Post by Callum Guy
Haha, looks like i'm going CA-less for a while on the
replica. I don't see any immediate requirement for one so
time to get on with my life!
I'll post back if anything changes but I'm probably stuck
waiting for the upgrade too..
On Thu, May 18, 2017 at 11:01 AM Lachlan Musicman
Sorry cobber. We only found 6766 today - we've been
tackling it on and off for a couple of weeks :)
------
"Mission Statement: To provide hope and inspiration for
collective action, to build collective power, to achieve
collective transformation, rooted in grief and rage but
pointed towards vision and dreams."
- Patrice Cullors, /Black Lives Matter founder/
On 18 May 2017 at 19:53, Callum Guy
Ah, thanks for that Lachlan - its always reassuring
to hear that its not just me!
As mentioned above I have it running without the CA
so that's a good start. I am sure we will upgrade as
well once 4.5 becomes stable and GA for CentOS. I'm
not expecting that to happen quickly so will have to
work with what we have for now.
Do you happen to know if there is any way to build
the CA component separately?
On Thu, May 18, 2017 at 10:38 AM Lachlan Musicman
https://pagure.io/freeipa/issue/6766
4.5.1 - I stand corrected. Can add more tomorrow.
------
"Mission Statement: To provide hope and
inspiration for collective action, to build
collective power, to achieve collective
transformation, rooted in grief and rage but
pointed towards vision and dreams."
- Patrice Cullors, /Black Lives Matter founder/
On 18 May 2017 at 19:34, Lachlan Musicman
We are seeing this. I'm not at work, but I
think it's bug report 6766.
Patch has already been committed (bot by
us), we're waiting for IPA 4.5.
cheers
L.
------
"Mission Statement: To provide hope and
inspiration for collective action, to build
collective power, to achieve collective
transformation, rooted in grief and rage but
pointed towards vision and dreams."
- Patrice Cullors, /Black Lives Matter founder/
On 18 May 2017 at 18:57, Callum Guy
Hi All,
I am currently stuck trying to setup the
first replica of our master IPA server.
I have tried a number of different
approaches including escalating from a
client and nothing is working for me. I
perform a full OS reset each time I get
stuck.
I'm running CentOS 7.2 with the FreeIPA
4.4.0 (rpm -q reports this version
however having performed
ipa-server-upgrade - does this mean i'm
on 4.4.4?).
The command is shown below - note that i
am skipping the conn check as my
platforms security settings do not allow
the SSH session to be established back
on the master, all ports should be
available to the application however.
--ip-address=172.24.0.101 --setup-ca
--setup-dns --skip-conncheck
--no-forwarders SITE.net.gpg
Directory Manager (existing master)
ipa : ERROR Could not resolve
hostname ipa2.SITE.net
<http://ipa2.SITE.net> usis check
queries IPA DNS directly and ignores
/etc/hosts.)
Continue? [no]: yes
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv).
Estimated time: 1 minute
[1/42]: creating directory server user
[2/42]: creating directory server instance
[3/42]: updating configuration in dse.ldif
[4/42]: restarting directory server
[5/42]: adding default schema
[6/42]: enabling memberof plugin
[7/42]: enabling winsync plugin
[8/42]: configuring replication
version plugin
[9/42]: enabling IPA enrollment plugin
[10/42]: enabling ldapi
[11/42]: configuring uniqueness plugin
[12/42]: configuring uuid plugin
[13/42]: configuring modrdn plugin
[14/42]: configuring DNS plugin
[15/42]: enabling entryUSN plugin
[16/42]: configuring lockout plugin
[17/42]: configuring topology plugin
[18/42]: creating indices
[19/42]: enabling referential integrity
plugin
[20/42]: configuring ssl for ds instance
[21/42]: configuring certmap.conf
[22/42]: configure autobind for root
[23/42]: configure new location for
managed entries
[24/42]: configure dirsrv ccache
[25/42]: enabling SASL mapping fallback
[26/42]: restarting directory server
[27/42]: setting up initial replication
Starting replication, please wait until
this has completed.
Update in progress, 4 seconds elapsed
Update succeeded
[28/42]: adding sasl mappings to the
directory
[29/42]: updating schema
[30/42]: setting Auto Member configuration
[31/42]: enabling S4U2Proxy delegation
[32/42]: importing CA certificates from LDAP
[33/42]: initializing group membership
[34/42]: adding master entry
[35/42]: initializing domain level
[36/42]: configuring Posix uid/gid
generation
[37/42]: adding replication acis
[38/42]: enabling compatibility plugin
[39/42]: activating sidgen plugin
[40/42]: activating extdom plugin
[41/42]: tuning directory server
[42/42]: configuring directory to start
on boot
Done configuring directory server (dirsrv).
