[Freeipa-users] Trouble with replica install

Les Stott Less at imagine-sw.com
Mon Dec 16 12:44:34 UTC 2013 

Petr,

The below was the error from apache error logs....

> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml

Other lines in the /var/log/httpd/error log at the same time...

[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0

Regards,

Les

________________________________________
From: Petr Spacek [pspacek at redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install

On 16.12.2013 10:55, Les Stott wrote:
> Sorry, when I said "selinux is in permissive mode, but it's the same as on the master server, so it should be the issue." It should have read as "selinux is in permissive mode, but it's the same as on the master server, so it should NOT be the issue."
>
> Les
>
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Les Stott
> Sent: Monday, 16 December 2013 8:47 PM
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] Trouble with replica install
>
> Hi,
>
> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
> Already setup master server, now trying to install replica (which I've done before and its worked fine).
>
> The replica install gets all the way to the end but errors out. For the most part, it looks like it is complete, but I want to be sure there are no lingering issues.
>
> The error I see in the log is...(domain and ip's changed)
>
> ------------------------
> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
> Realm: MYDOMAIN.COM
> DNS Domain: mydomain.com
> IPA Server: replica.mydomain.com
> BaseDN: dc=mydomain,dc=com
> Domain mydomain.com is already configured in existing SSSD config, creating a new one.
> The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
> Configured /etc/sssd/sssd.conf
> trying https://replica.mydomain.com/ipa/xml
> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
> Traceback (most recent call last):
>    File "/usr/sbin/ipa-client-install", line 2377, in <module>
>      sys.exit(main())
>    File "/usr/sbin/ipa-client-install", line 2363, in main
>      rval = install(options, env, fstore, statestore)
>    File "/usr/sbin/ipa-client-install", line 2167, in install
>      remote_env = api.Command['env'](server=True)['result']
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
>      ret = self.run(*args, **options)
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run
>      return self.forward(*args, **options)
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in forward
>      return self.Backend.xmlclient.forward(self.name, *args, **kw)
>    File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
>      raise NetworkError(uri=server, error=e.errmsg)

> ipalib.errors.NetworkError: cannot connect to u'https://replica.mydomain.com/ipa/xml': Internal Server Error

Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
check error messages there.

Petr^2 Spacek

>
> 2013-12-16T09:26:50Z INFO   File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-replica-install", line 527, in main
>      raise RuntimeError("Failed to configure the client")
>
> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: RuntimeError: Failed to configure the client
> -------------------
>
> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml
>
> I can login to the gui and it seems ok, but I'm rolling this into production so I've got to get it right.
>
> I'm hoping this is just some bug because its an older freeipa on redhat (minimal install) etc. selinux is in permissive mode, but it's the same as on the master server, so it should be the issue.
>
> Is this error critical? How can I fix it?
>
> Thanks in advance,
>
> Les

More information about the Freeipa-users mailing list