

2014-01-02 Thread Martin Kosek

Hello Les,

Did you manage to resolve the issue? I just got to it after the Christmas
break. Reading few resources online, this error seems to come of a
misconfigured httpd when for example mod_authz_groupfile.so or
mod_authz_user.so Apache modules are not loaded (I have them loaded in
/etc/httpd/conf.modules.d/00-base.conf).

Did you modify httpd configuration before you run ipa-replica-install in any 
way?

Martin

On 12/16/2013 01:44 PM, Les Stott wrote:
> Petr,
> 
> The below was the error from apache error logs
> 
>> Apache logs the following error at the same time...
>>
>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: 
>>  couldn't check access.  No groups file?: /ipa/xml, referer: 
>> https://replica.mydomain.com/ipa/xml
> 
> Other lines in the /var/log/httpd/error log at the same time...
> 
> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
> couldn't check access.  No groups file?: /ipa/xml, referer: 
> https://replica.mydomain.com/ipa/xml
> [Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
> [Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
> context unconfined_u:system_r:httpd_t:s0
> 
> Regards,
> 
> Les
> 
> 
> From: Petr Spacek [pspa...@redhat.com]
> Sent: Monday, December 16, 2013 10:38 PM
> To: Les Stott; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Trouble with replica install
> 
> On 16.12.2013 10:55, Les Stott wrote:
>> Sorry, when I said "selinux is in permissive mode, but it's the same as on 
>> the master server, so it should be the issue." It should have read as 
>> "selinux is in permissive mode, but it's the same as on the master server, 
>> so it should NOT be the issue."
>>
>> Les
>>
>> From: freeipa-users-boun...@redhat.com 
>> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
>> Sent: Monday, 16 December 2013 8:47 PM
>> To: freeipa-users@redhat.com
>> Subject: [Freeipa-users] Trouble with replica install
>>
>> Hi,
>>
>> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
>> Already setup master server, now trying to install replica (which I've done 
>> before and its worked fine).
>>
>> The replica install gets all the way to the end but errors out. For the most 
>> part, it looks like it is complete, but I want to be sure there are no 
>> lingering issues.
>>
>> The error I see in the log is...(domain and ip's changed)
>>
>> 
>> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
>> Realm: MYDOMAIN.COM
>> DNS Domain: mydomain.com
>> IPA Server: replica.mydomain.com
>> BaseDN: dc=mydomain,dc=com
>> Domain mydomain.com is already configured in existing SSSD config, creating 
>> a new one.
>> The old /etc/sssd/sssd.conf is backed up and will be restored during 
>> uninstall.
>> Configured /etc/sssd/sssd.conf
>> trying https://replica.mydomain.com/ipa/xml
>> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
>> Traceback (most recent call last):
>>File "/usr/sbin/ipa-client-install", line 2377, in 
>>  sys.exit(main())
>>File "/usr/sbin/ipa-client-install", line 2363, in main
>>  rval = install(options, env, fstore, statestore)
>>File "/usr/sbin/ipa-client-install", line 2167, in install
>>  remote_env = api.Command['env'](server=True)['result']
>>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
>> __call__
>>  ret = self.run(*args, **options)
>>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in 
>> run
>>  return self.forward(*args, **options)
>>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in 
>> forward
>>  return self.Backend.xmlclient.forward(self.name, *args, **kw)
>>File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in 
>> forward
>>  raise NetworkError(uri=server, error=e.errmsg)
> 
>> ipalib.errors.NetworkError: cannot connect to 
>> u'https://replica.mydomain.com/ipa/xml': Internal Server Error
> 
> Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
> check error messages there.
> 
> Petr^2 Spacek
>

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Les Stott

Alexander,

I think it was a case of a manually locked down (post install) system that had 
been previously built. The master was on a vm that was a newer build, but not 
done in the same way as the older server, so it had a more default out of the 
box configuration.

At least now I now to check this before installing the replica on existing 
machines.

