I get an error during freeIPA ansible install which does not seem to make sense.
I have the following inventory file:
```cat inventory/hosts.cluster [ipaserver] freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa'
[ipaserver:vars] ipaserver_setup_dns=yes ipaserver_auto_forwarders=yes ipaserver_no_firewalld=no ipaadmin_password=ADMPassword1 ipadm_password=DMPassword1 ipaserver_setup_dns=yes ipaserver_domain=packet.das-schiff.io ipaserver_realm=packet.das-schiff.io ipaserver_no_host_dns=false
[ipareplicas] ipareplica1.test.local
[ipareplicas:vars] ipaclient_force_join=yes
[ipaclients] ipaclient1.test.local ipaclient2.test.local
[ipaclients:vars] #ipaclient_use_otp=yes ipaclient_allow_repair=yes
[ipa:children] ipaserver ipareplicas ipaclients
[ipa:vars] ipaadmin_password=password1 ipadm_password=password1 ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL ```
and the following hosts file contents: ```cat /etc/hosts ::1 freeipa-2.packet.das-schiff.io freeipa-2 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2 ```
however I keep getting the following error: ``` <10.27.3.1> (1, b'\n{"failed": true, "msg": "", "exception": " File \"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\", line 350, in main\n File \"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\", line 270, in install_check\n True, options.ip_addresses)\n File \"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\", line 484, in get_server_ip_address\n raise ScriptError()\n", "invocation": {"module_args": {"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [], "domain": "packet.das-schiff.io", "realm": "PACKET.DAS-SCHIFF.IO", "hostname": "freeipa-1.packet.das-schiff.io", "no_host_dns": true, "setup_adtrust": false, "setup_kra": false, "setup_dns": true, "external_ca": false, "allow_zone_overlap": false, "reverse_zones": [], "no_reverse": false, "auto_reverse": false, "forwarders": [], "no_forwar ders": false, "auto_forwarders": true, "no_dnssec_validation": false, "enable_compat": false, "setup_ca": true, "_hostname_overridden": true, "force": false, "ca_cert_files": [], "external_cert_files": [], "external_ca_type": null, "external_ca_profile": null, "subject_base": null, "ca_subject": null, "forward_policy": null, "netbios_name": null, "rid_base": null, "secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the ip address of your network interface.\nThe KDC service does not listen on localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\n') <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /home/casibbald/.ssh/config debug1: /home/casibbald/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug3: mux_client_forwards: request forwardings: 0 local, 0 remote debug3: mux_client_request_session: entering debug3: mux_client_request_alive: entering debug3: mux_client_request_alive: done pid = 3029733 debug3: mux_client_request_session: session request sent debug1: mux_client_request_session: master session id: 2 The hostname resolves to the localhost address (127.0.0.1/::1) Please change your /etc/hosts file so that the hostname resolves to the ip address of your network interface. The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program debug3: mux_client_read_packet: read header failed: Broken pipe debug2: Received exit status from master 1 The full traceback is: File "/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py", line 350, in main File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270, in install_check True, options.ip_addresses) File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 484, in get_server_ip_address raise ScriptError() fatal: [freeipa-1]: FAILED! => { "changed": false, "invocation": { "module_args": { "_hostname_overridden": true, "allow_zone_overlap": false, "auto_forwarders": true, "auto_reverse": false, "ca_cert_files": [], "ca_subject": null, "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "domain": "packet.das-schiff.io", "enable_compat": false, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "external_cert_files": [], "force": false, "forward_policy": null, "forwarders": [], "hostname": "freeipa-1.packet.das-schiff.io", "ip_addresses": [], "netbios_name": null, "no_dnssec_validation": false, "no_forwarders": false, "no_host_dns": true, "no_reverse": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "realm": "PACKET.DAS-SCHIFF.IO", "reverse_zones": [], "rid_base": null, "secondary_rid_base": null, "setup_adtrust": false, "setup_ca": true, "setup_dns": true, "setup_kra": false, "subject_base": null } }, "msg": "" } ```
Charles Sibbald via FreeIPA-users wrote:
I get an error during freeIPA ansible install which does not seem to make sense.
