Open dicalleson opened 4 years ago
Sorry... worked through this... principal needed to be in admins group.
However now I am not getting both ipa servers in sssd.conf and ntp.conf is not getting configured and started.
ipaclient_servers=ipaserver1.example.com,ipaserver2.example.com
A comma should fix your issue. ^^^
The full traceback is: WARNING: The below traceback may not be related to the actual failure. File "/tmp/ansible_freeipa.ansible_freeipa.ipaclient_test_payload_8q4egV/ansible_freeipa.ansible_freeipa.ipaclient_test_payload.zip/ansible_collections/freeipa/ansible_freeipa/plugins/modules/ipaclient_test.py", line 643, in main fatal: [ipaclient2.vr-dev.local]: FAILED! => { "changed": false, "invocation": { "module_args": { "all_ip_addresses": false, "ca_cert_files": null, "configure_firefox": false, "domain": "vr-dev.local", "enable_dns_updates": false, "firefox_dir": null, "force_ntpd": false, "hostname": "ipa-client2.vr-dev.local", "ip_addresses": null, "kinit_attempts": 5, "nisdomain": null, "no_nisdomain": false, "no_ntp": false, "ntp_pool": null, "ntp_servers": null, "on_master": false, "realm": "VR-DEV.LOCAL", "servers": [ "ipa.vr-dev.local", "ipa-replica.vr-dev.local" ] } }, "msg": "Failed to verify that ipa.vr-dev.local, ipa-replica.vr-dev.local is an IPA Server." }
i see this error, you can help me, client is Debian OS
this is inventory, that is my issue ? thank you
[ipaclients] ipaclient1.vr-dev.local ansible_host=123.456.789.101 ipaclient2.vr-dev.local ansible_host=123.456.789.101
[ipaclients:vars] ansible_user=root ipaclient_keytab=/tmp/krb5.keytab ipaclient_domain=vr-dev.local ipaclient_realm=VR-DEV.LOCAL ipaadmin_principal=admin ipaadmin_password=__ ipaclient_use_otp=no ipaclient_force_join=yes
ipaclient_no_dns_lookup=yes ipaclient_install_packages=yes ipaclient_allow_repair=yes ipaclient_extraargs=[ '--kinit-attempts=3', '--mkhomedir'] ipaclient_principal=admin ipaclient_password=____ ipaclient_servers=ipa.vr-dev.local,ipa-replica.vr-dev.local
I'm running into this on my test cluster. I'm able to install the IPA client manually from individual machines, but running the playbook causes every client to return "Failed to verify that x.y.z is an IPA server."
I do have the same issue
EDIT six days later:
It turned out that ansible-freeipa needs the FQDN, e.g. freeipa1.your.domain
.
Using freeipa1
only in ipaclient_servers
does not work.
Having a warning for this case would be useful.
I've got this same error, is there any solution?
I am using the same inventory as I used for installing a server and replica. I want to now add clients. I added the following entries in my inventory. I confirmed that I can kinit to the ipaadmin_principal and password works. [ipaclients:vars] ipaclient_allow_repair=yes ipaadmin_principal=ipa-service ipaadmin_password=xxxxx ipaclient_allow_repair=yes ipaclient_domain=example.com ipaclient_realm=EXAMPLE.COM ipaclient_mkhomedir=yes ipaclient_force_join=yes ipaclient_no_dns_lookup=yes ipaclient_ntp_servers=ipaserver1.example.com ipaserver2.example.com ipaclient_servers=ipaserver1.example.com ipaserver2.example.com
Ansible works up until: TASK [ipaclient : Install - IPA client test] *** Monday 03 August 2020 18:51:12 +0000 (0:00:00.079) 0:00:10.269 * fatal: [login.silicondev.us-cert.gov]: FAILED! => {"changed": false, "msg": "Failed to verify thatipaserver1.example.com ipaserver2.example.com is an IPA Server."}