Hide Forgot
Description of problem: Due to checks in the installer related to IP addressing, IPA will not install on Amazon EC2. On Amazon EC2 virtual machines are provisioned with an IP address effectively situated behind network address translation. This leads to a situation where the public facing IP will never match up with the address of the interface, even to other machines which will be accessing IPA. The specific issue even occurs when trying to force the IP address that the server will use. How reproducible: 100% Steps to Reproduce: 1. Provision RHEL machine on Amazon EC2 2. yum -y install ipa-server 3. ipa-server-install Actual results: [root@ipa ~]# ipa-server-install ... Unexpected error - see ipaserver-install.log for details: No network interface matches the provided IP address and netmask [root@ipa ~]# ipa-server-install --ip-address=50.19.212.236 Usage: ipa-server-install [options] ipa-server-install: error: option --ip-address: invalid IP address 50.19.212.236: No network interface matches the provided IP address and netmask [root@ipa ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 12:31:3B:02:5C:3D inet addr:10.243.95.203 Bcast:10.243.95.255 Mask:255.255.254.0 inet6 addr: fe80::1031:3bff:fe02:5c3d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:44356 errors:0 dropped:0 overruns:0 frame:0 TX packets:12170 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:61443561 (58.5 MiB) TX bytes:1553781 (1.4 MiB) Interrupt:8 Expected results: Working IPA install
What does /etc/hosts look like? Does it contain the local host/IP combination? You might try the --no-host-dns option but I don't think it will help in this particular case.
Should it be installed on the internal address then? I mean -ip-address=10.243.95.203 ? IPA needs to be sure its host name resolution is consistent. The NATing can be done but outside of IPA as long as it understands where its head and tail.
[root@ipa ~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 12:31:3B:01:D8:B3 inet addr:10.242.223.65 Bcast:10.242.223.255 Mask:255.255.254.0 inet6 addr: fe80::1031:3bff:fe01:d8b3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:78 errors:0 dropped:0 overruns:0 frame:0 TX packets:67 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:10586 (10.3 KiB) TX bytes:9003 (8.7 KiB) Interrupt:8 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:282 (282.0 b) TX bytes:282 (282.0 b) [root@ipa ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.242.222.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 10.242.222.1 0.0.0.0 UG 0 0 0 eth0 [root@ipa ~]# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6
Created attachment 577758 [details] ipaserver-install.log Contents of ipaserver-install.log from EC2
I would recommend trying to install IPA with either 1) --ip-address=10.242.223.65, i.e. using internal address behind NAT as Dmitri suggested 2) with --no-host-dns that would skip various DNS checks which may help overcome this DNS issue
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2648
The upstream ticket has been closed. I tried IPA in EC2 VM and it worked for me. I just needed to pass an internal IP address to ipa-server-install. Then I was still able to connect to IPA Web UI from a VM outside of EC2 internal network using the EC2 VM's public IP address. Closing the BZ as worksforme.