Regards,

Les

-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com] 
Sent: Tuesday, 17 December 2013 12:52 AM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install - SOLVED

On Mon, 16 Dec 2013, Les Stott wrote:
>Figured it out.
>
>Missing apache modules (not loaded). One of the following
>
>LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule 
>auth_digest_module modules/mod_auth_digest.so LoadModule 
>authn_file_module modules/mod_authn_file.so LoadModule 
>authn_alias_module modules/mod_authn_alias.so LoadModule 
>authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module 
>modules/mod_authn_dbm.so LoadModule authn_default_module 
>modules/mod_authn_default.so LoadModule authz_host_module 
>modules/mod_authz_host.so LoadModule authz_user_module 
>modules/mod_authz_user.so LoadModule authz_owner_module 
>modules/mod_authz_owner.so LoadModule authz_groupfile_module 
>modules/mod_authz_groupfile.so LoadModule authz_dbm_module 
>modules/mod_authz_dbm.so LoadModule authz_default_module 
>modules/mod_authz_default.so LoadModule authnz_ldap_module 
>modules/mod_authnz_ldap.so
>
>I'm not sure which one, i just matched what was on the master and 
>reinstalled the replica - no errors. Been a long day so i don't feel 
>like going through one by one, uninstalling/reinstalling etc. I imagine 
>its probably mod_authz_groupfile.so, but others are probably needed 
>too.
I wonder if this server was refurbished from some other task where original 
configuration was already changed. FreeIPA install scripts assumes non-modified 
configuration files.


--
/ Alexander Bokovoy

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Alexander Bokovoy


On Mon, 16 Dec 2013, Les Stott wrote:

Figured it out.

Missing apache modules (not loaded). One of the following

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

I'm not sure which one, i just matched what was on the master and
reinstalled the replica - no errors. Been a long day so i don't feel
like going through one by one, uninstalling/reinstalling etc. I imagine
its probably mod_authz_groupfile.so, but others are probably needed
too.

I wonder if this server was refurbished from some other task where
original configuration was already changed. FreeIPA install scripts
assumes non-modified configuration files.


--
/ Alexander Bokovoy

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Les Stott

Figured it out.

Missing apache modules (not loaded). One of the following

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

I'm not sure which one, i just matched what was on the master and reinstalled 
the replica - no errors. Been a long day so i don't feel like going through one 
by one, uninstalling/reinstalling etc. I imagine its probably 
mod_authz_groupfile.so, but others are probably needed too.

Regards,

Les




From: Les Stott
Sent: Monday, December 16, 2013 11:44 PM
To: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Trouble with replica install

Petr,

The below was the error from apache error logs

> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
> couldn't check access.  No groups file?: /ipa/xml, referer: 
> https://replica.mydomain.com/ipa/xml

Other lines in the /var/log/httpd/error log at the same time...

[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
context unconfined_u:system_r:httpd_t:s0

Regards,

Les


From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install

On 16.12.2013 10:55, Les Stott wrote:
> Sorry, when I said "selinux is in permissive mode, but it's the same as on 
> the master server, so it should be the issue." It should have read as 
> "selinux is in permissive mode, but it's the same as on the master server, so 
> it should NOT be the issue."
>
> Les
>
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
> Sent: Monday, 16 December 2013 8:47 PM
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] Trouble with replica install
>
> Hi,
>
> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
> Already setup master server, now trying to install replica (which I've done 
> before and its worked fine).
>
> The replica install gets all the way to the end but errors out. For the most 
> part, it looks like it is complete, but I want to be sure there are no 
> lingering issues.
>
> The error I see in the log is...(domain and ip's changed)
>
> 
> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
> Realm: MYDOMAIN.COM
> DNS Domain: mydomain.com
> IPA Server: replica.mydomain.com
> BaseDN: dc=mydomain,dc=com
> Domain mydomain.com is already configured in existing SSSD config, creating a 
> new one.
> The old /etc/sssd/sssd.conf is backed up and will be restored during 
> uninstall.
> Configured /etc/sssd/sssd.conf
> trying https://replica.mydomain.com/ipa/xml
> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
> Traceback (most recent call last):
>File "/usr/sbin/ipa-client-install", line 2377, in 
>  sys.exit(main())
>File "/usr/sbin/ipa-client-install", line 2363, in main
>  rval = install(options, env, fstore, statestore)
>File "/usr/sbin/ipa-client-install", line 2167, in install
>  remote_env = api.Command['env'](server=True)['result']
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
> __call__
>  ret = self.run(*args, **options)
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in 
> run
>  return self.forward(*args, **options)
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in 
> forwa

