-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2013 12:42 AM, Rob Crittenden wrote: > Dale Macartney wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> On 01/01/2013 11:42 PM, Rob Crittenden wrote: >>> Dale Macartney wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> >>>> On 12/29/2012 06:38 PM, Rob Crittenden wrote: >>>>> Dale Macartney wrote: >>>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> Afternoon all >>>>>> >>>>>> using Fedora 18 Beta and attempting to install FreeIPA 3.1 >>>>>> >>>>>> when running through the install of "ipa-server-install --setup-dns" I >>>>>> end up with a failure with the below output >>>>>> >>>>>> >>>>>> [root@ds01 ~]# ipa-server-install --setup-dns >>>>>> ..... >>>>>> ..... >>>>>> Done configuring directory server (dirsrv). >>>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes >>>>>> 30 seconds >>>>>> [1/20]: creating certificate server user >>>>>> [2/20]: configuring certificate server instance >>>>>> [3/20]: disabling nonces >>>>>> [4/20]: creating RA agent certificate database >>>>>> [5/20]: importing CA chain to RA certificate database >>>>>> [6/20]: fixing RA database permissions >>>>>> [7/20]: setting up signing cert profile >>>>>> [8/20]: set up CRL publishing >>>>>> [9/20]: set certificate subject base >>>>>> [10/20]: enabling Subject Key Identifier >>>>>> [11/20]: enabling CRL and OCSP extensions for certificates >>>>>> [12/20]: setting audit signing renewal to 2 years >>>>>> [13/20]: configuring certificate server to start on boot >>>>>> [14/20]: restarting certificate server >>>>>> [15/20]: requesting RA certificate from CA >>>>>> [16/20]: issuing RA agent certificate >>>>>> Unexpected error - see /var/log/ipaserver-install.log for details: >>>>>> CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p >>>>>> XXXXXXXX -d /tmp/tmp-kUFAyN -r /ca/agent/ca/profileReview?requestId=7 >>>>>> ds01.domain.com:8443' returned non-zero exit status 6 >>>>>> >>>>>> >>>>>> there is absolutely nothing in any logs at all apart from a few selinux >>>>>> audit logs (system running in permissive mode). >>>>>> >>>>>> Any thoughts? >>>>> >>>>> This usually means a problem with DNS. >>>> Hmm... normally I set a dns forwarder of 10.0.0.254... This time I tried >>>> it with no forwarder at all... Same error occurs... >>> >>> Not really sure. The errors out of sslget are not particularly helpful. >>> >>> I'd check /etc/hosts to be sure it is sane, and perhaps dig/host to be >> sure that the forward and reverse entries match up. >> that'll teach me for using non-kickstarted systems... >> >> error is caused by mis or unconfigured /etc/hosts > > It's hard to programmatically check for some things but I was pretty sure we did some /etc/hosts sanity checking. What was the problem, and I guess more importantly, is it something we can/should check for prior to starting the install? so.. i've just deployed a new guest to test it.. with no entries in /etc/hosts with the exception of localhost... the below appears as part of the ipa-server-install process.. (i am using "ipa-server-install --setup-dns) Server host name [ds01.domain.com]: Warning: skipping DNS resolution of host ds01.domain.com The domain name has been determined based on the host name. Please confirm the domain name [domain.com]: The server hostname resolves to more than one address: fe80::21a:4aff:fe00:a8%eth0 10.0.3.11 Please provide the IP address to be used for this host name: 10.0.3.11 The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [DOMAIN.COM]: If I configure the host details in /etc/hosts.... (10.0.3.11 ds01.domain.com ds01), then the above selection process is not prompted.... so in short.... no hosts file config = no can has IPA install... is the above selection process meant to be configuring /etc/hosts by any chance? > > thanks > > rob > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQ5Nx2AAoJEAJsWS61tB+qgFEQAKzL0V/Se3ci5+CUoExsYx2k 5z393OC734hhtkbxY+35BNjcjICfZGn49KHtevfA2DuZLIsyG1PvhynwZidr67Ci BX72Ye1JcAhxD0iMOncO3mC6aCODfdva12kDCxUQXbGt8WOcSHQtinuSsx9oYyjM HaMRxuGdzNcDVNRTOMRfwHWgZJwf6N7iM47pP3BPw4yCbCi+lBGaot43EQgVUVWS ZWrZhZ2y8m+Bz9lMSk/0M1HZtwYCLgMmg+DcNHr3z0wjdaW5NEX9eRPbuPdx6DiI BVl4s2Z4JBue8AurcNth0XD0uAynG62hsTNIxU5xL4n9chILaV7xz9bZ6epdWnWv UAM1zwkDj/yyWAucIQGSu3IC96gCfopxWBlFNMveRP1IDt71iqada99J+T0/FQaL aFy3e7rzIn8PpNu92Xh9kR5TcBKow+bLj5Q4YBwkI+SXNIxhpKk7EPbThc1siZfq heZQPPFUuAV8omYGJY7jwF0XJv1MWfAhv/V62Jn2+OuV457o5qNrA59hHmI+S8d0 7JbQI06KcBZqI9Kmo9bc1FdxLbYM450m1eK7aYCIPlMvZ7mIGefhVnfcM9IdxPm/ 1RpIVUgqu2VOR9ir7WBffCXul/awwl+f6RYzpsYQwK8YOgG0sdUKt28aeI/89+14 KOQiJm5E5rCDv8Ywx62P =1l7O -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
