[Freeipa-users] ipa-replica-install fails because of IPv6?

Jochen Demmer jochen at winteltosh.de
Thu Oct 27 08:33:23 UTC 2016 


Am 27.10.2016 um 10:02 schrieb Jochen Demmer:
>
>
> Am 26.10.2016 um 17:31 schrieb Martin Basti:
>>
>>
>>
>> On 26.10.2016 17:25, Jochen Demmer wrote:
>>>
>>>
>>> Am 26.10.2016 um 16:48 schrieb Martin Basti:
>>>>
>>>>
>>>>
>>>> On 26.10.2016 16:42, Jochen Demmer wrote:
>>>>>
>>>>>
>>>>> Am 26.10.2016 um 16:27 schrieb Martin Basti:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 26.10.2016 16:10, Jochen Demmer wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> my answers also inline.
>>>>>>>
>>>>>>> Am 26.10.2016 um 15:38 schrieb Martin Basti:
>>>>>>>>
>>>>>>>> Hi, comments inline
>>>>>>>>
>>>>>>>>
>>>>>>>> On 26.10.2016 14:28, Jochen Demmer wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I've been running and using a single FreeIPA server
>>>>>>>>> successfully, i.e.:
>>>>>>>>> Fedora 24
>>>>>>>>> freeipa-server-4.3.2-2.fc24.x86_64
>>>>>>>>> This server is only available via IPv6, because I can't get
>>>>>>>>> public lPv4 addresses no more.
>>>>>>>>>
>>>>>>>>> Now I want to setup a FreeIPA replica at another site also
>>>>>>>>> running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64
>>>>>>>>> First I run "ipa-client-install" which succeeds without an error.
>>>>>>>>> When I invoke "ipa-replica-install" I get this error:
>>>>>>>>> ipa         : ERROR    Could not resolve hostname
>>>>>>>>> *hostname.mydoma.in* using DNS. Clients may not function
>>>>>>>>> properly. Please check your DNS setup. (Note that this check
>>>>>>>>> queries IPA DNS directly and ignores /etc/hosts.)
>>>>>>>>> LOG:
>>>>>>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server
>>>>>>>>> *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1',
>>>>>>>>> '2a01:f11:1:1::1']) for *hostname.mydoma.in*
>>>>>>>>
>>>>>>>> Can you check with dig or host command if the hostname is
>>>>>>>> really resolvable on that machine? do you have proper resolver
>>>>>>>> in /etc/resolv.conf?
>>>>>>> There is a resolver given in /etc/resolv.conf. When I do "host
>>>>>>> <<hostname.mydoma.in>>" I get the right IPv6 back.
>>>>>> That is weird because IPA is doing basically the same.
>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> *hostname.mydoma.in* is actually the DNS entry for the old
>>>>>>>>> FreeIPA server, which actually resolves, but only to an IPv6
>>>>>>>>> address of course.
>>>>>>>>> I can continue the installation though by entering "yes".
>>>>>>>>>
>>>>>>>>> I then get asked:
>>>>>>>>> Enter the IP address to use, or press Enter to finish.
>>>>>>>>> Please provide the IP address to be used for this host name:
>>>>>>>>>
>>>>>>>>> When I enter the IPv6 address of the new replica host it
>>>>>>>>> doesn't accept but infinitely asks this question instead.
>>>>>>>>
>>>>>>>> Have you pressed enter twice? It should end prompt and continue
>>>>>>>> with installation
>>>>>>> Enter without an IP -> No usable IP address provided nor resolved.
>>>>>>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4
>>>>>>> cannot use IP network address 2a02:1:2:3::4 
>>>>>>
>>>>>> How do you have configured IP address on your interface? Does it
>>>>>> have prefix /128?
>>>>> Yes, that's right. It's an IP being assigned statefully by a
>>>>> DHCPv6 server.
>>>>> There is also another dynamic IP within the same prefix having
>>>>> /64. I don't want to use this one of course, because its IID changes.
>>>>>
>>>> Could you set (temporarily) prefix for that address to /64 and
>>>> re-run installer? IPA 4.3 has check that prevents you to use /128
>>>> prefix
>>> Well now I don't even get asked for the IP. The setup wizard
>>> continues, but I now get this error:
>>>
>>>   [27/43]: restarting directory server
>>> ipa         : CRITICAL Failed to restart the directory server
>>> (Command '/bin/systemctl restart dirsrv at MY-REALM.service' returned
>>> non-zero exit status 1). See the installation log for details.
>>>   [28/43]: setting up initial replication
>>>   [error] error: [Errno 111] Connection refused
>>>
>>> LOG:
>>> 2016-10-26T15:14:46Z DEBUG Process finished, return code=1
>>> 2016-10-26T15:14:46Z DEBUG stdout=
>>> 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv at MY-REALM.service
>>> failed because the control process exited with error code. See
>>> "systemctl status dirsrv at MY-REALM.service" and "journalctl -xe" for
>>> details.
>>> 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server
>>> (Command '/bin/systemctl restart dirsrv at MY-REALM.service' returned
>>> non-zero exit status 1). See the installation log for details.
>>> 2016-10-26T15:14:46Z DEBUG   duration: 1 seconds
>>> 2016-10-26T15:14:46Z DEBUG   [28/43]: setting up initial replication
>>> 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last):
>>>
>>> When I try to restart manually with, "/bin/systemctl restart
>>> dirsrv at MY-REALM.service"
>>>  this is what systemd logs:
>>> https://paste.fedoraproject.org/461439/raw/
>>>
>>>
>>
>> Could you please check /var/log/dirsrv/slapd-*/errors  there might be
>> more details.
>>
>> Did you reused an old IPA server for this installation?
>>
>> Martin
> This is what the logfile says:
> https://paste.fedoraproject.org/461685/raw/
>
> I tried to install this server as a replica a couple of times, but I
> even reinstalled all of the software and I keep using
> ipa-client-install --uninstall and
> ipa-server-install --uninstall
It looks like you encountered that problem yourself nearly a year ago:
https://fedorahosted.org/freeipa/ticket/5561
>>
>>>>
>>>>
>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Honestly, I can't see what I might have done wrong.
>>>>>>>>> Old FreeIPA has hostname is in sync forward and reverse record.
>>>>>>>>> New FreeIPA host as well has hostname that symmetrically
>>>>>>>>> resolves, even though the hostname is using another second
>>>>>>>>> level domain.
>>>>>>>>>
>>>>>>>>> Any hints?
>>>>>>>>> Jochen Demmer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> Martin
>>>>>>> Jochen
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161027/8e83ab64/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x54A5283E.asc
Type: application/pgp-keys
Size: 3108 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161027/8e83ab64/attachment.bin>

More information about the Freeipa-users mailing list