[Freeipa-users] ipa-replica-install fails

Wed Dec 12 17:53:33 UTC 2012

Thanks! I'll give your approach a try before I surrender.

On Tue, Dec 11, 2012 at 3:04 PM, Steven Jones <Steven.Jones at vuw.ac.nz>wrote:

>  Hi,
>
> I had this recently and it drove me nuts...might want to take more
> knowledgeable ppls than me advice on the process below to make sure its
> sane/OK.
>
> 8><---
> [21/30]: setting up initial replication Starting replication, please wait
> until this has completed. [vuwunicoipam002.ods.vuw.ac.nz]
>
> reports: Update failed! Status: [-2 - System error] creation of replica
> failed:
> Failed to start replication Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> [root at vuwunicoipam001 replica]#
>
> The --uninstall seems to not clean up and remove some data in the ldap and
> a new machine fails to re-join.  Something to do with tombstone references
> and I suppose other junk (to deep and techy for me).
>
> So, run the IPA-server-install --uninstall twice or thrice.
>
> Then look for ldap data on the problem replica (ipam001) server,
>
> ldapmodify -x -D "cn=directory manager" -W <<EOF dn: cn=
> meTovuwunicoipam001.ods.vuw.ac.nz,cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dcom,cn=mapping
> tree,cn=config changetype: delete EOF
>
> I then did this and got all this cw*p...
>
> 8><-----------
> [root at vuwunicoipam002 jonesst1]# ldapsearch -xLLL -D "cn=directory
> manager" -W -b dc=ods,dc=vuw,dc=ac,dc=nz
> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
> |grep ipam001
> nsds50ruv: {replica 33 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 32 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 31 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 30 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 29 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 28 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 27 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 26 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 25 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
> nsds50ruv: {replica 24 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
>
> etc
>
> etc
>
> I then cleaned them out with,
>
> ldapmodify -x -D "cn=directory manager" -W  -f 0001-mod.ldif
>
> more 0001-mod.ldif
> dn: cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5task
> nsds5task: CLEANRUV33
>
> rinse and repeat 32 etc to all.....
>
> At that point I could get the ipa-replica command to work fine.
>
>
>  regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>   ------------------------------
> *From:* freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com]
> on behalf of Bret Wortman [bret.wortman at damascusgrp.com]
> *Sent:* Wednesday, 12 December 2012 8:12 a.m.
> *To:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] ipa-replica-install fails
>
>  I'm working through them and may simply abandon the idea of automating
> the replica install.
>
>
> On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal <dpal at redhat.com> wrote:
>
>>  On 12/11/2012 12:09 PM, Bret Wortman wrote:
>>
>>
>>
>>
>> On Tue, Dec 11, 2012 at 11:25 AM, Dmitri Pal <dpal at redhat.com> wrote:
>>
>>>  On 12/11/2012 10:53 AM, Bret Wortman wrote:
>>>
>>> My replica install fails to create a DS instance:
>>>
>>>  :
>>> [2/30]: creating directory server instance
>>> ipa      : CRITICAL failed to create ds instance Command '/usr/sbin/
>>> setup-ds.pl --silent --logfile - -f /tmp/tmpp80GFc' returned non-zero
>>> exit status 1
>>> [3/30]: adding default schema
>>> :
>>> :
>>> [21/30]: setting up initial replication
>>> Starting replication, please wait until this has completed.
>>> [ipa.damascusgrp.com] reports: Update failed! Status: [-2 - System
>>> error]
>>> creation of replica failed: Failed to start replication
>>>
>>>  What could cause the DS setup to fail?
>>>
>>>
>>>  SELinux policy for example, disk being out of space, previous install
>>> of DS that has not been properly cleaned, etc...
>>>
>>
>>
>>  Please reply to the list.
>>
>>
>>
>>   getenforce returns "Disabled", the root filesystem has 3G free, and
>> this was a fresh kickstarted cobbler/puppet install. It is true that it was
>> running as an IPA client prior to installation of the IPA server package,
>> but I don't think that would have resulted in a piece of DS laying around,
>> would it?
>>
>>
>>  It would not.
>>
>>
>>
>>  The system is a virt-manager VM, in case that's related. I'm using
>> IPA-2.2.0 on F17, though I'm trying to get 3.1.0 to build.
>>
>>
>>
>>  Have you looked into the logs as I suggested?
>>
>>
>>>
>>>  And is the second error likely related as I believe it to be?
>>>
>>>   Yes.
>>> Please look at the install logs, they might have more info about what is
>>> going on and why DS install failed.
>>>
>>>
>>>  --
>>> Bret Wortman
>>> The Damascus Group
>>> Fairfax, VA
>>> http://bretwortman.com/
>>> http://twitter.com/BretWortman
>>>
>>>
>>>
>>>  _______________________________________________
>>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager for IdM portfolio
>>> Red Hat Inc.
>>>
>>>
>>> -------------------------------
>>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>>
>>  --
>> Bret Wortman
>> The Damascus Group
>> Fairfax, VA
>> http://bretwortman.com/
>> http://twitter.com/BretWortman
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>
>>
>
>
>  --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

-- 
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121212/b902c663/attachment.htm>