[Freeipa-devel] [PATCHSET] Replica promotion patches

Simo Sorce simo at redhat.com
Tue Oct 6 16:26:14 UTC 2015 

On 06/10/15 11:06, Jan Pazdziora wrote:
> On Mon, Oct 05, 2015 at 09:47:14AM -0400, Simo Sorce wrote:
>> On 05/10/15 09:42, Oleg Fayans wrote:
>>> 1. At one point ipa-replica-install on a configured client has thrown
>>> the following error:
>>>
>>> Configuring ipa-custodia
>>>    [1/5]: Generating ipa-custodia config file
>>>    [2/5]: Generating ipa-custodia keys
>>>    [3/5]: Importing RA Key
>>>    [error] HTTPError: 502 Server Error: Proxy Error
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> ipa.ipapython.install.cli.install_tool(Replica): ERROR    502 Server
>>> Error: Proxy Error
>>>
>>> (corresponding part of the error log of dirsrv attached)
>>
>> Seem like the peer server was unreachable ?
>> Was there a networking problem ?
>
> I've hit the same issue, during demo today, on a third replica I was
> creating. I was using four VMs on my laptop so no networking issue
> should have caused that.
>
> On the replica (being promoted), /var/log/ipareplica-install.log ends with
>
> On the master, in the error_log, I see
>
> [Tue Oct 06 13:22:33.196769 2015] [wsgi:error] [pid 10789] ipa: INFO: [jsonserver_session] admin at EXAMPLE.TEST: service_add(u'HTTP/ipa-4.example.test at EXAMPLE.TEST', version=u'2.112'): SUCCESS
> [Tue Oct 06 13:22:39.231882 2015] [wsgi:error] [pid 10788] ipa: INFO: [xmlserver] host/ipa-4.example.test at EXAMPLE.TEST: cert_request(u'MIIDWDCCAkACAQAwHTEbMBkGA1UEAxMSaXBhLTQuZXhhbXBsZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1pFdI1FuH1ad882x27i+oi3alabIt1hZjeGyT2zfEWaLajgAcDtT1RjWWFzrWtn9YJAe+3cm7R21MI8eFS1aCBlPaRgBLtefaakQy99k8p3IC8LwZxX9bvPPTuZVuF73DYXmaQAgpe/W7TLhCSFwZqht5D8aG0B7qm2E+mpclqKdlbk9egq8K8zFxs4mbLAuEd95wpSBJWnuaTPwRzrjpniCdl5OFof+ImTIMTVS6+5RUxB6KCi5WpGLbrAZWpHZ80a+weo0RK098r1GMT7LSTTZvOmJ22d15Ub0vQXTqVgAMVtt221vEZ1ZhRsLTbeh89JsDKOonNWk6VwOsYHnQIDAQABoIH1MCUGCSqGSIb3DQEJFDEYHhYAUwBlAHIAdgBlAHIALQBDAGUAcgB0MIHLBgkqhkiG9w0BCQ4xgb0wgbowgYcGA1UdEQEBAAR9MHugNAYKKwYBBAGCNxQCA6AmDCRIVFRQL2lwYS00LmV4YW1wbGUudGVzdEBFWEFNUExFLlRFU1SgQwYGKwYBBQICoDkwN6AOGwxFWEFNUExFLlRFU1ShJTAjoAMCAQGhHDAaGwRIVFRQGxJpcGEtNC5leGFtcGxlLnRlc3QwDAYDVR0TAQH/BAIwADAgBgNVHQ4BAQAEFgQUZsVqOSFYBWZnFs42WMXGAag8w20wDQYJKoZIhvcNAQELBQADggEBAJDlTLM1Iyb4We61xIXttSReAbi0seO/ZevSiPN+orHdr+YL!
 SDpbS6CSXm
5X9Asvlo8iu0iRFrj/CUJAyPu+M7v+lfr3VwrKErycrczt5O4xgGPGfs0XODSlwQOG57SUyQyLXdyLPJtks/ah/LkfbCevew0cjhSnjEN7RpbV6Azh05vMyzF6J7NXlRLFzDDcz099Tug4Siuwsi/Y3AD0b+IR6I1ZOfLKzzzSEu+sC32JzaVythN3TbPqjeyGy/on3JsQTlznzn2LEVVoPioyF1oHyI7hG1OheTNjCoZXgfJUp1Ftct6YhsfhzglORcbmqDL00DdCU/789G5IworCCYo=', principal=u'HTTP/ipa-4.example.test at EXAMPLE.TEST', add=True, version=u'2.51'): SUCCESS
> [Tue Oct 06 13:22:47.652434 2015] [proxy_http:error] [pid 1394] (20014)Internal error: [client 192.168.100.229:49031] AH01102: error reading status line from remote server httpd-UDS:0
> [Tue Oct 06 13:22:47.652476 2015] [proxy:error] [pid 1394] [client 192.168.100.229:49031] AH00898: Error reading from remote server returned by /ipa/keys/ra/ipaCert
> [Tue Oct 06 13:24:31.017069 2015] [wsgi:error] [pid 10789] ipa: INFO: [jsonserver_kerb] admin at EXAMPLE.TEST: ping(): SUCCESS

Was custodia running ?
Can you check its log file ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list