<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">Am 26.10.2016 um 17:31 schrieb Martin
Basti:<br>
</div>
<blockquote
cite="mid:2d166fde-b04e-28fc-4fd6-8cc636416af7@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 26.10.2016 17:25, Jochen Demmer
wrote:<br>
</div>
<blockquote
cite="mid:5ed2b215-6b51-db8f-f897-86d129367889@winteltosh.de"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">Am 26.10.2016 um 16:48 schrieb
Martin Basti:<br>
</div>
<blockquote
cite="mid:087c11ce-dae5-8584-c31b-f9233c3412b0@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 26.10.2016 16:42, Jochen
Demmer wrote:<br>
</div>
<blockquote
cite="mid:2ded2848-a5ef-8e5e-591e-9c98dc6fe8f0@winteltosh.de"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">Am 26.10.2016 um 16:27 schrieb
Martin Basti:<br>
</div>
<blockquote
cite="mid:5e55e85e-6b11-e56a-914b-42594aa703b4@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 26.10.2016 16:10, Jochen
Demmer wrote:<br>
</div>
<blockquote
cite="mid:68ba2f75-2ec3-205e-99bb-26737965f4c3@winteltosh.de"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hi,<br>
<br>
my answers also inline.<br>
<br>
<div class="moz-cite-prefix">Am 26.10.2016 um 15:38
schrieb Martin Basti:<br>
</div>
<blockquote
cite="mid:36079a29-0ccd-9aa7-5e7e-9eb3f99e6089@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Hi, comments inline<br>
</p>
<br>
<div class="moz-cite-prefix">On 26.10.2016 14:28,
Jochen Demmer wrote:<br>
</div>
<blockquote
cite="mid:6cabd71f-9e06-2778-d534-d5039846c301@winteltosh.de"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Hi,<br>
<br>
I've been running and using a single FreeIPA server
successfully, i.e.:<br>
Fedora 24<br>
freeipa-server-4.3.2-2.fc24.x86_64<br>
This server is only available via IPv6, because I
can't get public lPv4 addresses no more.<br>
<br>
Now I want to setup a FreeIPA replica at another
site also running IPv6, Fedora 24 and
freeipa-server-4.3.2-2.fc24.x86_64<br>
First I run "ipa-client-install" which succeeds
without an error.<br>
When I invoke "ipa-replica-install" I get this
error:<br>
ipa : ERROR Could not resolve hostname <b>hostname.mydoma.in</b>
using DNS. Clients may not function properly. Please
check your DNS setup. (Note that this check queries
IPA DNS directly and ignores /etc/hosts.)<br>
LOG:<br>
2016-10-26T12:14:39Z DEBUG Search DNS server <b>hostname.mydoma.in</b>
(['2a01:f11:1:1::1', '2a01:f11:1:1::1',
'2a01:f11:1:1::1']) for <b>hostname.mydoma.in</b><br>
</blockquote>
<br>
Can you check with dig or host command if the hostname
is really resolvable on that machine? do you have
proper resolver in /etc/resolv.conf?<br>
</blockquote>
There is a resolver given in /etc/resolv.conf. When I do
"host <<hostname.mydoma.in>>" I get the
right IPv6 back.<br>
</blockquote>
That is weird because IPA is doing basically the same.<br>
<br>
<blockquote
cite="mid:68ba2f75-2ec3-205e-99bb-26737965f4c3@winteltosh.de"
type="cite">
<blockquote
cite="mid:36079a29-0ccd-9aa7-5e7e-9eb3f99e6089@redhat.com"
type="cite"> <br>
<blockquote
cite="mid:6cabd71f-9e06-2778-d534-d5039846c301@winteltosh.de"
type="cite"> <br>
<b>hostname.mydoma.in</b> is actually the DNS entry
for the old FreeIPA server, which actually resolves,
but only to an IPv6 address of course.<br>
I can continue the installation though by entering
"yes".<br>
<br>
I then get asked:<br>
Enter the IP address to use, or press Enter to
finish.<br>
Please provide the IP address to be used for this
host name:<br>
<br>
When I enter the IPv6 address of the new replica
host it doesn't accept but infinitely asks this
question instead.<br>
</blockquote>
<br>
Have you pressed enter twice? It should end prompt and
continue with installation<br>
</blockquote>
Enter without an IP -> No usable IP address provided
nor resolved.<br>
Enter with an IP -> Error: Invalid IP Address
2a02:1:2:3::4 cannot use IP network address
2a02:1:2:3::4 </blockquote>
<br>
How do you have configured IP address on your interface?
