Spoke too soon, though the routine reported success, in the log we have: Updating DNS system records ipapython.dnsutil: ERROR DNS query for directory1.ri.mamabosso.com. 1 failed: The DNS operation timed out after 30.0014941692 seconds ipaserver.dns_data_management: ERROR unable to resolve host name directory1.ri.XXX.com. to IP address, ipa-ca DNS record will be incomplete Configuring client side components ... Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub [try 1]: Forwarding 'host_mod' to json server 'https://directory1.ri.XXX.com/ipa/session/json' Could not update DNS SSHFP records.
and then, what is in fact an error though the text is otherwise: The ipa-client-install command was successful. So, in bindinstance.py, after import time, added import psutil and just before system_records = IPASystemRecords(self.api) added while psutil.cpu_percent() > 5: time.sleep(2) and .. that didn't work. Same error. Done configuring DNS (named). Restarting the web server to pick up resolv.conf changes Configuring DNS key synchronization service (ipa-dnskeysyncd) [1/7]: checking status [2/7]: setting up bind-dyndb-ldap working directory [3/7]: setting up kerberos principal [4/7]: setting up SoftHSM [5/7]: adding DNSSEC containers [6/7]: creating replica keys [7/7]: configuring ipa-dnskeysyncd to start on boot Done configuring DNS key synchronization service (ipa-dnskeysyncd). Restarting ipa-dnskeysyncd Restarting named Updating DNS system records ipapython.dnsutil: ERROR DNS query for directory1.ri.xxxx.com. 1 failed: The DNS operation timed out after 30.000576973 seconds ipaserver.dns_data_management: ERROR unable to resolve host name directory1.ri.xxx.com. to IP address, ipa-ca DNS record will be incomplete Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: directory1.ri.xxx.com Realm: RI.XXXX.COM DNS Domain: ri.xxxx.com IPA Server: directory1.ri.xxxx.com BaseDN: dc=ri,dc=xxxxxxx,dc=com Skipping attempt to configure and synchronize time with chrony server as it has been already done on master. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://directory1.ri.xxx.com/ipa/json [try 1]: Forwarding 'ping' to json server 'https://directory1.ri.xxxx.com/ipa/json' [try 1]: Forwarding 'ca_is_enabled' to json server 'https://directory1.ri.xxxx.com/ipa/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub [try 1]: Forwarding 'host_mod' to json server 'https://directory1.ri.xxxx.com/ipa/json' Could not update DNS SSHFP records. SSSD enabled -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627371 Title: Timing problems with FreeIPA installation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/1627371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs