Thanks! I'll give your approach a try before I surrender.<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Dec 11, 2012 at 3:04 PM, Steven Jones <span dir="ltr"><<a href="mailto:Steven.Jones@vuw.ac.nz" target="_blank">Steven.Jones@vuw.ac.nz</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div> <div style="direction:ltr;font-size:10pt;font-family:Tahoma">Hi,<br> <br> I had this recently and it drove me nuts...might want to take more knowledgeable ppls than me advice on the process below to make sure its sane/OK.<br> <br> 8><--- <br> [21/30]: setting up initial replication Starting replication, please wait until this has completed. [<a href="http://vuwunicoipam002.ods.vuw.ac.nz" target="_blank">vuwunicoipam002.ods.vuw.ac.nz</a>] <br><div class="im"> <br> reports: Update failed! Status: [-2 - System error] creation of replica failed: <br></div> Failed to start replication Your system may be partly configured. <br> Run /usr/sbin/ipa-server-install --uninstall to clean up. [root@vuwunicoipam001 replica]# <br> <br> The --uninstall seems to not clean up and remove some data in the ldap and a new machine fails to re-join. Something to do with tombstone references and I suppose other junk (to deep and techy for me).<br> <br> So, run the IPA-server-install --uninstall twice or thrice.<br> <br> Then look for ldap data on the problem replica (ipam001) server,<br> <br> ldapmodify -x -D "cn=directory manager" -W <<EOF dn: cn=<a href="http://meTovuwunicoipam001.ods.vuw.ac.nz" target="_blank">meTovuwunicoipam001.ods.vuw.ac.nz</a>,cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: delete EOF <br> <br> I then did this and got all this cw*p...<br> <br> 8><-----------<br> [root@vuwunicoipam002 jonesst1]# ldapsearch -xLLL -D "cn=directory manager" -W -b dc=ods,dc=vuw,dc=ac,dc=nz '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' |grep ipam001 <br> nsds50ruv: {replica 33 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 32 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 31 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 30 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 29 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 28 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>}<br> nsds50ruv: {replica 27 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 26 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 25 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>} <br> nsds50ruv: {replica 24 ldap://<a href="http://vuwunicoipam001.ods.vuw.ac.nz:389" target="_blank">vuwunicoipam001.ods.vuw.ac.nz:389</a>}<br> <br> etc<br> <br> etc<br> <br> I then cleaned them out with,<br> <br> ldapmodify -x -D "cn=directory manager" -W -f 0001-mod.ldif<br> <br> more 0001-mod.ldif <br> dn: cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping tree,cn=config<br> changetype: modify<br> replace: nsds5task<br> nsds5task: CLEANRUV33<br> <br> rinse and repeat 32 etc to all.....<br> <br> <div>At that point I could get the ipa-replica command to work fine.<br> <br> <br> <div style="font-family:Tahoma;font-size:13px"> <p>regards</p> <p>Steven Jones</p> <p>Technical Specialist - Linux RHCE</p> <p>Victoria University, Wellington, NZ</p> <p>0064 4 463 6272<br> </p> </div> </div> <div style="font-size:16px;font-family:Times New Roman"> <hr> <div style="direction:ltr"><font color="#000000" face="Tahoma"><b>From:</b> <a href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a> [<a href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a>] on behalf of Bret Wortman [<a href="mailto:bret.wortman@damascusgrp.com" target="_blank">bret.wortman@damascusgrp.com</a>]<br> <b>Sent:</b> Wednesday, 12 December 2012 8:12 a.m.<br> <b>To:</b> <a href="mailto:freeipa-users@redhat.com" target="_blank">freeipa-users@redhat.com</a><br> <b>Subject:</b> Re: [Freeipa-users] ipa-replica-install fails<br> </font><br> </div><div><div class="h5"> <div></div> <div>I'm working through them and may simply abandon the idea of automating the replica install. <div class="gmail_extra"><br> <br> <div class="gmail_quote">On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal <span dir="ltr"> <<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"> <div>On 12/11/2012 12:09 PM, Bret Wortman wrote: <blockquote type="cite"><br> <div class="gmail_extra"><br> <br> <div class="gmail_quote">On Tue, Dec 11, 2012 at 