Closed RobVerduijn closed 5 years ago
Do you have more error messages in the log file? Do you get the same error using the command line installer?
hello, The client joins when I do a manual configuration. ipa-client-install --enable-dns-updates
I'm rerunning the installation to collect the logs, I'll post it when it's done Rob
Output from -vvv
The full traceback is: WARNING: The below traceback may not be related to the actual failure. File "/tmp/ansible_ipaclient_join_payload_N2y5q5/main.py", line 270, in main get_ca_certs(fstore, options, servers[0], basedn, realm) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 1820, in get_ca_certs message=u"HTTP "
fatal: [katello]: FAILED! => { "changed": false, "invocation": { "module_args": { "admin_keytab": null, "basedn": "dc=example,dc=com", "ca_cert_file": null, "debug": null, "domain": "freeipa01", "force_join": false, "hostname": "ipaclient.example.com", "kdc": "freeipa01, freeipa02", "keytab": null, "kinit_attempts": 5, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "principal": "rob", "realm": "EXAMPLE.COM", "servers": [ "freeipa01", "freeipa02" ] } }, "msg": "Cannot obtain CA certificate\nHTTP certificate download requires --force"
Hello, It seems to work again with the latest git version.
Cheers Rob
Hello,
Doing a fresh install on a centos7 ipaclient. (as in new kickstart install) The configuration of the client fails on the task: ipaclient : Install - Join IPA with the error : FAILED! => {"changed": false, "msg": "Cannot obtain CA certificate\nHTTP certificate download requires --force"}
This is a new client I checked that
the following vars where set: ipaclient_mkhomedir: false ipaclient_use_otp: false ipaadmin_principal: '{{ ipa_admin }}' ipaadmin_password: '{{ ipa_admin_password }}' ipassd_enable_dns_updates: true ipaclient_no_ntp: true
Cheers Rob