[Freeipa-users] ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not provided by any .service files

Alexander Skwar alexanders.mailinglists+nospam at gmail.com
Tue Jan 17 14:24:35 UTC 2017 

Hello


Using freeipa 4.3.1-0ubuntu1 on Ubuntu 16.04 servers.

I have setup a FreeIPA master server with the following commands:

    apt install freeipa-server

    ipa-server-install --setup-dns --mkhomedir --auto-forwarders \
      --no-reverse --hostname=ewserv-auth01-prod.unix.ewadmin.ch \
      --ip-address=192.168.251.51 \
      --ds-password='dspassword' --admin-password='adminpassword' \
      --realm=UNIX.EWADMIN.CH --domain=unix.ewadmin.ch \
      --unattended

On a different server, I'm now trying to setup a replica. The
connection tests are good, see replica-master-conncheck.txt and
master-replica-conncheck.txt.

But ipa-replica-install fails (see ipa-replica-install.log.txt):

    $ sudo ipa-replica-install -P admin -w adminpassword
--domain=unix.ewadmin.ch --server=ewserv-auth01-prod.unix.ewadmin.ch
--realm=UNIX.EWADMIN.CH --hostname=ewserv-auth02-prod.unix.ewadmin.ch
    …
    Client configuration complete.

    Run connection check to master
    Removing client side components
    Unenrolling client from IPA server
    …
    ipa.ipapython.install.cli.install_tool(Replica): ERROR
Connection check failed!
    Please fix your network settings according to error messages above.
    If the check results are not valid it can be skipped with
--skip-conncheck parameter.
    ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information

In /var/log/ipareplica-install.log (attached as well), I find:

    […]
       Kerberos Kpasswd: UDP (464): SKIPPED

    Connection from replica to master is OK.
    Start listening on required ports for remote master check
    Get credentials to log in to remote master
    Check RPC connection to remote master
    Execute check on remote master

    2017-01-17T14:48:00Z DEBUG stderr=Remote master check failed with
following error message(s):
    an internal error has occurred

    2017-01-17T14:48:00Z DEBUG Starting external process
    2017-01-17T14:48:00Z DEBUG args=/usr/sbin/ipa-client-install
--unattended --uninstall
    2017-01-17T14:48:06Z DEBUG Process finished, return code=0
    […]

In /var/log/apache2/error.log, I find an error:

    [Tue Jan 17 16:06:05.825724 2017] [wsgi:error] [pid 21773:tid
139626190206720] ipa: INFO: [jsonserver_kerb] admin at UNIX.EWADMIN.CH:
ping(version=u'2.164'): SUCCESS
    ERROR:dbus.proxies:Introspect error on org.freeipa.server:/:
dbus.exceptions.DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.941909 2017] [wsgi:error] [pid 21772:tid
139626190206720] ipa: ERROR: non-public: DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.942141 2017] [wsgi:error] [pid 21772:tid
139626190206720] Traceback (most recent call last):
    [Tue Jan 17 16:06:05.942325 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 350,
in wsgi_execute
    [Tue Jan 17 16:06:05.942543 2017] [wsgi:error] [pid 21772:tid
139626190206720]     result = self.Command[name](*args, **options)
    [Tue Jan 17 16:06:05.942946 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 446, in
__call__
    [Tue Jan 17 16:06:05.944110 2017] [wsgi:error] [pid 21772:tid
139626190206720]     ret = self.run(*args, **options)
    [Tue Jan 17 16:06:05.944272 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 763, in
run
    [Tue Jan 17 16:06:05.944459 2017] [wsgi:error] [pid 21772:tid
139626190206720]     return self.execute(*args, **options)
    [Tue Jan 17 16:06:05.944638 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/plugins/server.py", line 247,
in execute
    [Tue Jan 17 16:06:05.944825 2017] [wsgi:error] [pid 21772:tid
139626190206720]     ret, stdout, stderr = server.conncheck(keys[-1])
    [Tue Jan 17 16:06:05.945075 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 70, in
__call__
    [Tue Jan 17 16:06:05.945245 2017] [wsgi:error] [pid 21772:tid
139626190206720]     return self._proxy_method(*args, **keywords)
    [Tue Jan 17 16:06:05.945394 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 145, in
__call__
    [Tue Jan 17 16:06:05.945567 2017] [wsgi:error] [pid 21772:tid
139626190206720]     **keywords)
    [Tue Jan 17 16:06:05.945734 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/connection.py", line 651, in
call_blocking
    [Tue Jan 17 16:06:05.945914 2017] [wsgi:error] [pid 21772:tid
139626190206720]     message, timeout)
    [Tue Jan 17 16:06:05.946074 2017] [wsgi:error] [pid 21772:tid
139626190206720] DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.946989 2017] [wsgi:error] [pid 21772:tid
139626190206720] ipa: INFO: [jsonserver_kerb] admin at UNIX.EWADMIN.CH:
server_conncheck(u'ewserv-auth01-prod.unix.ewadmin.ch',
u'ewserv-auth02-prod.unix.ewadmin.ch', version=u'2.162'):
DBusException
    [Tue Jan 17 16:06:10.595846 2017] [wsgi:error] [pid 21773:tid
139626190206720] ipa: INFO: [xmlserver]
host/ewserv-auth02-prod.unix.ewadmin.ch at UNIX.EWADMIN.CH:
host_disable(u'ewserv-auth02-prod.unix.ewadmin.ch', version=u'2.51'):
SUCCESS