I have the following inventory file:
[ipaserver] freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' [ipaserver:vars] ipaserver_setup_dns=yes ipaserver_auto_forwarders=yes ipaserver_no_firewalld=no ipaadmin_password=ADMPassword1 ipadm_password=DMPassword1 ipaserver_setup_dns=yes ipaserver_domain=packet.das-schiff.io ipaserver_realm=packet.das-schiff.io ipaserver_no_host_dns=false [ipareplicas] ipareplica1.test.local [ipareplicas:vars] ipaclient_force_join=yes [ipaclients] ipaclient1.test.local ipaclient2.test.local [ipaclients:vars] #ipaclient_use_otp=yes ipaclient_allow_repair=yes [ipa:children] ipaserver ipareplicas ipaclients [ipa:vars] ipaadmin_password=password1 ipadm_password=password1 ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL
and the following hosts file contents:
::1 freeipa-2.packet.das-schiff.io freeipa-2 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
however I keep getting the following error:
<10.27.3.1> (1, b'\n{"failed": true, "msg": "", "exception": " File \\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\", line 350, in main\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in install_check\\n True, options.ip_addresses)\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line 484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation": {"module_args": {"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [], "domain": "packet.das-schiff.io", "realm": "PACKET.DAS-SCHIFF.IO", "hostname": "freeipa-1.packet.das-schiff.io", "no_host_dns": true, "setup_adtrust": false, "setup_kra": false, "setup_dns": true, "external_ca": false, "allow_zone_overlap": false, "reverse_zones": [], "no_reverse": false, "auto_reverse": false, "forwarders": [], "no_forwar ders": false, "auto_forwarders": true, "no_dnssec_validation": false, "enable_compat": false, "setup_ca": true, "_hostname_overridden": true, "force": false, "ca_cert_files": [], "external_cert_files": [], "external_ca_type": null, "external_ca_profile": null, "subject_base": null, "ca_subject": null, "forward_policy": null, "netbios_name": null, "rid_base": null, "secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the ip address of your network interface.\nThe KDC service does not listen on localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\n') <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /home/casibbald/.ssh/config debug1: /home/casibbald/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug3: mux_client_forwards: request forwardings: 0 local, 0 remote debug3: mux_client_request_session: entering debug3: mux_client_request_alive: entering debug3: mux_client_request_alive: done pid = 3029733 debug3: mux_client_request_session: session request sent debug1: mux_client_request_session: master session id: 2 The hostname resolves to the localhost address (127.0.0.1/::1) Please change your /etc/hosts file so that the hostname resolves to the ip address of your network interface.
You need to modify /etc/hosts to ensure that the host FQDN does not point to 127.0.0.1 but to its actual IP address.
rob
The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program debug3: mux_client_read_packet: read header failed: Broken pipe debug2: Received exit status from master 1 The full traceback is: File "/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py", line 350, in main File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270, in install_check True, options.ip_addresses) File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 484, in get_server_ip_address raise ScriptError() fatal: [freeipa-1]: FAILED! => { "changed": false, "invocation": { "module_args": { "_hostname_overridden": true, "allow_zone_overlap": false, "auto_forwarders": true, "auto_reverse": false, "ca_cert_files": [], "ca_subject": null, "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "domain": "packet.das-schiff.io", "enable_compat": false, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "external_cert_files": [], "force": false, "forward_policy": null, "forwarders": [], "hostname": "freeipa-1.packet.das-schiff.io", "ip_addresses": [], "netbios_name": null, "no_dnssec_validation": false, "no_forwarders": false, "no_host_dns": true, "no_reverse": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "realm": "PACKET.DAS-SCHIFF.IO", "reverse_zones": [], "rid_base": null, "secondary_rid_base": null, "setup_adtrust": false, "setup_ca": true, "setup_dns": true, "setup_kra": false, "subject_base": null } }, "msg": "" }
Hi Rob,
Your advice "You need to modify /etc/hosts to ensure that the host FQDN does not point to 127.0.0.1 but to its actual IP address.
I am ashamed to say I either do not understand how this is done or I am confused.
I have set the hosts file as follows and there is no 127.0.0.1
I am not entirely sure what else is required to not have 127.0.0.1 not returned.
Config:
[centos@freeipa-1 ~]$ cat /etc/hosts 10.27.3.1 freeipa-1.packet.das-schiff.io freeipa-1
Kind regards, and ashamedly confused by Lentos
Charles
On 27 Oct 2020, at 16:04, Rob Crittenden rcritten@redhat.com wrote:
Charles Sibbald via FreeIPA-users wrote:
I get an error during freeIPA ansible install which does not seem to make sense.