11:25 AM, Dmitri Pal <span dir="ltr"> <<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"> <div>On 12/11/2012 10:53 AM, Bret Wortman wrote: <blockquote type="cite">My replica install fails to create a DS instance: <div><br> </div> <div>:</div> <div>[2/30]: creating directory server instance</div> <div>ipa : CRITICAL failed to create ds instance Command '/usr/sbin/<a href="http://setup-ds.pl" target="_blank">setup-ds.pl</a> --silent --logfile - -f /tmp/tmpp80GFc' returned non-zero exit status 1</div> <div>[3/30]: adding default schema</div> <div>:</div> <div>:</div> <div>[21/30]: setting up initial replication</div> <div>Starting replication, please wait until this has completed.</div> <div>[<a href="http://ipa.damascusgrp.com" target="_blank">ipa.damascusgrp.com</a>] reports: Update failed! Status: [-2 - System error]</div> <div>creation of replica failed: Failed to start replication</div> <div><br> </div> <div>What could cause the DS setup to fail? </div> </blockquote> <br> </div> SELinux policy for example, disk being out of space, previous install of DS that has not been properly cleaned, etc...</div> </blockquote> <div><br> </div> </div> </div> </blockquote> <br> </div> Please reply to the list. <div><br> <br> <br> <blockquote type="cite"> <div class="gmail_extra"> <div class="gmail_quote"> <div>getenforce returns "Disabled", the root filesystem has 3G free, and this was a fresh kickstarted cobbler/puppet install. It is true that it was running as an IPA client prior to installation of the IPA server package, but I don't think that would have resulted in a piece of DS laying around, would it?</div> </div> </div> </blockquote> <br> </div> It would not. <div><br> <br> <blockquote type="cite"> <div class="gmail_extra"> <div class="gmail_quote"> <div><br> </div> <div>The system is a virt-manager VM, in case that's related. I'm using IPA-2.2.0 on F17, though I'm trying to get 3.1.0 to build. <br> </div> </div> </div> </blockquote> <br> <br> </div> Have you looked into the logs as I suggested? <br> <div> <div><br> <blockquote type="cite"> <div class="gmail_extra"> <div class="gmail_quote"> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"> <div><br> <br> <blockquote type="cite"> <div>And is the second error likely related as I believe it to be?</div> <div><br clear="all"> </div> </blockquote> </div> Yes.<br> Please look at the install logs, they might have more info about what is going on and why DS install failed. <br> <br> <blockquote type="cite"> <div> <div> <div><br> </div> -- <br> <div>Bret Wortman</div> <div>The Damascus Group</div> <div>Fairfax, VA</div> <div><a href="http://bretwortman.com/" target="_blank">http://bretwortman.com/</a></div> <div><a href="http://twitter.com/BretWortman" target="_blank">http://twitter.com/BretWortman</a></div> <br> </div> <br> <fieldset></fieldset> <br> </div> <pre>_______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> <span><font color="#888888"></font></span></blockquote> <span><font color="#888888"><br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </font></span></div> <br> _______________________________________________<br> Freeipa-users mailing list<br> <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div>Bret Wortman</div> <div>The Damascus Group</div> <div>Fairfax, VA</div> <div><a href="http://bretwortman.com/" target="_blank">http://bretwortman.com/</a></div> <div><a href="http://twitter.com/BretWortman" target="_blank">http://twitter.com/BretWortman</a></div> <br> </div> </blockquote> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </div> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div>Bret Wortman</div> <div>The Damascus Group</div> <div>Fairfax, VA</div> <div><a href="http://bretwortman.com/" target="_blank">http://bretwortman.com/</a></div> <div><a href="http://twitter.com/BretWortman" target="_blank">http://twitter.com/BretWortman</a></div> <br> </div> </div> </div></div></div> </div> </div> <br>_______________________________________________<br> Freeipa-users mailing list<br> <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Bret Wortman</div> <div>The Damascus Group</div><div>Fairfax, VA</div><div><a href="http://bretwortman.com/" target="_blank">http://bretwortman.com/</a></div><div><a href="http://twitter.com/BretWortman" target="_blank">http://twitter.com/BretWortman</a></div> <br> </div>