freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
505 stars 231 forks source link

Server preparation: raise ScriptError() #797

Closed patsevanton closed 2 years ago

patsevanton commented 2 years ago

Hello! Thanks for role freeipa! I try install and get error

  File "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line 737, in get_server_ip_address
    raise ScriptError()

Playbook

---
- name: Playbook to configure IPA servers
  hosts: ipaserver
  become: true
  collections:
    - freeipa.ansible_freeipa
  pre_tasks:
    - name: Update apt cache.
      apt: update_cache=true cache_valid_time=600
      when: ansible_os_family == 'Debian'
    - name: Install python2.7-minimal
      ansible.builtin.package:
        name: python2.7-minimal
        state: present
  roles:
    - role: freeipa.ansible_freeipa.ipaserver
      state: present

Inventory

all:
  children:
    ipaserver:
      hosts:
        "freeipa":
          ansible_host: "xxxxxx"
  vars:
    ansible_user:  ubuntu
    ansible_ssh_private_key_file: ~/.ssh/id_rsa
    ipaadmin_password: ADMPassword1
    ipadm_password: DMPassword1
    ipaserver_domain: test.local
    ipaserver_realm: TEST.LOCAL

Ansible output

TASK [freeipa.ansible_freeipa.ipaserver : Install - Server preparation]

The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
  File "/tmp/ansible_freeipa.ansible_freeipa.ipaserver_prepare_payload_UPhJaj/ansible_freeipa.ansible_freeipa.ipaserver_prepare_payload.zip/ansible_collections/freeipa/ansible_freeipa/plugins/modules/ipaserver_prepare.py", line 359, in main
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line 737, in get_server_ip_address
    raise ScriptError()
fatal: [freeipa]: FAILED! => changed=false
  invocation:
    module_args:
      _hostname_overridden: true
      allow_zone_overlap: false
      auto_forwarders: false
      auto_reverse: false
      ca_cert_files: []
      ca_subject: null
      dm_password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      domain: test.local
      enable_compat: false
      external_ca: false
      external_ca_profile: null
      external_ca_type: null
      external_cert_files: []
      force: false
      forward_policy: null
      forwarders: []
      hostname: freeipa.ru-central1.internal
      ip_addresses: []
      netbios_name: null
      no_dnssec_validation: false
      no_forwarders: false
      no_host_dns: false
      no_reverse: false
      password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      realm: TEST.LOCAL
      reverse_zones: []
      rid_base: null
      secondary_rid_base: null
      setup_adtrust: false
      setup_ca: true
      setup_dns: false
      setup_kra: false
      subject_base: null
  msg: ''

Environment

Version

ansible [core 2.12.2]
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]

Server where ansible

cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"

Remote server

cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
t-woerner commented 2 years ago

The ScriptError in get_server_ip_address is sadly not providing useful information for the ipaserver role. The error is either that the hostname resolve to localhost, or the name and IPA address does not match or the name does not resolve to an IP.

rjeffman commented 2 years ago

It is strange that Python 2.7 is being used for the deployment in Ubuntu 20.04.

Can you try the playbook with ansible_python_interpreter = /usr/bin/python2.7?

patsevanton commented 2 years ago

I find reason:

cat /etc/hosts

127.0.1.1 freeipa.ru-central1.internal freeipa

This task for fix issue:

    - name: Remove 127.0.1.1 from /etc/hosts
      lineinfile:
        path: /etc/hosts
        state: absent
        regexp: '^127.0.1.1'