I have the following inventory file:
[ipaserver] freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' [ipaserver:vars] ipaserver_setup_dns=yes ipaserver_auto_forwarders=yes ipaserver_no_firewalld=no ipaadmin_password=ADMPassword1 ipadm_password=DMPassword1 ipaserver_setup_dns=yes ipaserver_domain=packet.das-schiff.io ipaserver_realm=packet.das-schiff.io ipaserver_no_host_dns=false [ipareplicas] ipareplica1.test.local [ipareplicas:vars] ipaclient_force_join=yes [ipaclients] ipaclient1.test.local ipaclient2.test.local [ipaclients:vars] #ipaclient_use_otp=yes ipaclient_allow_repair=yes [ipa:children] ipaserver ipareplicas ipaclients [ipa:vars] ipaadmin_password=password1 ipadm_password=password1 ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL
and the following hosts file contents:
::1 freeipa-2.packet.das-schiff.io freeipa-2 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
however I keep getting the following error:
<10.27.3.1> (1, b'\n{"failed": true, "msg": "", "exception": " File \\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\", line 350, in main\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in install_check\\n True, options.ip_addresses)\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line 484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation": {"module_args": {"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [], "domain": "packet.das-schiff.io", "realm": "PACKET.DAS-SCHIFF.IO", "hostname": "freeipa-1.packet.das-schiff.io", "no_host_dns": true, "setup_adtrust": false, "setup_kra": false, "setup_dns": true, "external_ca": false, "allow_zone_overlap": false, "reverse_zones": [], "no_reverse": false, "auto_reverse": false, "forwarders": [], "no_forwar ders": false, "auto_forwarders": true, "no_dnssec_validation": false, "enable_compat": false, "setup_ca": true, "_hostname_overridden": true, "force": false, "ca_cert_files": [], "external_cert_files": [], "external_ca_type": null, "external_ca_profile": null, "subject_base": null, "ca_subject": null, "forward_policy": null, "netbios_name": null, "rid_base": null, "secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the ip address of your network interface.\nThe KDC service does not listen on localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\n') <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /home/casibbald/.ssh/config debug1: /home/casibbald/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug3: mux_client_forwards: request forwardings: 0 local, 0 remote debug3: mux_client_request_session: entering debug3: mux_client_request_alive: entering debug3: mux_client_request_alive: done pid = 3029733 debug3: mux_client_request_session: session request sent debug1: mux_client_request_session: master session id: 2 The hostname resolves to the localhost address (127.0.0.1/::1) Please change your /etc/hosts file so that the hostname resolves to the ip address of your network interface.
You need to modify /etc/hosts to ensure that the host FQDN does not point to 127.0.0.1 but to its actual IP address.
rob
The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program debug3: mux_client_read_packet: read header failed: Broken pipe debug2: Received exit status from master 1 The full traceback is: File "/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py", line 350, in main File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270, in install_check True, options.ip_addresses) File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 484, in get_server_ip_address raise ScriptError() fatal: [freeipa-1]: FAILED! => { "changed": false, "invocation": { "module_args": { "_hostname_overridden": true, "allow_zone_overlap": false, "auto_forwarders": true, "auto_reverse": false, "ca_cert_files": [], "ca_subject": null, "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "domain": "packet.das-schiff.io", "enable_compat": false, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "external_cert_files": [], "force": false, "forward_policy": null, "forwarders": [], "hostname": "freeipa-1.packet.das-schiff.io", "ip_addresses": [], "netbios_name": null, "no_dnssec_validation": false, "no_forwarders": false, "no_host_dns": true, "no_reverse": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "realm": "PACKET.DAS-SCHIFF.IO", "reverse_zones": [], "rid_base": null, "secondary_rid_base": null, "setup_adtrust": false, "setup_ca": true, "setup_dns": true, "setup_kra": false, "subject_base": null } }, "msg": "" }
Realised the error:
Somehow I deleted the 127.0.0.1 localhost entry.
Cheers
On 27 Oct 2020, at 16:14, Charles Sibbald casibbald@gmail.com wrote:
Hi Rob,
Your advice "You need to modify /etc/hosts to ensure that the host FQDN does not point to 127.0.0.1 but to its actual IP address.
I am ashamed to say I either do not understand how this is done or I am confused.
I have set the hosts file as follows and there is no 127.0.0.1
I am not entirely sure what else is required to not have 127.0.0.1 not returned.
Config:
[centos@freeipa-1 ~]$ cat /etc/hosts 10.27.3.1 freeipa-1.packet.das-schiff.io freeipa-1
Kind regards, and ashamedly confused by Lentos
Charles
On 27 Oct 2020, at 16:04, Rob Crittenden rcritten@redhat.com wrote:
Charles Sibbald via FreeIPA-users wrote:
I get an error during freeIPA ansible install which does not seem to make sense.
