[Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address
Traiano Welcome
traiano at gmail.com
Fri Nov 7 17:10:09 UTC 2014
On Fri, Nov 7, 2014 at 7:22 PM, Petr Spacek <pspacek at redhat.com> wrote:
> On 7.11.2014 17:20, Traiano Welcome wrote:
>> Hi Petr
>>
>>
>>
>> On Fri, Nov 7, 2014 at 6:19 PM, Petr Spacek <pspacek at redhat.com> wrote:
>>> On 7.11.2014 14:08, Traiano Welcome wrote:
>>>> Hi List
>>>>
>>>> I'm trying to configure a replica for a primary freeipa IdM server
>>>> (both CentOS 7, AD trusts configured on primary), but "ipa-replica-install"
>>>> fails with the following error:
>>>> --
>>>> ipa-replica-install -d --setup-ca --setup-dns --no-forwarders
>>>> /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
>>>> .
>>>> .
>>>> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
>>>> IP network address
>>>> .
>>>> .
>>>> --
>>>>
>>>> For context, here is the full output from the replica-install command (I've
>>>> attached the full debug output):
>>>>
>>>> ---
>>>> [root at lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns
>>>> --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
>>>> WARNING: conflicting time&date synchronization service 'chronyd' will
>>>> be disabled in favor of ntpd
>>>>
>>>> Directory Manager (existing master) password:
>>>>
>>>> Run connection check to master
>>>> Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
>>>> Directory Service: Unsecure port (389): OK
>>>> Directory Service: Secure port (636): OK
>>>> Kerberos KDC: TCP (88): OK
>>>> Kerberos Kpasswd: TCP (464): OK
>>>> HTTP Server: Unsecure port (80): OK
>>>> HTTP Server: Secure port (443): OK
>>>>
>>>> The following list of ports use UDP protocol and would need to be
>>>> checked manually:
>>>> Kerberos KDC: UDP (88): SKIPPED
>>>> Kerberos Kpasswd: UDP (464): SKIPPED
>>>>
>>>> Connection from replica to master is OK.
>>>> Start listening on required ports for remote master check
>>>> Get credentials to log in to remote master
>>>> admin at IDM.LOCAL password:
>>>>
>>>> Check SSH connection to remote master
>>>> Execute check on remote master
>>>> Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
>>>> Directory Service: Unsecure port (389): OK
>>>> Directory Service: Secure port (636): OK
>>>> Kerberos KDC: TCP (88): OK
>>>> Kerberos KDC: UDP (88): OK
>>>> Kerberos Kpasswd: TCP (464): OK
>>>> Kerberos Kpasswd: UDP (464): OK
>>>> HTTP Server: Unsecure port (80): OK
>>>> HTTP Server: Secure port (443): OK
>>>>
>>>> Connection from master to replica is OK.
>>>>
>>>> Connection check OK
>>>> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
>>>> IP network address
>>>> [root at lolpr-idm-slve ipa]#
>>>>
>>>> ---
>>>>
>>>> Some things I've tested:
>>>>
>>>> 1. disable selinux (followed by reboot) - no change
>>>> 2. disable IPv6 (followed by reboot) - no change
>>>>
>>>> DNS resolution and IP checks seem fine:
>>>> ---
>>>>
>>>> [root at lolpr-idm-slve install]# hostname
>>>> lolpr-idm-slve.idm.local
>>>>
>>>>
>>>> [root at lolpr-idm-slve install]# ifconfig
>>>> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 172.16.100.222 netmask 255.255.255.255 broadcast
>>>> 172.16.100.222
>>>
>>> This is the cause: IP address on ens192 interface is 172.16.100.222/32.
>>>
>>> What is your environment? Is it some kind of weird container?
>>>
>>> Is it even valid configuration? :-) I don't recall any use case for 32-bit
>>> netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point
>>> to point links.
>>>
>>
>>
>> AFAIK, a /32 netmask designates a single address. Should be valid,
>> although I'm not sure how IPA's installutils.py handles that. ipcalc
>> says:
>>
>> ----
>> root at lol-dev:/opt/automation# ipcalc 172.16.100.222/32
>> Address: 172.16.100.222 10101100.00010000.01100100.11011110
>> Netmask: 255.255.255.255 = 32 11111111.11111111.11111111.11111111
>> Wildcard: 0.0.0.0 00000000.00000000.00000000.00000000
>> =>
>> Hostroute: 172.16.100.222 10101100.00010000.01100100.11011110
>> Hosts/Net: 1 Class B, Private Internet
>> ----
>>
>> Nice reference, seems to confirm this is a single host:
>> http://www.oav.net/mirrors/cidr.html
>
> Sure, but how you can communicate using this address? You need to assign an
> address to the other end too :-)
Doh! Thanks a ton, Petr. Time for me to lay off the coffee :-)
>
> It is still unclear to me what is your use case.
>
Simply to have a replica IdM server for clients to failover to should
the primary IdM server be unreachable. Which is working wonderfully
now ...
> Petr^2 Spacek
>
>>>
>>>> ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet)
>>>> RX packets 17964 bytes 1705674 (1.6 MiB)
>>>> RX errors 0 dropped 10 overruns 0 frame 0
>>>> TX packets 3772 bytes 595134 (581.1 KiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>> --
>>>>
>>>> /etc/hosts looks like this:
>>>>
>>>> --
>>>> 127.0.0.1 localhost localhost.localdomain localhost4
>>>> localhost4.localdomain4
>>>> 172.16.100.68 lolpr-idm-mstr.idm.local lolpr-idm-mstr
>>>> 172.16.100.222 lolpr-idm-slve.idm.local lolpr-idm-slve
>>>> 172.16.104.231 loltestdc001.loltestdc.com loltestdc001
>>>> --
>>>>
>>>> Host naming, forward and reverse resolution seems fine:
>>>>
>>>> ---
>>>> [root at lolpr-idm-slve install]#
>>>> [root at lolpr-idm-slve install]# host `hostname`
>>>> lolpr-idm-slve.idm.local has address 172.16.100.222
>>>> [root at lolpr-idm-slve install]#
>>>> [root at lolpr-idm-slve install]# host `hostname`^C
>>>> [root at lolpr-idm-slve install]# host `hostname`| cut -d " " -f 4| xargs
>>>> -Iname host name
>>>> 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local.
>>>> [root at lolpr-idm-slve install]#
>>>> ---
>>>>
>>>> I'd be thankful if anyone could shed a light on why this error is happening
>>>> and point me in the direction of a fix.
More information about the Freeipa-users
mailing list