33857 2017-09-07 14:34:16 +0300 Проблема с установкой реплики 2017-11-22 20:01:53 +0300 1 1 4 Development Sisyphus freeipa-server unstable all Linux CLOSED WORKSFORME P3 normal --- 1 sotor slev sem sin slev qa-sisyphus oldest_to_newest 165625 0 sotor 2017-09-07 14:34:16 +0300 При попытке создания реплики FreeIPA сервера возникает такая ошибка: 2017-09-07T10:18:16Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1687, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 377, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1442, in promote custodia.create_replica(config.master_host_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 86, in create_replica realm=self.realm) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 580, in create_instance self.start_creation("Configuring %s" % self.service_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 102, in __import_ra_key cli = CustodiaClient(self.fqdn, self.master_host_name, self.realm) File "/usr/lib/python2.7/site-packages/ipapython/secrets/client.py", line 61, in __init__ requests.packages.urllib3.disable_warnings() 2017-09-07T10:18:16Z DEBUG The ipa-replica-install command failed, exception: AttributeError: 'module' object has no attribute 'packages' 2017-09-07T10:18:16Z ERROR 'module' object has no attribute 'packages' После обновления модуля requests: python-module-pip pip install --upgrade requests Ошибка меняется на: [3/5]: Importing RA Key [error] SSLError: HTTPSConnectionPool(host='dcpve01.ipatest.ipalocal', port=443): Max retries exceeded with url: /ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--XOlOsw (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR HTTPSConnectionPool(host='dcpve01.ipatest.ipalocal', port=443): Max retries exceeded with url: /ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--XOlOsw (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)) После установки модуля с сертификатами и добавления сертификата FreeIPA в доверенные: apt-get install python-module-certifi cat /etc/ipa/ca.crt >> /usr/lib/python2.7/site-packages/certifi/cacert.pem Ошибка меняется на: [3/5]: Importing RA Key [error] HTTPError: 403 Client Error: Forbidden for url: https://dcpve01.ipatest.ipalocal/ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--VvQAiAlHPQ Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR 403 Client Error: Forbidden for url: https://dcpve01.ipatest.ipalocal/ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--VvQAiAlHPQ ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information 167394 1 sem 2017-11-22 20:01:53 +0300 Должно быть давно исправлено.