I have the following inventory file:
[ipaserver] freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' [ipaserver:vars] ipaserver_setup_dns=yes ipaserver_auto_forwarders=yes ipaserver_no_firewalld=no ipaadmin_password=ADMPassword1 ipadm_password=DMPassword1 ipaserver_setup_dns=yes ipaserver_domain=packet.das-schiff.io ipaserver_realm=packet.das-schiff.io ipaserver_no_host_dns=false [ipareplicas] ipareplica1.test.local [ipareplicas:vars] ipaclient_force_join=yes [ipaclients] ipaclient1.test.local ipaclient2.test.local [ipaclients:vars] #ipaclient_use_otp=yes ipaclient_allow_repair=yes [ipa:children] ipaserver ipareplicas ipaclients [ipa:vars] ipaadmin_password=password1 ipadm_password=password1 ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL
and the following hosts file contents:
::1 freeipa-2.packet.das-schiff.io freeipa-2 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
however I keep getting the following error:
<10.27.3.1> (1, b'\n{"failed": true, "msg": "", "exception": " File \\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\", line 350, in main\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in install_check\\n True, options.ip_addresses)\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line 484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation": {"module_args": {"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [], "domain": "packet.das-schiff.io", "realm": "PACKET.DAS-SCHIFF.IO", "hostname": "freeipa-1.packet.das-schiff.io", "no_host_dns": true, "setup_adtrust": false, "setup_kra": false, "setup_dns": true, "external_ca": false, "allow_zone_overlap": false, "reverse_zones": [], "no_reverse": false, "auto_reverse": false, "forwarders": [], "no_forwar ders": false, "auto_forwarders": true, "no_dnssec_validation": false, "enable_compat": false, "setup_ca": true, "_hostname_overridden": true, "force": false, "ca_cert_files": [], "external_cert_files": [], "external_ca_type": null, "external_ca_profile": null, "subject_base": null, "ca_subject": null, "forward_policy": null, "netbios_name": null, "rid_base": null, "secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the ip address of your network interface.\nThe KDC service does not listen on localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\n') <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /home/casibbald/.ssh/config debug1: /home/casibbald/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug3: mux_client_forwards: request forwardings: 0 local, 0 remote debug3: mux_client_request_session: entering debug3: mux_client_request_alive: entering debug3: mux_client_request_alive: done pid = 3029733 debug3: mux_client_request_session: session request sent debug1: mux_client_request_session: master session id: 2 The hostname resolves to the localhost address (127.0.0.1/::1) Please change your /etc/hosts file so that the hostname resolves to the ip address of your network interface.
You need to modify /etc/hosts to ensure that the host FQDN does not point to 127.0.0.1 but to its actual IP address.
rob
The KDC service does not listen on localhost
Please fix your /etc/hosts file and restart the setup program debug3: mux_client_read_packet: read header failed: Broken pipe debug2: Received exit status from master 1 The full traceback is: File "/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py", line 350, in main File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270, in install_check True, options.ip_addresses) File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 484, in get_server_ip_address raise ScriptError() fatal: [freeipa-1]: FAILED! => { "changed": false, "invocation": { "module_args": { "_hostname_overridden": true, "allow_zone_overlap": false, "auto_forwarders": true, "auto_reverse": false, "ca_cert_files": [], "ca_subject": null, "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "domain": "packet.das-schiff.io", "enable_compat": false, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "external_cert_files": [], "force": false, "forward_policy": null, "forwarders": [], "hostname": "freeipa-1.packet.das-schiff.io", "ip_addresses": [], "netbios_name": null, "no_dnssec_validation": false, "no_forwarders": false, "no_host_dns": true, "no_reverse": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "realm": "PACKET.DAS-SCHIFF.IO", "reverse_zones": [], "rid_base": null, "secondary_rid_base": null, "setup_adtrust": false, "setup_ca": true, "setup_dns": true, "setup_kra": false, "subject_base": null } }, "msg": "" }
Hi,
As stated in the error, KDC will not work if it resolves to the localhost (::1) address. To fix your installation, modify your /etc/hosts to ``` ::1 localhost localhost6 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2 ```
Take care,
Rafael
On Tue, Oct 27, 2020 at 10:50 AM Charles Sibbald via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
I get an error during freeIPA ansible install which does not seem to make sense.
