[Freeipa-users] Replica failing to install with ipa and RHEL6.2
Marc Grimme
grimme at atix.de
Tue May 15 11:58:36 UTC 2012
Hello,
until today we had a ipa configuration with two directory servers (master/replica) up and running.
But today unfortunately the replica could not synchronize and is since then unable to resynchronize.
I removed the replica from the master:
ipa-replica-manage --force del methusalix2.cl.atix
and then recreated the replica:
ipa-replica-prepare methusalix2.cl.atix --ip-address=192.168.3.3
Directory Manager (existing master) password:
Preparing replica for methusalix2.cl.atix from axinfra01-1.cl.atix
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg
Adding DNS records for methusalix2.cl.atix
Using reverse zone 3.168.192.in-addr.arpa.
On the replica I then issued the proposed commands:
[root at methusalix2 ~]# scp 192.168.40.102:/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg /var/lib/ipa/
root at 192.168.40.102's password:
Permission denied, please try again.
root at 192.168.40.102's password:
replica-info-methusalix2.cl.atix.gpg 100% 28KB 28.4KB/s 00:00
[root at methusalix2 ~]# ipa-replica-install --debug --setup-dns --forwarder=.. --forwarder=.. /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg
root : DEBUG /usr/sbin/ipa-replica-install was invoked with argument "/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg" and options: {'no_forwarders': False, 'ui_redirect': True, 'reverse_zone': None, 'unattended': False, 'no_host_dns': False, 'no_reverse': False, 'setup_dns': True, 'setup_ca': False, 'forwarders': [CheckedIPAddress('..'), CheckedIPAddress('..')], 'debug': True, 'conf_ntp': True, 'skip_conncheck': False}
root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Directory Manager (existing master) password:
root : DEBUG args=/usr/bin/gpg --batch --homedir /tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpvVcfupipa/files.tar -d /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg
root : DEBUG stdout=
root : DEBUG stderr=gpg: WARNING: unsafe permissions on homedir `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg'
gpg: keyring `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg/secring.gpg' created
gpg: keyring `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg/pubring.gpg' created
gpg: 3DES encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
..
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at CL.ATIX password:
Execute check on remote master
Check connection from master to remote replica 'methusalix2.cl.atix':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: port 80 (80): OK
HTTP Server: port 443(https) (443): OK
Connection from master to replica is OK.
root : DEBUG args=/usr/sbin/ipa-replica-conncheck --master axinfra01-1.cl.atix --auto-master-check --realm CL.ATIX --principal admin --hostname methusalix2.cl.atix
Connection check OK
root : DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
..
[21/29]: setting up initial replication
root : DEBUG args=/sbin/service dirsrv restart CL-ATIX
root : DEBUG stdout=Shutting down dirsrv:
CL-ATIX... [ OK ]
Starting dirsrv:
CL-ATIX... [ OK ]
root : DEBUG stderr=
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
[axinfra01-1.cl.atix] reports: Update failed! Status: [-2 Total update abortedSystem error]
creation of replica failed: Failed to start replication
root : DEBUG Failed to start replication
File "/usr/sbin/ipa-replica-install", line 482, in <module>
main()
File "/usr/sbin/ipa-replica-install", line 433, in main
ds = install_replica_ds(config)
File "/usr/sbin/ipa-replica-install", line 135, in install_replica_ds
pkcs12_info)
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 284, in create_replica
self.start_creation("Configuring directory server", 60)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 248, in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 297, in __setup_replica
r_bindpw=self.dm_password)
File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", line 694, in setup_replication
raise RuntimeError("Failed to start replication")
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
On the master I only see the following:
[15/May/2012:13:56:55 +0200] NSMMReplicationPlugin - agmt="cn=meTomethusalix2.cl.atix" (methusalix2:389): Replica has a different generation ID than the local data.
I followed instructions from other posts with restarting the master and so on but without success.
Any ideas how I can proceed?
Thanks
Marc.
______________________________________________________________________________
Marc Grimme
E-Mail: grimme at atix.de
More information about the Freeipa-users
mailing list