Thanks for any hints,


Alexander

PS: I also reported this as a bug on launchpad @
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1657134
-------------- next part --------------
$ sudo /usr/sbin/ipa-replica-conncheck --replica ewserv-auth02-prod.unix.ewadmin.ch
Check connection from master to remote replica 'ewserv-auth02-prod.unix.ewadmin.ch':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

Connection from master to replica is OK.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipareplica-install.log
Type: text/x-log
Size: 26310 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170117/30b0f411/attachment.bin>
-------------- next part --------------
$ sudo /usr/sbin/ipa-replica-conncheck --master=192.168.251.51
Check connection from replica to remote master '192.168.251.51':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Listeners are started. Use CTRL+C to terminate the listening part after the test.

Please run the following command on remote master:
/usr/sbin/ipa-replica-conncheck --replica ewserv-auth02-prod.unix.ewadmin.ch

^C
Cleaning up...
-------------- next part --------------
$ sudo ipa-replica-install -P admin -w adminpassword --domain=unix.ewadmin.ch --server=ewserv-auth01-prod.unix.ewadmin.ch --realm=UNIX.EWADMIN.CH --hostname=ewserv-auth02-prod.unix.ewadmin.ch
Configuring client side components
Client hostname: ewserv-auth02-prod.unix.ewadmin.ch
Realm: UNIX.EWADMIN.CH
DNS Domain: unix.ewadmin.ch
IPA Server: ewserv-auth01-prod.unix.ewadmin.ch
BaseDN: dc=unix,dc=ewadmin,dc=ch

Synchronizing time with KDC...
Attempting to sync time using ntpd.  Will timeout after 15 seconds
Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=UNIX.EWADMIN.CH
    Issuer:      CN=Certificate Authority,O=UNIX.EWADMIN.CH
    Valid From:  Mon Jan 16 15:23:55 2017 UTC
    Valid Until: Fri Jan 16 15:23:55 2037 UTC

Enrolled in IPA realm UNIX.EWADMIN.CH
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm UNIX.EWADMIN.CH
trying https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json
Forwarding 'ping' to json server 'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Systemwide CA database updated.
Hostname (ewserv-auth02-prod.unix.ewadmin.ch) does not have A/AAAA record.
Failed to update DNS records.
Missing A/AAAA record(s) for host ewserv-auth02-prod.unix.ewadmin.ch: 192.168.251.52.
Missing reverse record(s) for address(es): 192.168.251.52.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to json server 'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
No SRV records of NTP servers found. IPA server address will be used
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring unix.ewadmin.ch as NIS domain.
Client configuration complete.

Run connection check to master
Removing client side components
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

More information about the Freeipa-users mailing list