[Freeipa-users] Trouble with replica install

Martin Kosek mkosek at redhat.com
Thu Jan 2 16:46:55 UTC 2014 

Hello Les,

Did you manage to resolve the issue? I just got to it after the Christmas
break. Reading few resources online, this error seems to come of a
misconfigured httpd when for example mod_authz_groupfile.so or
mod_authz_user.so Apache modules are not loaded (I have them loaded in
/etc/httpd/conf.modules.d/00-base.conf).

Did you modify httpd configuration before you run ipa-replica-install in any way?

Martin

On 12/16/2013 01:44 PM, Les Stott wrote:
> Petr,
> 
> The below was the error from apache error logs....
> 
>> Apache logs the following error at the same time...
>>
>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml
> 
> Other lines in the /var/log/httpd/error log at the same time...
> 
> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml
> [Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
> [Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
> 
> Regards,
> 
> Les
> 
> ________________________________________
> From: Petr Spacek [pspacek at redhat.com]
> Sent: Monday, December 16, 2013 10:38 PM
> To: Les Stott; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Trouble with replica install
> 
> On 16.12.2013 10:55, Les Stott wrote:
>> Sorry, when I said "selinux is in permissive mode, but it's the same as on the master server, so it should be the issue." It should have read as "selinux is in permissive mode, but it's the same as on the master server, so it should NOT be the issue."
>>
>> Les
>>
>> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Les Stott
>> Sent: Monday, 16 December 2013 8:47 PM
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] Trouble with replica install
>>
>> Hi,
>>
>> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
>> Already setup master server, now trying to install replica (which I've done before and its worked fine).
>>
>> The replica install gets all the way to the end but errors out. For the most part, it looks like it is complete, but I want to be sure there are no lingering issues.
>>
>> The error I see in the log is...(domain and ip's changed)
>>
>> ------------------------
>> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
>> Realm: MYDOMAIN.COM
>> DNS Domain: mydomain.com
>> IPA Server: replica.mydomain.com
>> BaseDN: dc=mydomain,dc=com
>> Domain mydomain.com is already configured in existing SSSD config, creating a new one.
>> The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
>> Configured /etc/sssd/sssd.conf
>> trying https://replica.mydomain.com/ipa/xml
>> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
>> Traceback (most recent call last):
>>    File "/usr/sbin/ipa-client-install", line 2377, in <module>
>>      sys.exit(main())
>>    File "/usr/sbin/ipa-client-install", line 2363, in main
>>      rval = install(options, env, fstore, statestore)
>>    File "/usr/sbin/ipa-client-install", line 2167, in install
>>      remote_env = api.Command['env'](server=True)['result']
>>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
>>      ret = self.run(*args, **options)
>>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run
>>      return self.forward(*args, **options)
>>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in forward
>>      return self.Backend.xmlclient.forward(self.name, *args, **kw)
>>    File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
>>      raise NetworkError(uri=server, error=e.errmsg)
> 
>> ipalib.errors.NetworkError: cannot connect to u'https://replica.mydomain.com/ipa/xml': Internal Server Error
> 
> Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
> check error messages there.
> 
> Petr^2 Spacek
> 
>>
>> 2013-12-16T09:26:50Z INFO   File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script
>>      return_value = main_function()
>>
>>    File "/usr/sbin/ipa-replica-install", line 527, in main
>>      raise RuntimeError("Failed to configure the client")
>>
>> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: RuntimeError: Failed to configure the client
>> -------------------
>>
>> Apache logs the following error at the same time...
>>
>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  couldn't check access.  No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml
>>
>> I can login to the gui and it seems ok, but I'm rolling this into production so I've got to get it right.
>>
>> I'm hoping this is just some bug because its an older freeipa on redhat (minimal install) etc. selinux is in permissive mode, but it's the same as on the master server, so it should be the issue.
>>
>> Is this error critical? How can I fix it?
>>
>> Thanks in advance,
>>
>> Les
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list