I have the following inventory file:
[ipaserver] freeipa-1 ansible_host=10.27.3.1 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' freeipa-2 ansible_host=10.27.3.2 ansible_port=22 ansible_user='centos' ansible_sudo_pass='centos' ansible_ssh_private_key_file='~/.ssh/id_rsa' [ipaserver:vars] ipaserver_setup_dns=yes ipaserver_auto_forwarders=yes ipaserver_no_firewalld=no ipaadmin_password=ADMPassword1 ipadm_password=DMPassword1 ipaserver_setup_dns=yes ipaserver_domain=packet.das-schiff.io ipaserver_realm=packet.das-schiff.io ipaserver_no_host_dns=false [ipareplicas] ipareplica1.test.local [ipareplicas:vars] ipaclient_force_join=yes [ipaclients] ipaclient1.test.local ipaclient2.test.local [ipaclients:vars] #ipaclient_use_otp=yes ipaclient_allow_repair=yes [ipa:children] ipaserver ipareplicas ipaclients [ipa:vars] ipaadmin_password=password1 ipadm_password=password1 ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL
and the following hosts file contents:
::1 freeipa-2.packet.das-schiff.io freeipa-2 10.27.3.2 freeipa-2.packet.das-schiff.io freeipa-2
however I keep getting the following error:
<10.27.3.1> (1, b'\n{"failed": true, "msg": "", "exception": " File \\"/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py\\", line 350, in main\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/dns.py\\", line 270, in install_check\\n True, options.ip_addresses)\\n File \\"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py\\", line 484, in get_server_ip_address\\n raise ScriptError()\\n", "invocation": {"module_args": {"dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ip_addresses": [], "domain": " packet.das-schiff.io", "realm": "PACKET.DAS-SCHIFF.IO", "hostname": " freeipa-1.packet.das-schiff.io", "no_host_dns": true, "setup_adtrust": false, "setup_kra": false, "setup_dns": true, "external_ca": false, "allow_zone_overlap": false, "reverse_zones": [], "no_reverse": false, "auto_reverse": false, "forwarders": [], "no_forwar ders": false, "auto_forwarders": true, "no_dnssec_validation": false, "enable_compat": false, "setup_ca": true, "_hostname_overridden": true, "force": false, "ca_cert_files": [], "external_cert_files": [], "external_ca_type": null, "external_ca_profile": null, "subject_base": null, "ca_subject": null, "forward_policy": null, "netbios_name": null, "rid_base": null, "secondary_rid_base": null}}}\n', b'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/casibbald/.ssh/config\r\ndebug1: /home/casibbald/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_re quest_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3029733\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\nThe hostname resolves to the localhost address (127.0.0.1/::1)\nPlease change your /etc/hosts file so that the hostname\nresolves to the ip address of your network interface.\nThe KDC service does not listen on localhost\n\nPlease fix your /etc/hosts file and restart the setup program\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\n') <10.27.3.1> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /home/casibbald/.ssh/config debug1: /home/casibbald/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug3: mux_client_forwards: request forwardings: 0 local, 0 remote debug3: mux_client_request_session: entering debug3: mux_client_request_alive: entering debug3: mux_client_request_alive: done pid = 3029733 debug3: mux_client_request_session: session request sent debug1: mux_client_request_session: master session id: 2 The hostname resolves to the localhost address (127.0.0.1/::1) Please change your /etc/hosts file so that the hostname resolves to the ip address of your network interface. The KDC service does not listen on localhost Please fix your /etc/hosts file and restart the setup program debug3: mux_client_read_packet: read header failed: Broken pipe debug2: Received exit status from master 1 The full traceback is: File "/tmp/ansible_ipaserver_prepare_payload_0ik3mxe2/ansible_ipaserver_prepare_payload.zip/ansible/modules/ipaserver_prepare.py", line 350, in main File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 270, in install_check True, options.ip_addresses) File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 484, in get_server_ip_address raise ScriptError() fatal: [freeipa-1]: FAILED! => { "changed": false, "invocation": { "module_args": { "_hostname_overridden": true, "allow_zone_overlap": false, "auto_forwarders": true, "auto_reverse": false, "ca_cert_files": [], "ca_subject": null, "dm_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "domain": "packet.das-schiff.io", "enable_compat": false, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "external_cert_files": [], "force": false, "forward_policy": null, "forwarders": [], "hostname": "freeipa-1.packet.das-schiff.io", "ip_addresses": [], "netbios_name": null, "no_dnssec_validation": false, "no_forwarders": false, "no_host_dns": true, "no_reverse": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "realm": "PACKET.DAS-SCHIFF.IO", "reverse_zones": [], "rid_base": null, "secondary_rid_base": null, "setup_adtrust": false, "setup_ca": true, "setup_dns": true, "setup_kra": false, "subject_base": null } }, "msg": "" }
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org