[Freeipa-users] Trouble creating replica
John Dennis
jdennis at redhat.com
Tue Feb 19 14:08:44 UTC 2013
On 02/19/2013 06:58 AM, Bret Wortman wrote:
> I have a server running freeipa and I want to migrate it to a new host.
> I had thought that the easiest way might be to create a replica and load
> that onto the new host, but this is proving problematic:
>
> # ipa-replica-prepare ipamaster.my.com <http://ipamaster.my.com>
> --ip-address 10.0.0.46
> Directory Manager (existing master) password:
>
> Preparing replica for ipamaster.my.com <http://ipamaster.my.com> from
> oldmaster.my.com <http://oldmaster.my.com>
> Creating SSL certificate for the Directory Server
> preparation of replica failed: cannot connect to
> 'https://oldmaster.my.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno
> -5985] Cannot resolve oldmaster.my.com <http://oldmaster.my.com> using
> family PR_AF_INET6
>
> And then a stack trace follows.
>
> # netstat -rn | grep 9444
> # lsof -i:9444
> #
> _
> _
> I've also tried connecting to that URL via Firefox without success. It's
> just not listening there. What do I need to check? Someone else is
> running some apps (redmine and others) using Passenger on that server as
> well; could it be obscuring the port somehow?
>
> We're not running IPV6, so I'm not sure why it's being referenced....
I can't comment on why you can't connect but I can explain the error
message. It's an internal mistake, if we can't connect we try another
address family, that logic is incorrect and I thought we had fixed in
this ticket https://fedorahosted.org/freeipa/ticket/2695, but apparently
we didn't. Anyway the error message is a red herring, your connection
problems lie elsewhere.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list