[Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address

Traiano Welcome traiano at gmail.com
Fri Nov 7 13:08:15 UTC 2014


Hi List

I'm trying to configure a replica for a primary freeipa IdM server
(both CentOS 7, AD trusts configured on primary), but "ipa-replica-install"
fails with the following error:
--
 ipa-replica-install -d  --setup-ca --setup-dns --no-forwarders
/var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
.
.
Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
IP network address
.
.
--

For context, here is the full output from the replica-install command (I've
attached the full debug output):

---
[root at lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns
--no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd

Directory Manager (existing master) password:

Run connection check to master
Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at IDM.LOCAL password:

Check SSH connection to remote master
Execute check on remote master
Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

Connection from master to replica is OK.

Connection check OK
Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
IP network address
[root at lolpr-idm-slve ipa]#

---

Some things I've tested:

1. disable  selinux (followed by reboot) - no change
2. disable IPv6 (followed by reboot) - no change

DNS resolution and IP checks seem fine:
---

[root at lolpr-idm-slve install]# hostname
lolpr-idm-slve.idm.local


[root at lolpr-idm-slve install]# ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.100.222  netmask 255.255.255.255  broadcast
172.16.100.222
        ether 00:50:56:9c:1e:60  txqueuelen 1000  (Ethernet)
        RX packets 17964  bytes 1705674 (1.6 MiB)
        RX errors 0  dropped 10  overruns 0  frame 0
        TX packets 3772  bytes 595134 (581.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
--

/etc/hosts looks like this:

--
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
172.16.100.68   lolpr-idm-mstr.idm.local        lolpr-idm-mstr
172.16.100.222  lolpr-idm-slve.idm.local        lolpr-idm-slve
172.16.104.231  loltestdc001.loltestdc.com      loltestdc001
--

Host naming, forward and reverse resolution seems fine:

---
[root at lolpr-idm-slve install]#
[root at lolpr-idm-slve install]# host `hostname`
lolpr-idm-slve.idm.local has address 172.16.100.222
[root at lolpr-idm-slve install]#
[root at lolpr-idm-slve install]# host `hostname`^C
[root at lolpr-idm-slve install]# host `hostname`| cut -d " " -f  4| xargs
-Iname host name
222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local.
[root at lolpr-idm-slve install]#
---

I'd be thankful if anyone could shed a light on why this error is happening
and point me in the direction of a fix.

Kind Regards,
Traiano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141107/f06a4966/attachment.htm>
-------------- next part --------------
ipa         : DEBUG    stdout=enabled

ipa         : DEBUG    stderr=
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd

Directory Manager (existing master) password:

ipa         : DEBUG    Starting external process
ipa         : DEBUG    args=/usr/bin/gpg-agent --batch --homedir /tmp/tmpIaHxbXipa/ipa-Ae8JB2/.gnupg --daemon /usr/bin/gpg --batch --homedir /tmp/tmpIaHxbXipa/ipa-Ae8JB2/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpIaHxbXipa/files.tar -d /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
ipa         : DEBUG    Process finished, return code=0
ipa         : DEBUG    Starting external process
ipa         : DEBUG    args=tar xf /tmp/tmpIaHxbXipa/files.tar -C /tmp/tmpIaHxbXipa
ipa         : DEBUG    Process finished, return code=0
ipa         : DEBUG    stdout=
ipa         : DEBUG    stderr=
ipa         : DEBUG    Installing replica file with version 30303 (0 means no version in prepared file).
ipa         : DEBUG    Check if lolpr-idm-slve.idm.local is a primary hostname for localhost
ipa         : DEBUG    Primary hostname for localhost: lolpr-idm-slve.idm.local
ipa         : DEBUG    Search DNS for lolpr-idm-slve.idm.local
ipa         : DEBUG    Check if lolpr-idm-slve.idm.local is not a CNAME
ipa         : DEBUG    Check reverse address of 172.16.100.222
ipa         : DEBUG    Found reverse name: lolpr-idm-slve.idm.local
ipa         : DEBUG    Check if lolpr-idm-mstr.idm.local is a primary hostname for localhost
ipa         : DEBUG    Primary hostname for localhost: lolpr-idm-mstr.idm.local
ipa         : DEBUG    Search DNS for lolpr-idm-mstr.idm.local
ipa         : DEBUG    Check if lolpr-idm-mstr.idm.local is not a CNAME
ipa         : DEBUG    Check reverse address of 172.16.100.68
ipa         : DEBUG    Found reverse name: lolpr-idm-mstr.idm.local
Run connection check to master
ipa         : DEBUG    Starting external process
ipa         : DEBUG    args=/usr/sbin/ipa-replica-conncheck --master lolpr-idm-mstr.idm.local --auto-master-check --realm IDM.LOCAL --principal admin --hostname lolpr-idm-slve.idm.local
Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at IDM.LOCAL password:

Check SSH connection to remote master
Execute check on remote master
Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

Connection from master to replica is OK.

ipa         : DEBUG    Process finished, return code=0
Connection check OK
ipa         : DEBUG    Starting external process
ipa         : DEBUG    args=/sbin/ip -family inet -oneline address show
ipa         : DEBUG    Process finished, return code=0
ipa         : DEBUG    stdout=1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: ens192    inet 172.16.100.222/32 brd 172.16.100.222 scope global ens192\       valid_lft forever preferred_lft forever

ipa         : DEBUG    stderr=
ipa         : DEBUG      File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 638, in run_script
    return_value = main_function()

  File "/sbin/ipa-replica-install", line 554, in main
    config.ip = installutils.get_server_ip_address(config.host_name, fstore, True, options)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 459, in get_server_ip_address
    sys.exit("Invalid IP Address %s for %s: %s" % (hostaddr[0], host_name, unicode(e)))

ipa         : DEBUG    The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address
Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address


---






More information about the Freeipa-users mailing list