<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<p>Please note that commits in #6766 will not fix this issue, the
issue is on dogtag side, please see
<a class="moz-txt-link-freetext" href="https://pagure.io/dogtagpki/issue/2646">https://pagure.io/dogtagpki/issue/2646</a><br>
</p>
Sorry for troubles<br>
<br>
<div class="moz-cite-prefix">On 18.05.2017 12:19, Callum Guy wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFjCFzk4QQNLahNW4GZjmiinNA8ckbQCbjUgAVybgYPzNchsbw@mail.gmail.com">
<div dir="ltr">Haha, looks like i'm going CA-less for a while on
the replica. I don't see any immediate requirement for one so
time to get on with my life!
<div><br>
</div>
<div>I'll post back if anything changes but I'm probably stuck
waiting for the upgrade too.. </div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Thu, May 18, 2017 at 11:01 AM Lachlan Musicman
<<a href="mailto:datakid@gmail.com" moz-do-not-send="true">datakid@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Sorry cobber. We only found 6766 today - we've
been tackling it on and off for a couple of weeks :)<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_-6042445632047873057gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>------<br>
"Mission Statement: To provide hope and
inspiration for collective action, to build
collective power, to achieve collective
transformation, rooted in grief and rage but
pointed towards vision and dreams."<br>
<br>
- Patrice Cullors, <i>Black Lives Matter
founder</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On 18 May 2017 at 19:53, Callum Guy
<span dir="ltr"><<a href="mailto:callum.guy@x-on.co.uk"
target="_blank" moz-do-not-send="true">callum.guy@x-on.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Ah, thanks for that Lachlan - its always
reassuring to hear that its not just me!
<div><br>
</div>
<div>As mentioned above I have it running without the
CA so that's a good start. I am sure we will upgrade
as well once 4.5 becomes stable and GA for CentOS.
I'm not expecting that to happen quickly so will
have to work with what we have for now.</div>
<div><br>
</div>
<div>Do you happen to know if there is any way to
build the CA component separately?</div>
</div>
<div class="m_-6042445632047873057HOEnZb">
<div class="m_-6042445632047873057h5"><br>
<div class="gmail_quote">
<div dir="ltr">On Thu, May 18, 2017 at 10:38 AM
Lachlan Musicman <<a
href="mailto:datakid@gmail.com"
target="_blank" moz-do-not-send="true">datakid@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">
<div><a
href="https://pagure.io/freeipa/issue/6766"
target="_blank" moz-do-not-send="true">https://pagure.io/freeipa/issue/6766</a><br>
<br>
</div>
4.5.1 - I stand corrected. Can add more
tomorrow.<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div
class="m_-6042445632047873057m_-9063019905900127394m_-5443766533895829456gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>------<br>
"Mission Statement: To provide
hope and inspiration for
collective action, to build
collective power, to achieve
collective transformation,
rooted in grief and rage but
pointed towards vision and
dreams."<br>
<br>
- Patrice Cullors, <i>Black
Lives Matter founder</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On 18 May 2017 at
19:34, Lachlan Musicman <span dir="ltr"><<a
href="mailto:datakid@gmail.com"
target="_blank" moz-do-not-send="true">datakid@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>We are seeing this. I'm not at
work, but I think it's bug report
6766. <br>
<br>
</div>
Patch has already been committed
(bot by us), we're waiting for IPA
4.5.<br>
<br>
</div>
cheers<br>
</div>
L.<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div
class="m_-6042445632047873057m_-9063019905900127394m_-5443766533895829456m_7779000947175413228gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>------<br>
"Mission Statement: To
provide hope and
inspiration for
collective action, to
build collective power,
to achieve collective
transformation, rooted
in grief and rage but
pointed towards vision
and dreams."<br>
<br>
- Patrice Cullors, <i>Black
Lives Matter founder</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div>
<div
