[Freeipa-users] ipa-replica-install command failed
Gady Notrica
gnotrica at candeal.com
Tue Dec 20 19:27:37 UTC 2016
Hello,
Need some help installing replica - FREEIPA on Centos 7. My networking is run, DNS is up on the master IPA all ports are opened. But I can't isolate the problem. Any help?
------ Error:
The ipa-replica-install command failed, exception: SystemExit: Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
------ Command
# ipa-replica-install --setup-dns --setup-ca --no-forwarder --ip-address=172.20.10.100 /var/lib/ipa/replica-info-sys-sec-repl.ipa.domain.com.gpg
Directory Manager (existing master) password:
Run connection check to master
admin at IPA.DOMAIN.COM password:
ipa.ipapython.install.cli.install_tool(Replica): ERROR Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
----- LOG at /var/log/ipareplica-install.log
2016-12-20T19:14:50Z DEBUG stdout=Check connection from replica to remote master ' sys-pri-repl.ipa.domain.com':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
Retrying using SSH...
Check SSH connection to remote master
Could not SSH into remote host. Error output:
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to sys-pri-repl.ipa.domain.com [172.20.10.99] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none
debug1: kex: curve25519-sha256 at libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256 at libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 6r:0e:15:55:dk:17:86:27:53:02:02:89:c7:98:20:11
Warning: Permanently added 'sys-pri-repl.ipa.domain.com,172.20.10.99' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
Connection closed by 172.20.10.99
2016-12-20T19:14:50Z DEBUG stderr=Could not SSH to remote host.
2016-12-20T19:14:50Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run
self.validate()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate
for nothing in self._validator():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 564, in _configure
next(validator)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
for nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1716, in main
install_check(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 364, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 761, in install_check
ca_cert_file=cafile)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 106, in replica_conn_check
"\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")
2016-12-20T19:14:50Z DEBUG The ipa-replica-install command failed, exception: SystemExit: Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2016-12-20T19:14:50Z ERROR Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
2016-12-20T19:14:50Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161220/70477d66/attachment.htm>
More information about the Freeipa-users
mailing list