timorunge
commented
6 years ago Hey,
thanks for reporting. Can you share your OS, and the vars that you're setting?
Thanks, Regards Timo
Closed till closed 6 years ago
timorunge
commented
6 years ago Hey,
thanks for reporting. Can you share your OS, and the vars that you're setting?
Thanks, Regards Timo
till
commented
6 years ago @timorunge yeah, I am trying to run on CentOS:
Linux keymaster.example.org 3.10.0 #1 SMP Wed May 23 10:04:13 MSK 2018 x86_64 x86_64 x86_64 GNU/Linuxcat /etc/centos-release
CentOS Linux release 7.5.1804 (Core)I put all variables into a vault:
# Admin user kerberos password
freeipa_server_admin_password: Passw0rd
# Primary DNS domain of the IPA deployment
freeipa_server_domain: keymaster.example.org
# Directory Manager password
freeipa_server_ds_password: Passw0rd
# The hostname of this machine (FQDN)
freeipa_server_fqdn: keymaster.planetary-networks.de
# Master Server IP Address
freeipa_server_ip: 172.20.0.2
# Kerberos realm name of the IPA deployment
freeipa_server_realm: KEYMASTER.EXAMPLE.ORG(Changed the hostname as I don't want to post it in public but it's a FQDN that resolves.)
timorunge
commented
6 years ago @till: Can you confirm that 5351f4d51e981321fcfece348dedc85360386891 is fixing the issue for you?
till
commented
6 years ago @timorunge do I just ansible-galaxy (with force) again to update? (Sorry, I am an ansible n00b.)
timorunge
commented
6 years ago @till this will do the trick:
ansible-galaxy install -f timorunge.freeipa_server,master
till
commented
6 years ago @timorunge I added you to a requirements.yml — just learned about that. 💃
It continues beyond that step, but then fails with:
fatal: [keymaster]: FAILED! => {"changed": false, "msg": "Unable to find any of pip2, pip to use. pip needs to be installed."}Sorry for all the questions. Am I supposed to include a role for pip now? Or is that a dependency "missing" in your role?
timorunge
commented
6 years ago :)
This has nothing to do with the module itself. You need some basic-packages on your remote system.
yum install -y epel-release ; yum update -y ; yum install python-pip -y ; pip install --upgrade pip
till
commented
6 years ago OK, I did add a few more roles from galaxy for the things you suggested (to keep track of what I install) and it continues successfully!
Thanks so much for your help!
timorunge
commented
6 years ago You're welcome!
till
commented
6 years ago @timorunge
Two additional questions:
krb5kdc and kadmin happens (probably through ipa), I am trying to figure out how to get it running — kinit admin is unable to contact it. I am gonna try to run through the setup again and enable them and start them, etc. — but is there anything else to take care of or would it be best to use another role for this?till
commented
6 years ago If anyone ever gets here through Google:
KRB5_TRACE=/dev/stdout kinit adminHelps to debug the hanging. Pointed me to something in DNS in my case (record of the domain for the KDC resolved wrong).
timorunge
commented
6 years ago @till
The bugfix release is done. Actually this role is meant just to do be a wrapper for the basic setup of FreeIPA. Actually there is an official Ansible role which can do a lot more (https://github.com/freeipa/ansible-freeipa) but this was overhead for my usage.
till
commented
6 years ago @timorunge Thanks! Yeah, same here. :) Your's worked in the end — I think I got confused by how FreeIPA uses all components. Even DNS is included and fed by LDAP. So that was what tripped me over.
Thanks again for responding/helping! :)
Can't install server, it seems to fail at setting the name: