I didn't have a DNS setup, so that part remains untested. Also,
Fedora/Redhat is still on opendnssec 1.4.x while Debian (and Ubuntu)
moved to 2.x some years ago, things like that will still have bugs.
Someone with a support contract (and probably more than one customer)
should require freeipa supp
Using the ppa, the upgrade to the primary server was successful. Then the
replica install was successful, other than, at the end:
...
Restarting named
Updating DNS system records
DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed
to answer the query registry1.1.quietfo
this is fixed in 4.8.2, I was able to reproduce it on eoan, and then
installed 4.8.3 from a ppa (ppa:freeipa/staging) and ipa-replica-install
succeeded
focal now has 4.8.3 so marking the bug as fixed
** Changed in: freeipa (Ubuntu)
Status: New => Fix Released
--
You received this bug not
Good to know. I was using ubuntu eoan.
On 11/27/19 11:18 AM, Timo Aaltonen wrote:
> for the record, ipa-replica-install works fine on the debian vm's that I
> have set up for this (and finally had a go at replicating 4.8)
>
> my goal is to eventually have it all tested with a CI system somewhere,
for the record, ipa-replica-install works fine on the debian vm's that I
have set up for this (and finally had a go at replicating 4.8)
my goal is to eventually have it all tested with a CI system somewhere,
and not rely just on the autopkgtests which can't run ipa-replica-
install
--
You receiv
I appreciate your efforts. The thing is folks who use freeipa put it in
the same 'has-got-to-work' 'no-regressions' category as the kernel.
While it might lack a feature or need work in this or that area, it just
can't 'not install' or have some major user-facing thing like the
'here's how you cha
'community' supported, by me essentially as time permits, and the next
LTS isn't here yet
But yes, for critical systems probably use a distro that has official
support. Or buy UA and demand it ;)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
The error here could be due to a race, where the first server isn't
serving yet when the replica install tries to connect. Also, no mod_nss
should be used anywhere anymore, just mod_ssl.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Timo,
Thank you. I didn't understand freeipa wasn't supported on Ubuntu. You
can consider this matter closed, I have to move to a different distro.
On 11/25/19 2:20 PM, Timo Aaltonen wrote:
> replica install is untested, not surprising to see it being broken
>
> and freeipa is in universe and
replica install is untested, not surprising to see it being broken
and freeipa is in universe and not officially supported
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853863
Title:
freeipa repli
Of some interest, a curl of exactly the same link works (kinit admin in effect,
just after failure above).
root@registry2:/tmp# curl
https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.Fj
Here's the shell script log
root@registry2:~# kinit admin
Password for ad...@1.quietfountain.com:
root@registry2:~# ipa-replica-install --setup-dns --no-forwarders
WARNING: conflicting time&date synchronization service 'ntp' will
be disabled in favor of chronyd
Lookup failed: Preferred host regis
Both registry1 and registry2 are 'vanilla' eoan mate vms.
Host registry1... has a working freeipa-server based on eoan installed. No
other packages. It does include the dns support. registry2 is the attempt to
install a replica. No other packages.
--
You received this bug notification becaus
13 matches
Mail list logo
