[Freeipa-users] ipa-replica-install fails

Steven Jones Steven.Jones at vuw.ac.nz
Tue Dec 11 20:04:34 UTC 2012 

Hi,

I had this recently and it drove me nuts...might want to take more knowledgeable ppls than me advice on the process below to make sure its sane/OK.

8><---
[21/30]: setting up initial replication Starting replication, please wait until this has completed. [vuwunicoipam002.ods.vuw.ac.nz]

reports: Update failed! Status: [-2 - System error] creation of replica failed:
Failed to start replication Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up. [root at vuwunicoipam001 replica]#

The --uninstall seems to not clean up and remove some data in the ldap and a new machine fails to re-join.  Something to do with tombstone references and I suppose other junk (to deep and techy for me).

So, run the IPA-server-install --uninstall twice or thrice.

Then look for ldap data on the problem replica (ipam001) server,

ldapmodify -x -D "cn=directory manager" -W <<EOF dn: cn=meTovuwunicoipam001.ods.vuw.ac.nz,cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: delete EOF

I then did this and got all this cw*p...

8><-----------
[root at vuwunicoipam002 jonesst1]# ldapsearch -xLLL -D "cn=directory manager" -W -b dc=ods,dc=vuw,dc=ac,dc=nz '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' |grep ipam001
nsds50ruv: {replica 33 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 32 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 31 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 30 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 29 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 28 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 27 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 26 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 25 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 24 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}

etc

etc

I then cleaned them out with,

ldapmodify -x -D "cn=directory manager" -W  -f 0001-mod.ldif

more 0001-mod.ldif
dn: cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANRUV33

rinse and repeat 32 etc to all.....

At that point I could get the ipa-replica command to work fine.



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Bret Wortman [bret.wortman at damascusgrp.com]
Sent: Wednesday, 12 December 2012 8:12 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] ipa-replica-install fails

I'm working through them and may simply abandon the idea of automating the replica install.


On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal <dpal at redhat.com<mailto:dpal at redhat.com>> wrote:
On 12/11/2012 12:09 PM, Bret Wortman wrote:



On Tue, Dec 11, 2012 at 11:25 AM, Dmitri Pal <dpal at redhat.com<mailto:dpal at redhat.com>> wrote:
On 12/11/2012 10:53 AM, Bret Wortman wrote:
My replica install fails to create a DS instance:

:
[2/30]: creating directory server instance
ipa      : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl<http://setup-ds.pl> --silent --logfile - -f /tmp/tmpp80GFc' returned non-zero exit status 1
[3/30]: adding default schema
:
:
[21/30]: setting up initial replication
Starting replication, please wait until this has completed.
[ipa.damascusgrp.com<http://ipa.damascusgrp.com>] reports: Update failed! Status: [-2 - System error]
creation of replica failed: Failed to start replication

What could cause the DS setup to fail?

SELinux policy for example, disk being out of space, previous install of DS that has not been properly cleaned, etc...


Please reply to the list.



getenforce returns "Disabled", the root filesystem has 3G free, and this was a fresh kickstarted cobbler/puppet install. It is true that it was running as an IPA client prior to installation of the IPA server package, but I don't think that would have resulted in a piece of DS laying around, would it?

It would not.



The system is a virt-manager VM, in case that's related. I'm using IPA-2.2.0 on F17, though I'm trying to get 3.1.0 to build.


Have you looked into the logs as I suggested?



And is the second error likely related as I believe it to be?

Yes.
Please look at the install logs, they might have more info about what is going on and why DS install failed.


--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman




_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>




_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman




--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>






--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121211/3cf9551e/attachment.htm>

More information about the Freeipa-users mailing list