[Freeipa-users] Trouble with replica install

Petr Spacek pspacek at redhat.com
Mon Dec 16 11:38:26 UTC 2013 

On 16.12.2013 10:55, Les Stott wrote:
> Sorry, when I said "selinux is in permissive mode, but it's the same as on the master server, so it should be the issue." It should have read as "selinux is in permissive mode, but it's the same as on the master server, so it should NOT be the issue."
>
> Les
>
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Les Stott
> Sent: Monday, 16 December 2013 8:47 PM
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] Trouble with replica install
>
> Hi,
>
> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
> Already setup master server, now trying to install replica (which I've done before and its worked fine).
>
> The replica install gets all the way to the end but errors out. For the most part, it looks like it is complete, but I want to be sure there are no lingering issues.
>
> The error I see in the log is...(domain and ip's changed)
>
> ------------------------
> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
> Realm: MYDOMAIN.COM
> DNS Domain: mydomain.com
> IPA Server: replica.mydomain.com
> BaseDN: dc=mydomain,dc=com
> Domain mydomain.com is already configured in existing SSSD config, creating a new one.
> The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
> Configured /etc/sssd/sssd.conf
> trying https://replica.mydomain.com/ipa/xml
> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
> Traceback (most recent call last):
>    File "/usr/sbin/ipa-client-install", line 2377, in <module>
>      sys.exit(main())
>    File "/usr/sbin/ipa-client-install", line 2363, in main
>      rval = install(options, env, fstore, statestore)
>    File "/usr/sbin/ipa-client-install", line 2167, in install
>      remote_env = api.Command['env'](server=True)['result']
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
>      ret = self.run(*args, **options)
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run
>      return self.forward(*args, **options)
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in forward
>      return self.Backend.xmlclient.forward(self.name, *args, **kw)
>    File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
>      raise NetworkError(uri=server, error=e.errmsg)

> ipalib.errors.NetworkError: cannot connect to u'https://replica.mydomain.com/ipa/xml': Internal Server Error

Please look into /var/log/httpd/errors.log on server replica.mydomain.com and 
check error messages there.

Petr^2 Spacek

>
> 2013-12-16T09:26:50Z INFO   File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-replica-install", line 527, in main
>      raise RuntimeError("Failed to configure the client")
>
> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: RuntimeError: Failed to configure the client
> -------------------
>
> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml
>
> I can login to the gui and it seems ok, but I'm rolling this into production so I've got to get it right.
>
> I'm hoping this is just some bug because its an older freeipa on redhat (minimal install) etc. selinux is in permissive mode, but it's the same as on the master server, so it should be the issue.
>
> Is this error critical? How can I fix it?
>
> Thanks in advance,
>
> Les

More information about the Freeipa-users mailing list