[Freeipa-users] Fedora 18 + FreeIPA 3.1
Dale Macartney
dale at themacartneyclan.com
Thu Jan 3 01:18:48 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/02/2013 12:42 AM, Rob Crittenden wrote:
> Dale Macartney wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On 01/01/2013 11:42 PM, Rob Crittenden wrote:
>>> Dale Macartney wrote:
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>
>>>> On 12/29/2012 06:38 PM, Rob Crittenden wrote:
>>>>> Dale Macartney wrote:
>>>>>>
>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>> Hash: SHA1
>>>>>>
>>>>>> Afternoon all
>>>>>>
>>>>>> using Fedora 18 Beta and attempting to install FreeIPA 3.1
>>>>>>
>>>>>> when running through the install of "ipa-server-install
--setup-dns" I
>>>>>> end up with a failure with the below output
>>>>>>
>>>>>>
>>>>>> [root at ds01 ~]# ipa-server-install --setup-dns
>>>>>> .....
>>>>>> .....
>>>>>> Done configuring directory server (dirsrv).
>>>>>> Configuring certificate server (pki-tomcatd): Estimated time 3
minutes
>>>>>> 30 seconds
>>>>>> [1/20]: creating certificate server user
>>>>>> [2/20]: configuring certificate server instance
>>>>>> [3/20]: disabling nonces
>>>>>> [4/20]: creating RA agent certificate database
>>>>>> [5/20]: importing CA chain to RA certificate database
>>>>>> [6/20]: fixing RA database permissions
>>>>>> [7/20]: setting up signing cert profile
>>>>>> [8/20]: set up CRL publishing
>>>>>> [9/20]: set certificate subject base
>>>>>> [10/20]: enabling Subject Key Identifier
>>>>>> [11/20]: enabling CRL and OCSP extensions for certificates
>>>>>> [12/20]: setting audit signing renewal to 2 years
>>>>>> [13/20]: configuring certificate server to start on boot
>>>>>> [14/20]: restarting certificate server
>>>>>> [15/20]: requesting RA certificate from CA
>>>>>> [16/20]: issuing RA agent certificate
>>>>>> Unexpected error - see /var/log/ipaserver-install.log for details:
>>>>>> CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p
>>>>>> XXXXXXXX -d /tmp/tmp-kUFAyN -r /ca/agent/ca/profileReview?requestId=7
>>>>>> ds01.domain.com:8443' returned non-zero exit status 6
>>>>>>
>>>>>>
>>>>>> there is absolutely nothing in any logs at all apart from a few
selinux
>>>>>> audit logs (system running in permissive mode).
>>>>>>
>>>>>> Any thoughts?
>>>>>
>>>>> This usually means a problem with DNS.
>>>> Hmm... normally I set a dns forwarder of 10.0.0.254... This time I
tried
>>>> it with no forwarder at all... Same error occurs...
>>>
>>> Not really sure. The errors out of sslget are not particularly helpful.
>>>
>>> I'd check /etc/hosts to be sure it is sane, and perhaps dig/host to be
>> sure that the forward and reverse entries match up.
>> that'll teach me for using non-kickstarted systems...
>>
>> error is caused by mis or unconfigured /etc/hosts
>
> It's hard to programmatically check for some things but I was pretty
sure we did some /etc/hosts sanity checking. What was the problem, and I
guess more importantly, is it something we can/should check for prior to
starting the install?
so.. i've just deployed a new guest to test it..
with no entries in /etc/hosts with the exception of localhost... the
below appears as part of the ipa-server-install process.. (i am using
"ipa-server-install --setup-dns)
Server host name [ds01.domain.com]:
Warning: skipping DNS resolution of host ds01.domain.com
The domain name has been determined based on the host name.
Please confirm the domain name [domain.com]:
The server hostname resolves to more than one address:
fe80::21a:4aff:fe00:a8%eth0
10.0.3.11
Please provide the IP address to be used for this host name: 10.0.3.11
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [DOMAIN.COM]:
If I configure the host details in /etc/hosts.... (10.0.3.11
ds01.domain.com ds01), then the above selection process is not prompted....
so in short.... no hosts file config = no can has IPA install...
is the above selection process meant to be configuring /etc/hosts by any
chance?
>
> thanks
>
> rob
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBAgAGBQJQ5Nx2AAoJEAJsWS61tB+qgFEQAKzL0V/Se3ci5+CUoExsYx2k
5z393OC734hhtkbxY+35BNjcjICfZGn49KHtevfA2DuZLIsyG1PvhynwZidr67Ci
BX72Ye1JcAhxD0iMOncO3mC6aCODfdva12kDCxUQXbGt8WOcSHQtinuSsx9oYyjM
HaMRxuGdzNcDVNRTOMRfwHWgZJwf6N7iM47pP3BPw4yCbCi+lBGaot43EQgVUVWS
ZWrZhZ2y8m+Bz9lMSk/0M1HZtwYCLgMmg+DcNHr3z0wjdaW5NEX9eRPbuPdx6DiI
BVl4s2Z4JBue8AurcNth0XD0uAynG62hsTNIxU5xL4n9chILaV7xz9bZ6epdWnWv
UAM1zwkDj/yyWAucIQGSu3IC96gCfopxWBlFNMveRP1IDt71iqada99J+T0/FQaL
aFy3e7rzIn8PpNu92Xh9kR5TcBKow+bLj5Q4YBwkI+SXNIxhpKk7EPbThc1siZfq
heZQPPFUuAV8omYGJY7jwF0XJv1MWfAhv/V62Jn2+OuV457o5qNrA59hHmI+S8d0
7JbQI06KcBZqI9Kmo9bc1FdxLbYM450m1eK7aYCIPlMvZ7mIGefhVnfcM9IdxPm/
1RpIVUgqu2VOR9ir7WBffCXul/awwl+f6RYzpsYQwK8YOgG0sdUKt28aeI/89+14
KOQiJm5E5rCDv8Ywx62P
=1l7O
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 8187 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130103/a466a8d3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130103/a466a8d3/attachment.sig>
More information about the Freeipa-users
mailing list