[Freeipa-users] client fails to install from ipa-server-install or ipa-replica-install
Rob Crittenden
rcritten at redhat.com
Thu May 28 13:26:54 UTC 2015
Bob Hinton wrote:
> Hello,
>
> I'm using Puppet to try to install ipa masters and replicas. I can
> generally get this to work on Vagrant VMs, but on the target VMs the
> server part succeeds until it attempts to install the ipa client and
> then this fails (please see extracts of logs below).
>
> The /etc/ipa/nssdb directory is left empty. On a replica I can copy this
> from the master along with /etc/openldap/ldap.conf and the client works
> (apart from mkhomedir) when sssd is started. Should /etc/ipa/nssdb be
> populated on the master at this stage of the installation and, if so,
> then why isn't this happening? Selinux is enabled on the target VMs, but
> presumably this isn't an issue.
>
> Many thanks
>
> Bob Hinton
>
>
> trying https://ipa001.jackland.co.uk/ipa/json
> Forwarding 'ping' to json server 'https://ipa001.jackland.co.uk/ipa/json'
> Cannot connect to the server due to generic error: cannot connect to
> 'https://ipa001.jackland.co.uk/ipa/json': Internal Server Error
> Installation failed. As this is IPA server, changes will not be rolled back.
>
> 2015-05-28T11:41:25Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 646, in run_script
> return_value = main_function()
>
> File "/usr/sbin/ipa-server-install", line 1292, in main
> sys.exit("Configuration of client side components
> failed!\nipa-client-install returned: " + str(e))
>
> 2015-05-28T11:41:25Z DEBUG The ipa-server-install command failed,
> exception: SystemExit: Configuration of client side components failed!
> ipa-client-install returned: Command ''/usr/sbin/ipa-client-install'
> '--on-master' '--unattended' '--domain' 'jackland.co.uk' '--server'
> 'ipa001.jackland.co.uk' '--realm' 'JACKLAND.CO.UK' '--hostname'
> 'ipa001.jackland.co.uk' '--mkhomedir'' returned non-zero exit status 1
> [root at ipa001 log]#
>
> 3d:a7:7b:d1:a6:45:b5:9d:d0:00:3e:34:de:b4:7f:0c:
> 37:0d:fa:1b:bb:32:2c:4b:13:35:b3:98:df:d9:62:8a:
> 97:3b:54:df:fb:46:f0:29:ea:c1:3d:9d:cf:f8:f8:2d:
> c7:3d:c0:50:7d:6d:3f:71:ad:fb:0a:74:ef:e5:eb:c0:
> 12:7c:96:b3:b0:da:bb:65:f9:a6:33:9f:82:af:99:ee:
> 50:34:44:84:0f:0e:5f:2a:67:84:b3:cc:5f:95:8c:1a
> Fingerprint (MD5):
> c3:db:00:21:a0:57:a0:d3:a4:31:a8:80:e2:9b:cb:c1
> Fingerprint (SHA1):
> 77:2f:9f:2a:74:3e:62:09:b9:37:70:a3:74:99:5a:a0:
> d5:4a:37:ed
> 2015-05-28T11:41:25Z DEBUG approved_usage = SSL Server intended_usage =
> SSL Server
> 2015-05-28T11:41:25Z DEBUG cert valid True for
> "CN=ipa001.jackland.co.uk,O=JACKLAND.CO.UK"
> 2015-05-28T11:41:25Z DEBUG handshake complete, peer = 10.220.4.250:443
> 2015-05-28T11:41:25Z DEBUG Protocol: TLS1.1
> 2015-05-28T11:41:25Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> 2015-05-28T11:41:25Z ERROR Cannot connect to the server due to generic
> error: cannot connect to 'https://ipa001.jackland.co.uk/ipa/json':
> Internal Server Error
> 2015-05-28T11:41:25Z WARNING Installation failed. As this is IPA server,
> changes will not be rolled back.
You'd want to check httpd error logs on the server ipa001 to see what
the error is about.
rob
More information about the Freeipa-users
mailing list