[Freeipa-users] Configuring IPA replicas
Rob Crittenden
rcritten at redhat.com
Mon Jun 13 19:54:49 UTC 2011
Sigbjorn Lie wrote:
> On 06/13/2011 07:24 PM, Rob Crittenden wrote:
>> Sigbjorn Lie wrote:
>>> On 06/13/2011 04:41 PM, Ade Lee wrote:
>>>> Hi,
>>>>
>>>> The replica installation is failing when the replica attempts to
>>>> contact
>>>> the CA on the master to log into the security domain. According to your
>>>> log, this is https://ipa01.ix.test.com:9445
>>>>
>>>> Can the master be resolved and reached from the replica? Can port 9445
>>>> be reached (as well as ports 9444 and 9443?)
>>>>
>>>> You can also check the master's /var/log/pki-ca/debug log to see if any
>>>> communication was received from the replica.
>>>>
>>>
>>> There was an additional DNS A record added to the existing IPA server
>>> hostname! This additional DNS A record pointed at the IP address of the
>>> replica IPA server I'm attempting to configure! I removed this A record
>>> and the replica installed successfully.
>>>
>>> When I initially ran the ipa-replica-prepare command, I added the
>>> "--ip-address" option to get the DNS records for this host created. (I
>>> have a seperate dns domain for the IPA environment.) In this process
>>> ipa-replica-prepare created an additional reverse zone on the server.
>>> (The new ipa replica resides on a subnet which sits at a AD DNS server,
>>> but it's still resolvable from the IPA dns servers).
>>>
>>> After the replica finished I tried to run the ipa-replica-prepare
>>> command again with a new hostname, and adding an IP address using
>>> --ip-address on a subnet not known to the IPA DNS. The same error was
>>> re-produced, the DNS A record was added to the master IPA server.
>>>
>>> I would also like to note that I cannot see the second DNS entry using
>>> the web gui, only using "ipa dnsrecord-find". Bug opened in bugzilla for
>>> ipa-replica-prepare:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=712920
>>
>> Adding the record has already been fixed upstream,
>> https://bugzilla.redhat.com/show_bug.cgi?id=704012
>
> Excellent, Thanks. I assume this is coming to freeipa in F15 as well at
> some point?
I'm hoping to do another 2.0 bug fux release in the next couple of weeks.
rob
More information about the Freeipa-users
mailing list