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott

Petr,

The below was the error from apache error logs

> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
> couldn't check access.  No groups file?: /ipa/xml, referer: 
> https://replica.mydomain.com/ipa/xml

Other lines in the /var/log/httpd/error log at the same time...

[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
context unconfined_u:system_r:httpd_t:s0

Regards,

Les


From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install

On 16.12.2013 10:55, Les Stott wrote:
> Sorry, when I said "selinux is in permissive mode, but it's the same as on 
> the master server, so it should be the issue." It should have read as 
> "selinux is in permissive mode, but it's the same as on the master server, so 
> it should NOT be the issue."
>
> Les
>
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
> Sent: Monday, 16 December 2013 8:47 PM
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] Trouble with replica install
>
> Hi,
>
> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
> Already setup master server, now trying to install replica (which I've done 
> before and its worked fine).
>
> The replica install gets all the way to the end but errors out. For the most 
> part, it looks like it is complete, but I want to be sure there are no 
> lingering issues.
>
> The error I see in the log is...(domain and ip's changed)
>
> 
> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
> Realm: MYDOMAIN.COM
> DNS Domain: mydomain.com
> IPA Server: replica.mydomain.com
> BaseDN: dc=mydomain,dc=com
> Domain mydomain.com is already configured in existing SSSD config, creating a 
> new one.
> The old /etc/sssd/sssd.conf is backed up and will be restored during 
> uninstall.
> Configured /etc/sssd/sssd.conf
> trying https://replica.mydomain.com/ipa/xml
> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
> Traceback (most recent call last):
>File "/usr/sbin/ipa-client-install", line 2377, in 
>  sys.exit(main())
>File "/usr/sbin/ipa-client-install", line 2363, in main
>  rval = install(options, env, fstore, statestore)
>File "/usr/sbin/ipa-client-install", line 2167, in install
>  remote_env = api.Command['env'](server=True)['result']
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
> __call__
>  ret = self.run(*args, **options)
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in 
> run
>  return self.forward(*args, **options)
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in 
> forward
>  return self.Backend.xmlclient.forward(self.name, *args, **kw)
>File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
>  raise NetworkError(uri=server, error=e.errmsg)

> ipalib.errors.NetworkError: cannot connect to 
> u'https://replica.mydomain.com/ipa/xml': Internal Server Error

Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
check error messages there.

Petr^2 Spacek

>
> 2013-12-16T09:26:50Z INFO   File 
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 
> 614, in run_script
>  return_value = main_function()
>
>File "/usr/sbin/ipa-replica-install", line 527, in main
>  raise RuntimeError("Failed to configure the client")
>
> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
> RuntimeError: Failed to configure the client
> ---
>
> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
> couldn't check access.  No groups file?: /ipa/xml, referer: 
> https://replica.mydomain.com/ipa/xml
>
> I can login to the gui and it seems ok, but I'm rolling this into production 
> so I've got to get it right.
>
> I'm hoping this is just some bug because its an older freeipa on redhat 
> (minimal install) etc. selinux is in permissive mode, but it's the same as on 
> the master server, so it should be the issue.
>
> Is this error critical? How can I fix it?
>
> Thanks in advance,
>
> Les

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Petr Spacek


On 16.12.2013 10:55, Les Stott wrote:

Sorry, when I said "selinux is in permissive mode, but it's the same as on the master server, 
so it should be the issue." It should have read as "selinux is in permissive mode, but 
it's the same as on the master server, so it should NOT be the issue."

Les

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 16 December 2013 8:47 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Trouble with replica install

Hi,

Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done 
before and its worked fine).

The replica install gets all the way to the end but errors out. For the most 
part, it looks like it is complete, but I want to be sure there are no 
lingering issues.

