[description of the issue] When running ipa-client-install, the installer fails whenever it checks the CA certificate.
I've installed two different instances of the ipa server, one with a dogtag CA, and one CA-less with a certificate I already had - it doesn't seem to make a difference to the ipa-client-install.
All IPs are statically configured, and the only DNS records available are A records for the FQDN of the IPA server and the FQDN of the clients.
Alternatively:
If following the first set of instructions, you will receive the following output: Skip ipahost: cannot verify if this is an IPA server Failed to verify that ipahost is an IPA Server. This may mean that the remote server is not up or is not reachable due to network or firewall settings. Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled)
If following the second set of instructions, you will receive the following output: Downloading the CA certificate via HTTP, this is INSECURE Successfully retrieved CA cert Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining: Problem with the SSL CA cert (path? access rights?)
Installation failed. Rolling back changes.
I expect the installer to finish.
Server: CentOS 7.7.1908 ipa-server-4.6.5-11.el7.centos.x86_64 ipa-client-4.6.5-11.el7.centos.x86_64 389-ds-base-1.3.9.1-10.el7.x86_64 pki-ca-10.5.16-3.el7.noarch krb5-server-1.15.1-37.el7_7.2.x86_64 Kernel 5.2.20-1.el7.cp Client: CentOS 7.7.1908 ipa-client-4.6.5-11.el7.centos.x86_64 Kernel 5.2.20-1.el7.cp
While the output I receive is very different with the two different approaches the log files both have an unnamed ScriptError With certificate in place:
2019-12-11T08:37:36Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 358, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 633, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 455, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3668, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2270, in install_check raise ScriptError(rval=CLIENT_INSTALL_ERROR) 2019-12-11T08:37:36Z DEBUG The ipa-client-install command failed, exception: ScriptError:
Without certificate in place:
2019-12-11T08:51:13Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3670, in main install(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2391, in install _install(options) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2613, in _install raise ScriptError(rval=CLIENT_INSTALL_ERROR) 2019-12-11T08:51:13Z DEBUG The ipa-client-install command failed, exception: ScriptError:
I initially tried this with a Fedora client (and a CentOS8 client) as well, I will provide version numbers for the Fedora test - but it resulted in the same error.
The ScriptError is raised because the attempt to get the chain failed, i isn't the root of the problem. Can you provide a full /var/log/ipa-client-install.log?
I resolved this by adding some additional DNS records.
Metadata Update from @tobiasv: - Issue close_status updated to: worksforme - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.