[Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address

Traiano Welcome traiano at gmail.com
Fri Nov 7 16:20:37 UTC 2014 

Hi Petr



On Fri, Nov 7, 2014 at 6:19 PM, Petr Spacek <pspacek at redhat.com> wrote:
> On 7.11.2014 14:08, Traiano Welcome wrote:
>> Hi List
>>
>> I'm trying to configure a replica for a primary freeipa IdM server
>> (both CentOS 7, AD trusts configured on primary), but "ipa-replica-install"
>> fails with the following error:
>> --
>>  ipa-replica-install -d  --setup-ca --setup-dns --no-forwarders
>> /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
>> .
>> .
>> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
>> IP network address
>> .
>> .
>> --
>>
>> For context, here is the full output from the replica-install command (I've
>> attached the full debug output):
>>
>> ---
>> [root at lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns
>> --no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
>> WARNING: conflicting time&date synchronization service 'chronyd' will
>> be disabled in favor of ntpd
>>
>> Directory Manager (existing master) password:
>>
>> Run connection check to master
>> Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
>>    Directory Service: Unsecure port (389): OK
>>    Directory Service: Secure port (636): OK
>>    Kerberos KDC: TCP (88): OK
>>    Kerberos Kpasswd: TCP (464): OK
>>    HTTP Server: Unsecure port (80): OK
>>    HTTP Server: Secure port (443): OK
>>
>> The following list of ports use UDP protocol and would need to be
>> checked manually:
>>    Kerberos KDC: UDP (88): SKIPPED
>>    Kerberos Kpasswd: UDP (464): SKIPPED
>>
>> Connection from replica to master is OK.
>> Start listening on required ports for remote master check
>> Get credentials to log in to remote master
>> admin at IDM.LOCAL password:
>>
>> Check SSH connection to remote master
>> Execute check on remote master
>> Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
>>    Directory Service: Unsecure port (389): OK
>>    Directory Service: Secure port (636): OK
>>    Kerberos KDC: TCP (88): OK
>>    Kerberos KDC: UDP (88): OK
>>    Kerberos Kpasswd: TCP (464): OK
>>    Kerberos Kpasswd: UDP (464): OK
>>    HTTP Server: Unsecure port (80): OK
>>    HTTP Server: Secure port (443): OK
>>
>> Connection from master to replica is OK.
>>
>> Connection check OK
>> Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
>> IP network address
>> [root at lolpr-idm-slve ipa]#
>>
>> ---
>>
>> Some things I've tested:
>>
>> 1. disable  selinux (followed by reboot) - no change
>> 2. disable IPv6 (followed by reboot) - no change
>>
>> DNS resolution and IP checks seem fine:
>> ---
>>
>> [root at lolpr-idm-slve install]# hostname
>> lolpr-idm-slve.idm.local
>>
>>
>> [root at lolpr-idm-slve install]# ifconfig
>> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>         inet 172.16.100.222  netmask 255.255.255.255  broadcast
>> 172.16.100.222
>
> This is the cause: IP address on ens192 interface is 172.16.100.222/32.
>
> What is your environment? Is it some kind of weird container?
>
> Is it even valid configuration? :-) I don't recall any use case for 32-bit
> netmask. As far as I remember 31-bit netmask is allowed by RFC 3021 for point
> to point links.
>


AFAIK, a /32 netmask designates a single address. Should be valid,
although I'm not sure how IPA's installutils.py handles that. ipcalc
says:

----
root at lol-dev:/opt/automation# ipcalc 172.16.100.222/32
Address:   172.16.100.222       10101100.00010000.01100100.11011110
Netmask:   255.255.255.255 = 32 11111111.11111111.11111111.11111111
Wildcard:  0.0.0.0              00000000.00000000.00000000.00000000
=>
Hostroute: 172.16.100.222       10101100.00010000.01100100.11011110
Hosts/Net: 1                     Class B, Private Internet
----

Nice reference, seems to confirm this is a single host:
http://www.oav.net/mirrors/cidr.html






> Petr^2 Spacek
>
>>         ether 00:50:56:9c:1e:60  txqueuelen 1000  (Ethernet)
>>         RX packets 17964  bytes 1705674 (1.6 MiB)
>>         RX errors 0  dropped 10  overruns 0  frame 0
>>         TX packets 3772  bytes 595134 (581.1 KiB)
>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>> --
>>
>> /etc/hosts looks like this:
>>
>> --
>> 127.0.0.1   localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> 172.16.100.68   lolpr-idm-mstr.idm.local        lolpr-idm-mstr
>> 172.16.100.222  lolpr-idm-slve.idm.local        lolpr-idm-slve
>> 172.16.104.231  loltestdc001.loltestdc.com      loltestdc001
>> --
>>
>> Host naming, forward and reverse resolution seems fine:
>>
>> ---
>> [root at lolpr-idm-slve install]#
>> [root at lolpr-idm-slve install]# host `hostname`
>> lolpr-idm-slve.idm.local has address 172.16.100.222
>> [root at lolpr-idm-slve install]#
>> [root at lolpr-idm-slve install]# host `hostname`^C
>> [root at lolpr-idm-slve install]# host `hostname`| cut -d " " -f  4| xargs
>> -Iname host name
>> 222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local.
>> [root at lolpr-idm-slve install]#
>> ---
>>
>> I'd be thankful if anyone could shed a light on why this error is happening
>> and point me in the direction of a fix.
>>
>> Kind Regards,
>> Traiano
>>
>>
>>
>
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list