Configuring certificate server
(pki-tomcatd). Estimated time: 3 minutes
30 seconds
[1/27]: creating certificate server user
[2/27]: configuring certificate server
instance
[3/27]: stopping certificate server
instance to update CS.cfg
[4/27]: backing up CS.cfg
[5/27]: disabling nonces
[6/27]: set up CRL publishing
[7/27]: enable PKIX certificate path
discovery and validation
[8/27]: starting certificate server
instance
And here is stays and refuses to move
2017-05-18T08:40:07Z DEBUG
wait_for_open_ports: localhost [8080,
8443] timeout 300
2017-05-18T08:40:09Z DEBUG Waiting until
the CA is running
2017-05-18T08:40:09Z DEBUG request POST
http://ipa2.SITE.net:8080/ca/admin/ca/getStatus
2017-05-18T08:40:09Z DEBUG request body ''
I have tried and that port is indeed
inaccessible but I can't establish a way
to progress this issue from any of the
the other log files. Also I have seen in
the 4.4.4 release notes that IPv6 being
disabled on the master can cause issues,
re-enabling (at least in /etc/hosts) did
not seem to help.
If anyone is able to offer ideas that
would be very much appreciated. I am
tempted to remove the --setup-ca option
to see if this helps.
Thanks,
Callum
*^0333 332 0000 | www.x-on.co.uk
<http://www.x-on.co.uk> |
_**_^<https://www.linkedin.com/company/x-on>
<https://www.facebook.com/XonTel>
<https://twitter.com/xonuk> *
X-on is a trading name of Storacall
Technology Ltd a limited company
registered in England and Wales.
Registered Office : Avaland House, 110
London Road, Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration No.
2578478.
The information in this e-mail is
confidential and for use by the
addressee(s) only. If you are not the
intended recipient, please notify X-on
immediately on +44(0)333 332 0000
<tel:+44%20333%20332%200000> and delete the
message from your computer. If you are
not a named addressee you must not use,
disclose, disseminate, distribute, copy,
print or reply to this email. Views or
opinions expressed by an individual
within this email may not necessarily
reflect the views of X-on or its
associated companies. Although X-on
routinely screens for viruses,
addressees should scan this email and
any attachments
for viruses. X-on makes no
representation or warranty as to the
absence of viruses in this email or any
attachments.
--
Manage your subscription for the
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info
on the project
*^0333 332 0000 | www.x-on.co.uk
<http://www.x-on.co.uk> |
_**_^<https://www.linkedin.com/company/x-on>
<https://www.facebook.com/XonTel>
<https://twitter.com/xonuk> *
X-on is a trading name of Storacall Technology Ltd a
limited company registered in England and Wales.
Registered Office : Avaland House, 110 London Road,
Apsley, Hemel Hempstead, Herts, HP3 9SD. Company
Registration No. 2578478.
The information in this e-mail is confidential and
for use by the addressee(s) only. If you are not the
intended recipient, please notify X-on immediately
on +44(0)333 332 0000 <tel:+44%20333%20332%200000>
and delete the
message from your computer. If you are not a named
addressee you must not use, disclose, disseminate,
distribute, copy, print or reply to this email.
Views or opinions expressed by an individual
within this email may not necessarily reflect the
views of X-on or its associated companies. Although
X-on routinely screens for viruses, addressees
should scan this email and any attachments
for viruses. X-on makes no representation or
warranty as to the absence of viruses in this email
or any attachments.
*^0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> |
_**_^<https://www.linkedin.com/company/x-on>
<https://www.facebook.com/XonTel> <https://twitter.com/xonuk> *
X-on is a trading name of Storacall Technology Ltd a limited
company registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley,
Hemel Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use
by the addressee(s) only. If you are not the intended
recipient, please notify X-on immediately on +44(0)333 332
0000 <tel:+44%20333%20332%200000> and delete the
message from your computer. If you are not a named addressee
you must not use, disclose, disseminate, distribute, copy,
print or reply to this email. Views or opinions expressed by
an individual
within this email may not necessarily reflect the views of
X-on or its associated companies. Although X-on routinely
screens for viruses, addressees should scan this email and
any attachments
for viruses. X-on makes no representation or warranty as to
the absence of viruses in this email or any attachments.