Does it have prefix /128?<br>
</blockquote>
Yes, that's right. It's an IP being assigned statefully by a
DHCPv6 server.<br>
There is also another dynamic IP within the same prefix
having /64. I don't want to use this one of course, because
its IID changes.<br>
<br>
</blockquote>
Could you set (temporarily) prefix for that address to /64 and
re-run installer? IPA 4.3 has check that prevents you to use
/128 prefix<br>
</blockquote>
Well now I don't even get asked for the IP. The setup wizard
continues, but I now get this error:<br>
<br>
[27/43]: restarting directory server<br>
ipa : CRITICAL Failed to restart the directory server
(Command '/bin/systemctl restart <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dirsrv@MY-REALM.service">dirsrv@MY-REALM.service</a>'
returned non-zero exit status 1). See the installation log for
details.<br>
[28/43]: setting up initial replication<br>
[error] error: [Errno 111] Connection refused<br>
<br>
LOG:<br>
2016-10-26T15:14:46Z DEBUG Process finished, return code=1<br>
2016-10-26T15:14:46Z DEBUG stdout=<br>
2016-10-26T15:14:46Z DEBUG stderr=Job for <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:dirsrv@MY-REALM.service">dirsrv@MY-REALM.service</a>
failed because the control process exited with error code. See
"systemctl status <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dirsrv@MY-REALM.service">dirsrv@MY-REALM.service</a>"
and "journalctl -xe" for details.<br>
2016-10-26T15:14:46Z CRITICAL Failed to restart the directory
server (Command '/bin/systemctl restart <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:dirsrv@MY-REALM.service">dirsrv@MY-REALM.service</a>'
returned non-zero exit status 1). See the installation log for
details.<br>
2016-10-26T15:14:46Z DEBUG duration: 1 seconds<br>
2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial
replication<br>
2016-10-26T15:14:56Z DEBUG Traceback (most recent call last):<br>
<br>
When I try to restart manually with, "/bin/systemctl restart <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:dirsrv@MY-REALM.service">dirsrv@MY-REALM.service</a>"<br>
this is what systemd logs:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://paste.fedoraproject.org/461439/raw/">https://paste.fedoraproject.org/461439/raw/</a><br>
<br>
<br>
</blockquote>
<br>
Could you please check /var/log/dirsrv/slapd-*/errors there might
be more details.<br>
<br>
Did you reused an old IPA server for this installation?<br>
<br>
Martin<br>
</blockquote>
This is what the logfile says:<br>
<a class="moz-txt-link-freetext" href="https://paste.fedoraproject.org/461685/raw/">https://paste.fedoraproject.org/461685/raw/</a><br>
<br>
I tried to install this server as a replica a couple of times, but I
even reinstalled all of the software and I keep using <br>
ipa-client-install --uninstall and<br>
ipa-server-install --uninstall<br>
<blockquote
cite="mid:2d166fde-b04e-28fc-4fd6-8cc636416af7@redhat.com"
type="cite"> <br>
<blockquote
cite="mid:5ed2b215-6b51-db8f-f897-86d129367889@winteltosh.de"
type="cite">
<blockquote
cite="mid:087c11ce-dae5-8584-c31b-f9233c3412b0@redhat.com"
type="cite"> <br>
<br>
<blockquote
cite="mid:2ded2848-a5ef-8e5e-591e-9c98dc6fe8f0@winteltosh.de"
type="cite">
<blockquote
cite="mid:5e55e85e-6b11-e56a-914b-42594aa703b4@redhat.com"
type="cite"> <br>
<blockquote
cite="mid:68ba2f75-2ec3-205e-99bb-26737965f4c3@winteltosh.de"
type="cite">
<blockquote
cite="mid:36079a29-0ccd-9aa7-5e7e-9eb3f99e6089@redhat.com"
type="cite"> <br>
<blockquote
cite="mid:6cabd71f-9e06-2778-d534-d5039846c301@winteltosh.de"
type="cite"> <br>
Honestly, I can't see what I might have done wrong.<br>
Old FreeIPA has hostname is in sync forward and
reverse record.<br>
New FreeIPA host as well has hostname that
symmetrically resolves, even though the hostname is
using another second level domain.<br>
<br>
Any hints?<br>
Jochen Demmer<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
Martin<br>
</blockquote>
Jochen<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>