The error I see in the log is...(domain and ip's changed)


2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
Realm: MYDOMAIN.COM
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
BaseDN: dc=mydomain,dc=com
Domain mydomain.com is already configured in existing SSSD config, creating a 
new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
trying https://replica.mydomain.com/ipa/xml
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
   File "/usr/sbin/ipa-client-install", line 2377, in 
 sys.exit(main())
   File "/usr/sbin/ipa-client-install", line 2363, in main
 rval = install(options, env, fstore, statestore)
   File "/usr/sbin/ipa-client-install", line 2167, in install
 remote_env = api.Command['env'](server=True)['result']
   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
__call__
 ret = self.run(*args, **options)
   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run
 return self.forward(*args, **options)
   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in 
forward
 return self.Backend.xmlclient.forward(self.name, *args, **kw)
   File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
 raise NetworkError(uri=server, error=e.errmsg)



ipalib.errors.NetworkError: cannot connect to 
u'https://replica.mydomain.com/ipa/xml': Internal Server Error


Please look into /var/log/httpd/errors.log on server replica.mydomain.com and 
check error messages there.


Petr^2 Spacek



2013-12-16T09:26:50Z INFO   File 
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, 
in run_script
 return_value = main_function()

   File "/usr/sbin/ipa-replica-install", line 527, in main
 raise RuntimeError("Failed to configure the client")

2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
RuntimeError: Failed to configure the client
---

Apache logs the following error at the same time...

[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml

I can login to the gui and it seems ok, but I'm rolling this into production so 
I've got to get it right.

I'm hoping this is just some bug because its an older freeipa on redhat 
(minimal install) etc. selinux is in permissive mode, but it's the same as on 
the master server, so it should be the issue.

Is this error critical? How can I fix it?

Thanks in advance,

Les


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott

Sorry, when I said "selinux is in permissive mode, but it's the same as on the 
master server, so it should be the issue." It should have read as "selinux is 
in permissive mode, but it's the same as on the master server, so it should NOT 
be the issue."

Les

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 16 December 2013 8:47 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Trouble with replica install

Hi,

Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done 
before and its worked fine).

The replica install gets all the way to the end but errors out. For the most 
part, it looks like it is complete, but I want to be sure there are no 
lingering issues.

The error I see in the log is...(domain and ip's changed)


2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
Realm: MYDOMAIN.COM
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
BaseDN: dc=mydomain,dc=com
Domain mydomain.com is already configured in existing SSSD config, creating a 
new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
trying https://replica.mydomain.com/ipa/xml
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 2377, in 
sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 2363, in main
rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 2167, in install
remote_env = api.Command['env'](server=True)['result']
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
__call__
ret = self.run(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run
return self.forward(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in 
forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
raise NetworkError(uri=server, error=e.errmsg)
ipalib.errors.NetworkError: cannot connect to 
u'https://replica.mydomain.com/ipa/xml': Internal Server Error

2013-12-16T09:26:50Z INFO   File 
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, 
in run_script
return_value = main_function()

  File "/usr/sbin/ipa-replica-install", line 527, in main
raise RuntimeError("Failed to configure the client")

2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
RuntimeError: Failed to configure the client
---

Apache logs the following error at the same time...

[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml

I can login to the gui and it seems ok, but I'm rolling this into production so 
I've got to get it right.

I'm hoping this is just some bug because its an older freeipa on redhat 
(minimal install) etc. selinux is in permissive mode, but it's the same as on 
the master server, so it should be the issue.

Is this error critical? How can I fix it?

Thanks in advance,

Les
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install

Re: [Freeipa-users] Trouble with replica install

Re: [Freeipa-users] Trouble with replica install - SOLVED

Re: [Freeipa-users] Trouble with replica install - SOLVED

Re: [Freeipa-users] Trouble with replica install - SOLVED

Re: [Freeipa-users] Trouble with replica install

Re: [Freeipa-users] Trouble with replica install

Re: [Freeipa-users] Trouble with replica install

8 matches

Site Navigation

Mail list logo

Footer information