A lot of replica installations in upstream CI fail with ipa-getkeytab timeouts. Error message normally looks like this:
[38/43]: adding replication acis [39/43]: enabling compatibility plugin [40/43]: activating sidgen plugin [41/43]: activating extdom plugin [42/43]: tuning directory server [43/43]: configuring directory to start on boot Done configuring directory server (dirsrv). ipa.ipapython.install.cli.install_tool(Replica): ERROR Command '/usr/sbin/ipa-getkeytab -k /etc/httpd/conf/ipa.keytab -p HTTP/vm-177.example.com@DOM-102.EXAMPLE.COM -s vm-102.example.com' returned non-zero exit status 9 ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
attachment ipareplica-install.log
2500 2016-04-22T14:08:15Z DEBUG Starting external process 2501 2016-04-22T14:08:15Z DEBUG args=/usr/sbin/ipa-getkeytab -k /etc/httpd/conf/ipa.keytab -p HTTP/vm-177.example.com@DOM-102.example.COM -s vm-102.example.com 2502 2016-04-22T14:08:36Z DEBUG Process finished, return code=9 2503 2016-04-22T14:08:36Z DEBUG stdout= 2504 2016-04-22T14:08:36Z DEBUG stderr=Timeout exceeded.Missing reply control list! 2505 Retrying with pre-4.0 keytab retrieval method... 2506 Timeout exceeded.Missing reply control list! 2507 ber_init() failed, Invalid control ?! 2508 Failed to get keytab
I was investigating this with Milan and raising timeout helped him.
Default timeout 10 seconds was not enough for him, 100 seconds worked.
I see a patch on the list.
master:
Metadata Update from @ofayans: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.4
Login to comment on this ticket.