Bug 1598662
Summary: | Replica installation fails with connection refused error | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | anuja <amore> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.6 | CC: | cpelland, frenaud, ksiddiqu, myusuf, nsoman, pasik, pvoborni, rcritten, slaznick, tdudlak, tscherf |
Target Milestone: | rc | Keywords: | Regression, TestBlocker |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.6.4-7.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:58:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
anuja
2018-07-06 06:54:04 UTC
Investigation: the replica installation fails trying to connect to https://master.domain.com:8443/ca/rest/account/login, but in RHEL 6.x (with Dogtag 9) the master does not use this port. Port 8443 use has been introduced with Dogtag 10 (see http://www.dogtagpki.org/wiki/PKI_Release_Notes#What.27s_new.3F_23 section New Directory Layout/ Architecture/ Standard Ports) and previous Dogtag versions were using 9443, 9444, 9445 and 9446. This issue should have been fixed by https://pagure.io/freeipa/c/0d406fcb784924bfe685729f3156efb8c902b947 but seems to re-occur in latest rhel 7.5 version. Upstream ticket: https://pagure.io/freeipa/issue/7629 Fixed upstream master: https://pagure.io/freeipa/c/6175672e8e11a5fb0a813ea11513efffb704a672 Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/c4481d71a9a57b89366b02f86f99fc84b5d9d320 Fixed upstream: ipa-4-5: https://pagure.io/freeipa/c/35958aa15bd96ec30b5d700f99995a9bddd20c95 ipa-4-7: https://pagure.io/freeipa/c/15ce6c819e239eb58749a7c96a16984103c18675 version: Master : ipa-server-3.0.0-51.el6.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.10 (Santiago) Replica : ipa-server-4.6.4-7.el7.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 Beta (Maipo) Steps: 1. Install master on RHEL6.10 $ /usr/sbin/ipa-server-install --setup-dns --forwarder 10.11.5.19 --domain testrelm.test --realm TESTRELM.TEST --admin-password Secret123 --ds-password Secret123 -U 2. create replica prepare file $ ipa-replica-prepare replica.testrelm.test --ip-address=<xx.xx.xx.xx> 3. copy file created in step 2 to the replica server 4. setup replica $ ipa-replica-install --setup-ca <replica-prepare-file-from step 3> Actual result: replica installed successfully andno error observed. [..] [try 1]: Forwarding 'host_mod' to json server 'https://replica.testrelm.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring testrelm.test as NIS domain. Client configuration complete. The ipa-client-install command was successful Based on above observations, marking the bug as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3187 |