[Freeipa-users] ipa-replica-install fails because of IPv6?

Jochen Demmer jochen at winteltosh.de
Wed Oct 26 15:25:21 UTC 2016 


Am 26.10.2016 um 16:48 schrieb Martin Basti:
>
>
>
> On 26.10.2016 16:42, Jochen Demmer wrote:
>>
>>
>> Am 26.10.2016 um 16:27 schrieb Martin Basti:
>>>
>>>
>>>
>>> On 26.10.2016 16:10, Jochen Demmer wrote:
>>>> Hi,
>>>>
>>>> my answers also inline.
>>>>
>>>> Am 26.10.2016 um 15:38 schrieb Martin Basti:
>>>>>
>>>>> Hi, comments inline
>>>>>
>>>>>
>>>>> On 26.10.2016 14:28, Jochen Demmer wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I've been running and using a single FreeIPA server successfully,
>>>>>> i.e.:
>>>>>> Fedora 24
>>>>>> freeipa-server-4.3.2-2.fc24.x86_64
>>>>>> This server is only available via IPv6, because I can't get
>>>>>> public lPv4 addresses no more.
>>>>>>
>>>>>> Now I want to setup a FreeIPA replica at another site also
>>>>>> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64
>>>>>> First I run "ipa-client-install" which succeeds without an error.
>>>>>> When I invoke "ipa-replica-install" I get this error:
>>>>>> ipa         : ERROR    Could not resolve hostname
>>>>>> *hostname.mydoma.in* using DNS. Clients may not function
>>>>>> properly. Please check your DNS setup. (Note that this check
>>>>>> queries IPA DNS directly and ignores /etc/hosts.)
>>>>>> LOG:
>>>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in*
>>>>>> (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for
>>>>>> *hostname.mydoma.in*
>>>>>
>>>>> Can you check with dig or host command if the hostname is really
>>>>> resolvable on that machine? do you have proper resolver in
>>>>> /etc/resolv.conf?
>>>> There is a resolver given in /etc/resolv.conf. When I do "host
>>>> <<hostname.mydoma.in>>" I get the right IPv6 back.
>>> That is weird because IPA is doing basically the same.
>>>
>>>>>
>>>>>>
>>>>>> *hostname.mydoma.in* is actually the DNS entry for the old
>>>>>> FreeIPA server, which actually resolves, but only to an IPv6
>>>>>> address of course.
>>>>>> I can continue the installation though by entering "yes".
>>>>>>
>>>>>> I then get asked:
>>>>>> Enter the IP address to use, or press Enter to finish.
>>>>>> Please provide the IP address to be used for this host name:
>>>>>>
>>>>>> When I enter the IPv6 address of the new replica host it doesn't
>>>>>> accept but infinitely asks this question instead.
>>>>>
>>>>> Have you pressed enter twice? It should end prompt and continue
>>>>> with installation
>>>> Enter without an IP -> No usable IP address provided nor resolved.
>>>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot
>>>> use IP network address 2a02:1:2:3::4 
>>>
>>> How do you have configured IP address on your interface? Does it
>>> have prefix /128?
>> Yes, that's right. It's an IP being assigned statefully by a DHCPv6
>> server.
>> There is also another dynamic IP within the same prefix having /64. I
>> don't want to use this one of course, because its IID changes.
>>
> Could you set (temporarily) prefix for that address to /64 and re-run
> installer? IPA 4.3 has check that prevents you to use /128 prefix
Well now I don't even get asked for the IP. The setup wizard continues,
but I now get this error:

  [27/43]: restarting directory server
ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv at MY-REALM.service' returned non-zero exit
status 1). See the installation log for details.
  [28/43]: setting up initial replication
  [error] error: [Errno 111] Connection refused

LOG:
2016-10-26T15:14:46Z DEBUG Process finished, return code=1
2016-10-26T15:14:46Z DEBUG stdout=
2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv at MY-REALM.service failed
because the control process exited with error code. See "systemctl
status dirsrv at MY-REALM.service" and "journalctl -xe" for details.
2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server
(Command '/bin/systemctl restart dirsrv at MY-REALM.service' returned
non-zero exit status 1). See the installation log for details.
2016-10-26T15:14:46Z DEBUG   duration: 1 seconds
2016-10-26T15:14:46Z DEBUG   [28/43]: setting up initial replication
2016-10-26T15:14:56Z DEBUG Traceback (most recent call last):

When I try to restart manually with, "/bin/systemctl restart
dirsrv at MY-REALM.service"
 this is what systemd logs:
https://paste.fedoraproject.org/461439/raw/


>
>
>>>
>>>>>
>>>>>>
>>>>>> Honestly, I can't see what I might have done wrong.
>>>>>> Old FreeIPA has hostname is in sync forward and reverse record.
>>>>>> New FreeIPA host as well has hostname that symmetrically
>>>>>> resolves, even though the hostname is using another second level
>>>>>> domain.
>>>>>>
>>>>>> Any hints?
>>>>>> Jochen Demmer
>>>>>>
>>>>>>
>>>>>
>>>>> Martin
>>>> Jochen
>>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161026/4b01e97d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x54A5283E.asc
Type: application/pgp-keys
Size: 3108 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161026/4b01e97d/attachment.bin>

More information about the Freeipa-users mailing list