class="m_-6042445632047873057m_-9063019905900127394m_-5443766533895829456h5">On
18 May 2017 at 18:57, Callum Guy <span
dir="ltr"><<a
href="mailto:callum.guy@x-on.co.uk"
target="_blank"
moz-do-not-send="true">callum.guy@x-on.co.uk</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<div
class="m_-6042445632047873057m_-9063019905900127394m_-5443766533895829456h5">
<div dir="ltr">
<div>Hi All,</div>
<div><br>
</div>
<div>I am currently stuck
trying to setup the first
replica of our master IPA
server. I have tried a
number of different
approaches including
escalating from a client and
nothing is working for me. I
perform a full OS reset each
time I get stuck.</div>
<div><br>
</div>
<div>I'm running CentOS 7.2
with the FreeIPA 4.4.0 (rpm
-q reports this version
however having performed
ipa-server-upgrade - does
this mean i'm on 4.4.4?).</div>
<div><br>
</div>
<div>The command is shown
below - note that i am
skipping the conn check as
my platforms security
settings do not allow the
SSH session to be
established back on the
master, all ports should be
available to the application
however.</div>
<div><br>
</div>
<div>[root@ipa2 ~]#
ipa-replica-install
--ip-address=172.24.0.101
--setup-ca --setup-dns
--skip-conncheck
--no-forwarders SITE.net.gpg</div>
<div><br>
</div>
<div>Directory Manager
(existing master) password:</div>
<div><br>
</div>
<div>ipa : ERROR
Could not resolve hostname
<a
href="http://ipa2.SITE.net"
target="_blank"
moz-do-not-send="true">ipa2.SITE.net</a>
usis check queries IPA DNS
directly and ignores
/etc/hosts.)</div>
<div>Continue? [no]: yes</div>
<div>Configuring NTP daemon
(ntpd)</div>
<div> [1/4]: stopping ntpd</div>
<div> [2/4]: writing
configuration</div>
<div> [3/4]: configuring ntpd
to start on boot</div>
<div> [4/4]: starting ntpd</div>
<div>Done configuring NTP
daemon (ntpd).</div>
<div>Configuring directory
server (dirsrv). Estimated
time: 1 minute</div>
<div> [1/42]: creating
directory server user</div>
<div> [2/42]: creating
directory server instance</div>
<div> [3/42]: updating
configuration in dse.ldif</div>
<div> [4/42]: restarting
directory server</div>
<div> [5/42]: adding default
schema</div>
<div> [6/42]: enabling
memberof plugin</div>
<div> [7/42]: enabling
winsync plugin</div>
<div> [8/42]: configuring
replication version plugin</div>
<div> [9/42]: enabling IPA
enrollment plugin</div>
<div> [10/42]: enabling ldapi</div>
<div> [11/42]: configuring
uniqueness plugin</div>
<div> [12/42]: configuring
uuid plugin</div>
<div> [13/42]: configuring
modrdn plugin</div>
<div> [14/42]: configuring
DNS plugin</div>
<div> [15/42]: enabling
entryUSN plugin</div>
<div> [16/42]: configuring
lockout plugin</div>
<div> [17/42]: configuring
topology plugin</div>
<div> [18/42]: creating
indices</div>
<div> [19/42]: enabling
referential integrity plugin</div>
<div> [20/42]: configuring
ssl for ds instance</div>
<div> [21/42]: configuring
certmap.conf</div>
<div> [22/42]: configure
autobind for root</div>
<div> [23/42]: configure new
location for managed entries</div>
<div> [24/42]: configure
dirsrv ccache</div>
<div> [25/42]: enabling SASL
mapping fallback</div>
<div> [26/42]: restarting
directory server</div>
<div> [27/42]: setting up
initial replication</div>
<div>Starting replication,
please wait until this has
completed.</div>
<div>Update in progress, 4
seconds elapsed</div>
<div>Update succeeded</div>
<div><br>
</div>
<div> [28/42]: adding sasl
mappings to the directory</div>
<div> [29/42]: updating
schema</div>
<div> [30/42]: setting Auto
Member configuration</div>
<div> [31/42]: enabling
S4U2Proxy delegation</div>
<div> [32/42]: importing CA
certificates from LDAP</div>
<div> [33/42]: initializing
group membership</div>
<div> [34/42]: adding master
entry</div>
<div> [35/42]: initializing
domain level</div>
<div> [36/42]: configuring
Posix uid/gid generation</div>
<div> [37/42]: adding
replication acis</div>
<div> [38/42]: enabling
compatibility plugin</div>
<div> [39/42]: activating
sidgen plugin</div>
<div> [40/42]: activating
extdom plugin</div>
<div> [41/42]: tuning
directory server</div>
<div> [42/42]: configuring
directory to start on boot</div>
<div>Done configuring
directory server (dirsrv).</div>
<div>Configuring certificate
server (pki-tomcatd).
