[Freeipa-users] error adding replica (2)

Rob Crittenden rcritten at redhat.com
Mon Dec 3 16:52:26 UTC 2012 

Steven Jones wrote:
> Hi,
>
> Any ideas?  I have moved the CA cert off the original ipam001 to ipam002 and built a fresh iapm001 when I try and join it to ipam002 I get the error below.
>
> ipam003 was removed off the old ipam001 and added to ipam002 perfectly.
>
>>From google it was suggested kerberos might be caching but Ive rebooted all the IPA servers at least once and ipam002 (it holds the CA) 3 times over 8 hours....no joy.
>
> I also did a search for the principal as suggested by Rob, output below.
>
> ==============
> [root at vuwunicoipam001 ~]# ipa-replica-install --setup-dns --no-reverse --forwarder=130.195.85.25 /root/replica/replica-info-vuwunicoipam001.ods.vuw.ac.nz.gpg --skip-conncheck
> Directory Manager (existing master) password:
>
> Configuring ntpd
>    [1/4]: stopping ntpd
>    [2/4]: writing configuration
>    [3/4]: configuring ntpd to start on boot
>    [4/4]: starting ntpd
> done configuring ntpd.
> Configuring directory server: Estimated time 1 minute
>    [1/30]: creating directory server user
>    [2/30]: creating directory server instance
>    [3/30]: adding default schema
>    [4/30]: enabling memberof plugin
>    [5/30]: enabling referential integrity plugin
>    [6/30]: enabling winsync plugin
>    [7/30]: configuring replication version plugin
>    [8/30]: enabling IPA enrollment plugin
>    [9/30]: enabling ldapi
>    [10/30]: configuring uniqueness plugin
>    [11/30]: configuring uuid plugin
>    [12/30]: configuring modrdn plugin
>    [13/30]: enabling entryUSN plugin
>    [14/30]: configuring lockout plugin
>    [15/30]: creating indices
>    [16/30]: configuring ssl for ds instance
>    [17/30]: configuring certmap.conf
>    [18/30]: configure autobind for root
>    [19/30]: configure new location for managed entries
>    [20/30]: restarting directory server
>    [21/30]: setting up initial replication
> Starting replication, please wait until this has completed.
> [vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-2  - System error]
> creation of replica failed: Failed to start replication
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> [root at vuwunicoipam001 ~]#
> ============
>
> ============
>    [20/30]: restarting directory server
> ipa         : DEBUG    args=/sbin/service dirsrv restart ODS-VUW-AC-NZ
> ipa         : DEBUG    stdout=Shutting down dirsrv:
>      ODS-VUW-AC-NZ...                                       [  OK  ]
> Starting dirsrv:
>      ODS-VUW-AC-NZ...                                       [  OK  ]
>
> ipa         : DEBUG    stderr=
> ipa         : DEBUG    args=/sbin/service dirsrv status ODS-VUW-AC-NZ
> ipa         : DEBUG    stdout=dirsrv ODS-VUW-AC-NZ (pid 10552) is running...
>
> ipa         : DEBUG    stderr=
> ipa         : DEBUG      duration: 3 seconds
> ipa         : DEBUG      [21/30]: setting up initial replication
>    [21/30]: setting up initial replication
> ipa         : DEBUG    args=/sbin/service dirsrv restart ODS-VUW-AC-NZ
> ipa         : DEBUG    stdout=Shutting down dirsrv:
>      ODS-VUW-AC-NZ...                                       [  OK  ]
> Starting dirsrv:
>      ODS-VUW-AC-NZ...                                       [  OK  ]
>
> ipa         : DEBUG    stderr=
> Starting replication, please wait until this has completed.
> [vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-2  - System error]
> creation of replica failed: Failed to start replication
> ipa         : DEBUG    Failed to start replication
>    File "/usr/sbin/ipa-replica-install", line 496, in <module>
>      main()
>
>    File "/usr/sbin/ipa-replica-install", line 432, in main
>      ds = install_replica_ds(config)
>
>    File "/usr/sbin/ipa-replica-install", line 147, in install_replica_ds
>      pkcs12_info)
>
>    File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 282, in create_replica
>      self.start_creation("Configuring directory server", 60)
>
>    File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 257, in start_creation
>      method()
>
>    File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 295, in __setup_replica
>      r_bindpw=self.dm_password)
>
>    File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", line 748, in setup_replication
>      raise RuntimeError("Failed to start replication")
>
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> [root at vuwunicoipam001 ~]#
>
> ============
>
> [root at vuwunicoipam002 ~]# ldapsearch -x -b 'cn=services,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz' '(krbprincipalname=*ods-directory*)'
> # extended LDIF
> #
> # LDAPv3
> # base <cn=services,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz> with scope subtree
> # filter: (krbprincipalname=*ods-directory*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
> [root at vuwunicoipam002 ~]#

This is failing during the initial replication which is a bit strange. 
Are you seeing anything logged in errors on either directory server?

rob

More information about the Freeipa-users mailing list