Portal:FreeIPA/ipa-replica-install Example Output

Jump to: navigation, search

This is the full conversation and output from the example setup of linuxdom.net, captured from ipa-replica-install command on the IPA replica:

root@ipa-standby ~# ipa-replica-install --setup-dns --forwarder 8.8.8.8 --skip-conncheck replica-info-ipa-standby.linuxdom.net.gpg
Checking forwarders, please wait ...
Directory Manager (existing master) password:

Using reverse zone(s) 122.168.192.in-addr.arpa.
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/35]: creating directory server user
  [2/35]: creating directory server instance
  [3/35]: adding default schema
  [4/35]: enabling memberof plugin
  [5/35]: enabling winsync plugin
  [6/35]: configuring replication version plugin
  [7/35]: enabling IPA enrollment plugin
  [8/35]: enabling ldapi
  [9/35]: configuring uniqueness plugin
  [10/35]: configuring uuid plugin
  [11/35]: configuring modrdn plugin
  [12/35]: configuring DNS plugin
  [13/35]: enabling entryUSN plugin
  [14/35]: configuring lockout plugin
  [15/35]: creating indices
  [16/35]: enabling referential integrity plugin
  [17/35]: configuring ssl for ds instance
  [18/35]: configuring certmap.conf
  [19/35]: configure autobind for root
  [20/35]: configure new location for managed entries
  [21/35]: configure dirsrv ccache
  [22/35]: enable SASL mapping fallback
  [23/35]: restarting directory server
  [24/35]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 4 seconds elapsed
Update succeeded

  [25/35]: updating schema
  [26/35]: setting Auto Member configuration
  [27/35]: enabling S4U2Proxy delegation
  [28/35]: importing CA certificates from LDAP
  [29/35]: initializing group membership
  [30/35]: adding master entry
  [31/35]: configuring Posix uid/gid generation
  [32/35]: adding replication acis
  [33/35]: enabling compatibility plugin
  [34/35]: tuning directory server
  [35/35]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
  [1/9]: adding sasl mappings to the directory
  [2/9]: writing stash file from DS
  [3/9]: configuring KDC
  [4/9]: creating a keytab for the directory
  [5/9]: creating a keytab for the machine
  [6/9]: adding the password extension to the directory
  [7/9]: enable GSSAPI for replication
  [8/9]: starting the KDC
  [9/9]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmind
  [1/2]: starting kadmind
  [2/2]: configuring kadmind to start on boot
Done configuring kadmind.
Configuring ipa_memcached
  [1/2]: starting ipa_memcached
  [2/2]: configuring ipa_memcached to start on boot
Done configuring ipa_memcached.
Configuring the web interface (httpd): Estimated time 1 minute
  [1/15]: enabling Apache flag and modules (authn_core, authz_core, authz_host, auth_kerb, rewrite, filter, proxy, headers, nss)
  [2/15]: disabling conflicing Apache modules (auth_compat, ssl)
  [3/15]: setting mod_nss port to 443
  [4/15]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
  [5/15]: setting mod_nss certificate DB and password file
  [6/15]: enabling mod_nss renegotiate
  [7/15]: adding URL rewriting rules
  [8/15]: configuring apache2
  [9/15]: setting up ssl
  [10/15]: importing CA certificates from LDAP
  [11/15]: publish CA cert
  [12/15]: creating a keytab for httpd
  [13/15]: clean up any existing httpd ccache
  [14/15]: restarting apache2
  [15/15]: configuring apache2 to start on boot
Done configuring the web interface (httpd).
Configuring ipa-otpd
  [1/2]: starting ipa-otpd
  [2/2]: configuring ipa-otpd to start on boot
Done configuring ipa-otpd.
Applying LDAP updates
Restarting Directory server to apply updates
  [1/2]: stopping directory server
  [2/2]: starting directory server
Done.
Restarting the directory server
Restarting the KDC
Configuring DNS (named)
  [1/9]: setting up reverse zone
  [2/9]: setting up our own record
  [3/9]: adding NS record to the zones
  [4/9]: setting up CA record
  [5/9]: setting up kerberos principal
  [6/9]: setting up named.conf
  [7/9]: configuring named to start on boot
  [8/9]: disable NAMED_RUN_CHROOTED
  [9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).

Configuring DNS key synchronization service (ipa-dnskeysyncd)
  [1/7]: checking status
  [2/7]: setting up bind-dyndb-ldap working directory
  [3/7]: setting up kerberos principal
  [4/7]: setting up SoftHSM
  [5/7]: adding DNSSEC containers
  [6/7]: creating replica keys
  [7/7]: configuring ipa-dnskeysyncd to start on boot
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named

Restarting the web server