Estimated time: 3 minutes 30
seconds</div>
<div> [1/27]: creating
certificate server user</div>
<div> [2/27]: configuring
certificate server instance</div>
<div> [3/27]: stopping
certificate server instance
to update CS.cfg</div>
<div> [4/27]: backing up
CS.cfg</div>
<div> [5/27]: disabling
nonces</div>
<div> [6/27]: set up CRL
publishing</div>
<div> [7/27]: enable PKIX
certificate path discovery
and validation</div>
<div> [8/27]: starting
certificate server instance</div>
<div><br>
</div>
<div>And here is stays and
refuses to move on. The
ipareplica-install.log log
reports:</div>
<div>
<div>2017-05-18T08:40:07Z
DEBUG wait_for_open_ports:
localhost [8080, 8443]
timeout 300</div>
<div>2017-05-18T08:40:09Z
DEBUG Waiting until the CA
is running</div>
<div>2017-05-18T08:40:09Z
DEBUG request POST <a
href="http://ipa2.SITE.net:8080/ca/admin/ca/getStatus"
target="_blank"
moz-do-not-send="true">http://ipa2.SITE.net:8080/ca/admin/ca/getStatus</a></div>
<div>2017-05-18T08:40:09Z
DEBUG request body ''</div>
</div>
<div><br>
</div>
<div>I have tried and that
port is indeed inaccessible
but I can't establish a way
to progress this issue from
any of the the other log
files. Also I have seen in
the 4.4.4 release notes that
IPv6 being disabled on the
master can cause issues,
re-enabling (at least in
/etc/hosts) did not seem to
help.</div>
<div><br>
</div>
<div>If anyone is able to
offer ideas that would be
very much appreciated. I am
tempted to remove the
--setup-ca option to see if
this helps.</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Callum</div>
<div><br>
</div>
</div>
<br>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:justify"><font
size="3" face="Verdana"><span
style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></font></p>
<img
src="http://www.x-on.co.uk/email/footer/banner-surgeryconnect-may.jpg"
moz-do-not-send="true"><br>
<p><font size="4"><span
style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><b><sup><font
face="Verdana">0333
332 0000 | <a
href="http://www.x-on.co.uk"
target="_blank"
moz-do-not-send="true">www.x-on.co.uk</a>
| <sub> </sub></font></sup></b></font><font
size="4"><b><sub><sup><font
face="Verdana"><a
href="https://www.linkedin.com/company/x-on"
target="_blank"
moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/linkedin.png"
moz-do-not-send="true"
width="24"
height="24"></a>
<a
href="https://www.facebook.com/XonTel"
target="_blank"
moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/facebook.png"
moz-do-not-send="true"
width="24"
height="24"></a>
<a
href="https://twitter.com/xonuk"
target="_blank"
moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/twitter.png"
moz-do-not-send="true"
width="24"
height="24"></a></font></sup></sub>
</b></font>
<span
style="font-size:6.0pt;font-family:Verdana;color:black"><br>
X-on
is a trading name of
Storacall Technology Ltd a
limited company registered
in
England and Wales.<br>
Registered Office : Avaland
House, 110 London Road,
Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company
Registration No. 2578478.<br>
The information in this
e-mail is confidential and
for use by the addressee(s)
only. If you are not the
intended recipient, please
notify X-on immediately on <span><a
href="tel:+44%20333%20332%200000" value="+443333320000" target="_blank"
moz-do-not-send="true">+44(0)333
332 0000</a></span> and
delete the<br>
message from your computer.
If you are not a named
addressee you must not use,
disclose, disseminate,
distribute, copy, print or
reply to this email. </span><span
style="font-size:6.0pt;font-family:Verdana;color:black">Views
or opinions expressed by an
individual<br>
within this email may not
necessarily
reflect the views of X-on or
its associated companies.
