Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 983463
Description of problem:
When you try to install an ipa replica server they try to contact it's ipa
server master with openssh-clients tools (like ssh)
Version-Release number of selected component (if applicable):
[root@itpvsldaps002 ~]# rpm -qa | grep ipa
1. Install ipa server master
2. Install rhel host that will become ipa replica with only @core packages
(without openss-clients installed!)
3. Install ipa-server packages on ipa replica host (but without launch
4. Launch ipa-replica-prepare on ipa master
5. Transfer gpg with sftp client and not with scp client (because scp will fail
due to ipa replica server doesn' has scp program!)
6. Launch ipa-replica-install on ip replica server and you got:
# ipa-replica-install --setup-ca -p foopw -w foopw
Run connection check to master
Check connection from replica to remote master 'YYYYYYY':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
PKI-CA: Directory Service port (7389): OK
The following list of ports use UDP protocol and would need to be
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Execute check on remote master
Traceback (most recent call last):
File "/usr/sbin/ipa-replica-conncheck", line 392, in <module>
File "/usr/sbin/ipa-replica-conncheck", line 371, in main
File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 295, in
close_fds=True, env=env, cwd=cwd)
File "/usr/lib64/python2.6/subprocess.py", line 639, in __init__
File "/usr/lib64/python2.6/subprocess.py", line 1228, in _execute_child
OSError: [Errno 2] No such file or directory
Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck
7. Install openssh-clients on ipa replica host
8. Re-Launch ipa-replica-install and all works fine!
Steps to Reproduce:
Same as above
No openssh-clients dependencies when install ipa-server packages
openssh-clients dependencies when install ipa-server packages
Nathaniel, as I said on this week's meeting, I do not think that this fixes the issue. ipa-replica-conncheck runs ssh to run other part of the connection check, see ipareplica-conncheck.log:
2013-05-23T20:55:55Z DEBUG args=ssh -v -o StrictHostKeychecking=no -o UserKnownHostsFile=/tmp/tmpP71IcA email@example.com echo OK
As ssh is not present, ssh of course cannot be called, thus this exception. I think we need to rather update ipa-replica-conncheck to check at the beginning to see if ssh is installed, if not, report "WARNING: cannot proceed with connection check due to missing ssh command" (or similar) and return.
Any update on this one?
Nathaniel, what is current status with this ticket?
Untested patch submitted to the list. Either someone can test it, or I will test it when I get back from Flock.
Moving all non-critical bugs to 3.3.x bug fixing bucket (FreeIPA 3.3 final was released).
Metadata Update from @rcritten:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 3.3.x - 2013/08 (bug fixing)
to comment on this ticket.