Spoke too soon, though the routine reported success, in the log we have:

Updating DNS system records
ipapython.dnsutil: ERROR    DNS query for directory1.ri.mamabosso.com. 1 
failed: The DNS operation timed out after 30.0014941692 seconds
ipaserver.dns_data_management: ERROR    unable to resolve host name 
directory1.ri.XXX.com. to IP address, ipa-ca DNS record will be incomplete
Configuring client side components
...
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
[try 1]: Forwarding 'host_mod' to json server 
'https://directory1.ri.XXX.com/ipa/session/json'
Could not update DNS SSHFP records.

and then, what is in fact an error though the text is otherwise:

The ipa-client-install command was successful.

So, in bindinstance.py, after import time, added
import psutil
and just before 
system_records = IPASystemRecords(self.api)
added
while psutil.cpu_percent() > 5: time.sleep(2)

and .. that didn't work.  Same error.

Done configuring DNS (named).
Restarting the web server to pick up resolv.conf changes
Configuring DNS key synchronization service (ipa-dnskeysyncd)
  [1/7]: checking status
  [2/7]: setting up bind-dyndb-ldap working directory
  [3/7]: setting up kerberos principal
  [4/7]: setting up SoftHSM
  [5/7]: adding DNSSEC containers
  [6/7]: creating replica keys
  [7/7]: configuring ipa-dnskeysyncd to start on boot
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
Updating DNS system records
ipapython.dnsutil: ERROR    DNS query for directory1.ri.xxxx.com. 1 failed: The 
DNS operation timed out after 30.000576973 seconds
ipaserver.dns_data_management: ERROR    unable to resolve host name 
directory1.ri.xxx.com. to IP address, ipa-ca DNS record will be incomplete
Configuring client side components
Using existing certificate '/etc/ipa/ca.crt'.
Client hostname: directory1.ri.xxx.com
Realm: RI.XXXX.COM
DNS Domain: ri.xxxx.com
IPA Server: directory1.ri.xxxx.com
BaseDN: dc=ri,dc=xxxxxxx,dc=com

Skipping attempt to configure and synchronize time with chrony server as it has 
been already done on master.
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://directory1.ri.xxx.com/ipa/json
[try 1]: Forwarding 'ping' to json server 
'https://directory1.ri.xxxx.com/ipa/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 
'https://directory1.ri.xxxx.com/ipa/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
[try 1]: Forwarding 'host_mod' to json server 
'https://directory1.ri.xxxx.com/ipa/json'
Could not update DNS SSHFP records.
SSSD enabled

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1627371

Title:
  Timing problems with FreeIPA installation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/1627371/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to