Although X-on routinely
screens for viruses,
addressees should scan this
email and any attachments<br>
for
viruses. X-on makes no
representation or warranty
as to the absence of viruses
in this email or any
attachments.</span></p>
<p><span
style="font-size:6.0pt;font-family:Verdana;color:black"></span><font
size="2"><span
style="font-size:6.0pt;font-family:Verdana;color:black"></span></font></p>
<br>
</div>
</div>
<span
class="m_-6042445632047873057m_-9063019905900127394m_-5443766533895829456HOEnZb"><font
color="#888888">--<br>
Manage your subscription for the
Freeipa-users mailing list:<br>
<a
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a
href="http://freeipa.org"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://freeipa.org</a>
for more info on the project<br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:justify"><font
size="3" face="Verdana"><span
style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></font></p>
<img
src="http://www.x-on.co.uk/email/footer/banner-surgeryconnect-may.jpg"
moz-do-not-send="true"><br>
<p><font size="4"><span
style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><b><sup><font
face="Verdana">0333 332 0000 | <a
href="http://www.x-on.co.uk"
target="_blank" moz-do-not-send="true">www.x-on.co.uk</a>
| <sub> </sub></font></sup></b></font><font
size="4"><b><sub><sup><font face="Verdana"><a
href="https://www.linkedin.com/company/x-on"
target="_blank" moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/linkedin.png"
moz-do-not-send="true" width="24"
height="24"></a> <a
href="https://www.facebook.com/XonTel"
target="_blank" moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/facebook.png"
moz-do-not-send="true" width="24"
height="24"></a> <a
href="https://twitter.com/xonuk"
target="_blank" moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/twitter.png"
moz-do-not-send="true" width="24"
height="24"></a></font></sup></sub>
</b></font>
<span
style="font-size:6.0pt;font-family:Verdana;color:black"><br>
X-on
is a trading name of Storacall Technology Ltd a
limited company registered in
England and Wales.<br>
Registered Office : Avaland House, 110 London
Road, Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration No.
2578478.<br>
The information in this e-mail is confidential
and for use by the addressee(s)
only. If you are not the intended recipient,
please notify X-on immediately on <span><a
href="tel:+44%20333%20332%200000"
value="+443333320000" target="_blank"
moz-do-not-send="true">+44(0)333 332 0000</a></span>
and delete the<br>
message from your computer. If you are not a
named addressee you must not use,
disclose, disseminate, distribute, copy, print
or reply to this email. </span><span
style="font-size:6.0pt;font-family:Verdana;color:black">Views
or opinions expressed by an individual<br>
within this email may not necessarily
reflect the views of X-on or its associated
companies. Although X-on routinely
screens for viruses, addressees should scan this
email and any attachments<br>
for
viruses. X-on makes no representation or
warranty as to the absence of viruses
in this email or any attachments.</span></p>
<p><span
style="font-size:6.0pt;font-family:Verdana;color:black"></span><font
size="2"><span
style="font-size:6.0pt;font-family:Verdana;color:black"></span></font></p>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:justify"><font
size="3" face="Verdana"><span
style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></font></p>
<img
src="http://www.x-on.co.uk/email/footer/banner-surgeryconnect-may.jpg"
moz-do-not-send="true"><br>
<p><font size="4"><span
style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><b><sup><font
face="Verdana">0333 332 0000 | <a
href="http://www.x-on.co.uk" target="_blank"
moz-do-not-send="true">www.x-on.co.uk</a> | <sub> </sub></font></sup></b></font><font
size="4"><b><sub><sup><font face="Verdana"><a
href="https://www.linkedin.com/company/x-on"
target="_blank" moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/linkedin.png"
moz-do-not-send="true" width="24" height="24"></a>
<a href="https://www.facebook.com/XonTel"
target="_blank" moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/facebook.png"
moz-do-not-send="true" width="24" height="24"></a>
<a href="https://twitter.com/xonuk" target="_blank"
moz-do-not-send="true"><img
src="http://www.x-on.co.uk//images/icon/twitter.png"
moz-do-not-send="true" width="24" height="24"></a></font></sup></sub>
</b></font>
<span style="font-size:6.0pt;font-family:Verdana;color:black"><br>
X-on
is a trading name of Storacall Technology Ltd a limited
company registered in
England and Wales.<br>
Registered Office : Avaland House, 110 London Road, Apsley,
Hemel Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.<br>
The information in this e-mail is confidential and for use by
the addressee(s)
only. If you are not the intended recipient, please notify
X-on immediately on <span>+44(0)333 332 0000</span> and
delete the<br>
message from your computer. If you are not a named addressee
you must not use,
disclose, disseminate, distribute, copy, print or reply to
this email. </span><span
style="font-size:6.0pt;font-family:Verdana;color:black">Views
or opinions expressed by an individual<br>
within this email may not necessarily
reflect the views of X-on or its associated companies.
Although X-on routinely
screens for viruses, addressees should scan this email and any
attachments<br>
for
viruses. X-on makes no representation or warranty as to the
absence of viruses
in this email or any attachments.</span></p>
<p><span style="font-size:6.0pt;font-family:Verdana;color:black"></span><font
size="2"><span
style="font-size:6.0pt;font-family:Verdana;color:black"></span></font></p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Martin Bašti
Software Engineer
Red Hat Czech</pre>
</body>
</html>