[Freeipa-users] The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address ... Cannot use IP network address
Traiano Welcome
traiano at gmail.com
Fri Nov 7 13:08:15 UTC 2014
Hi List
I'm trying to configure a replica for a primary freeipa IdM server
(both CentOS 7, AD trusts configured on primary), but "ipa-replica-install"
fails with the following error:
--
ipa-replica-install -d --setup-ca --setup-dns --no-forwarders
/var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
.
.
Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
IP network address
.
.
--
For context, here is the full output from the replica-install command (I've
attached the full debug output):
---
[root at lolpr-idm-slve ipa]# ipa-replica-install --setup-ca --setup-dns
--no-forwarders /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd
Directory Manager (existing master) password:
Run connection check to master
Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at IDM.LOCAL password:
Check SSH connection to remote master
Execute check on remote master
Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
Connection from master to replica is OK.
Connection check OK
Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use
IP network address
[root at lolpr-idm-slve ipa]#
---
Some things I've tested:
1. disable selinux (followed by reboot) - no change
2. disable IPv6 (followed by reboot) - no change
DNS resolution and IP checks seem fine:
---
[root at lolpr-idm-slve install]# hostname
lolpr-idm-slve.idm.local
[root at lolpr-idm-slve install]# ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.222 netmask 255.255.255.255 broadcast
172.16.100.222
ether 00:50:56:9c:1e:60 txqueuelen 1000 (Ethernet)
RX packets 17964 bytes 1705674 (1.6 MiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 3772 bytes 595134 (581.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
--
/etc/hosts looks like this:
--
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
172.16.100.68 lolpr-idm-mstr.idm.local lolpr-idm-mstr
172.16.100.222 lolpr-idm-slve.idm.local lolpr-idm-slve
172.16.104.231 loltestdc001.loltestdc.com loltestdc001
--
Host naming, forward and reverse resolution seems fine:
---
[root at lolpr-idm-slve install]#
[root at lolpr-idm-slve install]# host `hostname`
lolpr-idm-slve.idm.local has address 172.16.100.222
[root at lolpr-idm-slve install]#
[root at lolpr-idm-slve install]# host `hostname`^C
[root at lolpr-idm-slve install]# host `hostname`| cut -d " " -f 4| xargs
-Iname host name
222.100.16.172.in-addr.arpa domain name pointer lolpr-idm-slve.idm.local.
[root at lolpr-idm-slve install]#
---
I'd be thankful if anyone could shed a light on why this error is happening
and point me in the direction of a fix.
Kind Regards,
Traiano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141107/f06a4966/attachment.htm>
-------------- next part --------------
ipa : DEBUG stdout=enabled
ipa : DEBUG stderr=
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd
Directory Manager (existing master) password:
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/bin/gpg-agent --batch --homedir /tmp/tmpIaHxbXipa/ipa-Ae8JB2/.gnupg --daemon /usr/bin/gpg --batch --homedir /tmp/tmpIaHxbXipa/ipa-Ae8JB2/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpIaHxbXipa/files.tar -d /var/lib/ipa/replica-info-lolpr-idm-slve.idm.local.gpg
ipa : DEBUG Process finished, return code=0
ipa : DEBUG Starting external process
ipa : DEBUG args=tar xf /tmp/tmpIaHxbXipa/files.tar -C /tmp/tmpIaHxbXipa
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Installing replica file with version 30303 (0 means no version in prepared file).
ipa : DEBUG Check if lolpr-idm-slve.idm.local is a primary hostname for localhost
ipa : DEBUG Primary hostname for localhost: lolpr-idm-slve.idm.local
ipa : DEBUG Search DNS for lolpr-idm-slve.idm.local
ipa : DEBUG Check if lolpr-idm-slve.idm.local is not a CNAME
ipa : DEBUG Check reverse address of 172.16.100.222
ipa : DEBUG Found reverse name: lolpr-idm-slve.idm.local
ipa : DEBUG Check if lolpr-idm-mstr.idm.local is a primary hostname for localhost
ipa : DEBUG Primary hostname for localhost: lolpr-idm-mstr.idm.local
ipa : DEBUG Search DNS for lolpr-idm-mstr.idm.local
ipa : DEBUG Check if lolpr-idm-mstr.idm.local is not a CNAME
ipa : DEBUG Check reverse address of 172.16.100.68
ipa : DEBUG Found reverse name: lolpr-idm-mstr.idm.local
Run connection check to master
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/sbin/ipa-replica-conncheck --master lolpr-idm-mstr.idm.local --auto-master-check --realm IDM.LOCAL --principal admin --hostname lolpr-idm-slve.idm.local
Check connection from replica to remote master 'lolpr-idm-mstr.idm.local':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at IDM.LOCAL password:
Check SSH connection to remote master
Execute check on remote master
Check connection from master to remote replica 'lolpr-idm-slve.idm.local':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
Connection from master to replica is OK.
ipa : DEBUG Process finished, return code=0
Connection check OK
ipa : DEBUG Starting external process
ipa : DEBUG args=/sbin/ip -family inet -oneline address show
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: ens192 inet 172.16.100.222/32 brd 172.16.100.222 scope global ens192\ valid_lft forever preferred_lft forever
ipa : DEBUG stderr=
ipa : DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 638, in run_script
return_value = main_function()
File "/sbin/ipa-replica-install", line 554, in main
config.ip = installutils.get_server_ip_address(config.host_name, fstore, True, options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 459, in get_server_ip_address
sys.exit("Invalid IP Address %s for %s: %s" % (hostaddr[0], host_name, unicode(e)))
ipa : DEBUG The ipa-replica-install command failed, exception: SystemExit: Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address
Invalid IP Address 172.16.100.222 for lolpr-idm-slve.idm.local: cannot use IP network address
---
More information about the Freeipa-users
mailing list