[Freeipa-users] Replica installation failing

Bret Wortman bret.wortman at damascusgrp.com
Tue Mar 19 14:42:47 UTC 2013 

I'm now rebuilding on F17 and Martin's going to try my scenario, which should have worked. Who knows, I may have borked it somehow. 
—
Bret Wortman

On Tue, Mar 19, 2013 at 10:19 AM, Bret Wortman
<bret.wortman at damascusgrp.com> wrote:

> Generation difference. Wrong version of the software -- the F18 version
> apparently can't read the data generated by my F17 server. And backing it
> down appears to be nontrivial. Upgrading the master to F18 is a nonstarter
> as F18 isn't exactly stable in our environment. I guess I'm going to
> rebuild this box on F17 and try again.
> I'm kind of surprised that there isn't better backward compatibility here;
> is it hard to maintain the ability to read the old formats, or are packages
> you depend on changing too quickly? I'm not trying to be critical or start
> a flame war here, just to understand. :-)
> *
> *
> *Bret Wortman*
> <http://damascusgrp.com/>
> http://damascusgrp.com/ <http://bretwortman.com/>
> http://twitter.com/BretWortman
> On Tue, Mar 19, 2013 at 8:48 AM, Martin Kosek <mkosek at redhat.com> wrote:
>> Ok. This looks like dirsrv errors from the master machine. Are there also
>> any
>> interesting errors on the replica machine?
>>
>> Martin
>>
>> On 03/19/2013 01:45 PM, Bret Wortman wrote:
>> > Yes, it's still resolvable.
>> >
>> > In the errors log:
>> >
>> > [19/Mar/2013:08:39:53 -0400] slapi_ldap_bind - Error: could not send
>> startTLS
>> > request: error -1 (Can't contact LDAP server) errno 107 (Transport
>> endpoint is
>> > not connected)
>> > [19/Mar/2013:08:39:53 -0400] NSMMReploicationPlugin -
>> > agmt="cn=meTojsipa.damascusgrp.com <http://meTojsipa.damascusgrp.com>"
>> > (jsipa:389) : Replication bind with SIMPLE auth failed: LDAP error -1
>> (Can't
>> > contact LDAQP server) ((null))
>> >
>> > and then the first error repeats every few seconds for a while.
>> >
>> > jsipa.damascusgrp.com <http://jsipa.damascusgrp.com> is resolvable on
>> > ipamaster.damascusgrp.com <http://ipamaster.damascusgrp.com>.
>> >
>> > I _have_ noticed that when doing the ipa-server-install --uninstall to
>> clean up
>> > after this, that some ports (389, 636) don't get released unless I
>> reboot. I
>> > don't know if that's related or a red herring.
>> >
>> >
>> > _
>> > _
>> > *Bret Wortman*
>> > <http://damascusgrp.com/>
>> > http://damascusgrp.com/ <http://bretwortman.com/>
>> > http://twitter.com/BretWortman
>> >
>> >
>> > On Tue, Mar 19, 2013 at 8:30 AM, Martin Kosek <mkosek at redhat.com
>> > <mailto:mkosek at redhat.com>> wrote:
>> >
>> >     On 03/19/2013 01:12 PM, Bret Wortman wrote:
>> >     > Preparation of the replica data file went without a hitch, but on
>> >     installation:
>> >     >
>> >     > # ipa-replica-install --setup-dns --no-forwarders
>> >     > replica-info-jsipa.damascusgrp.com
>> >     <http://replica-info-jsipa.damascusgrp.com>
>> >     <http://replica-info-jsipa.damascusgrp.com>
>> >     > --skip-conncheck
>> >     > Directory Manager (existing master) password:
>> >     >
>> >     > Configuring NTP daemon (ntpd)
>> >     > :
>> >     > Configuring directory server (dirsrv): Estimated time 1 minute
>> >     > :
>> >     > :
>> >     >   [21/30]: setting up initial replication
>> >     > Starting replication, please wait until this has completed.
>> >     > [ipamaster.damascusgrp.com <http://ipamaster.damascusgrp.com>
>> >     <http://ipamaster.damascusgrp.com>] reports: Update
>> >     > failed! Status: [-1 - LDAP error: Can't contact LDAP server]
>> >     > :
>> >     > # getenforce
>> >     > Disabled
>> >     > # systemctl status iptables.service
>> >     > iptables.service
>> >     >           Loaded: error (Reason: No such file or directory)
>> >     >           Active: inactive(dead)
>> >     >
>> >     > #
>> >     >
>> >     > Any ideas? This is a brand-new server just set up via kickstart.
>> It's running
>> >     > Fedora 18 and IPA 3.1.0-2.fc18.
>> >     >
>> >     > _
>> >     > _
>> >     > *Bret Wortman*
>> >     > <http://damascusgrp.com/>
>> >     > http://damascusgrp.com/ <http://bretwortman.com/>
>> >     > http://twitter.com/BretWortman
>> >     >
>> >
>> >     Hello Bret,
>> >
>> >     Is ipamaster.damascusgrp.com <http://ipamaster.damascusgrp.com>
>> still
>> >     resolvable from the replica machine? I would
>> >     try running:
>> >
>> >     # host ipamaster.damascusgrp.com <http://ipamaster.damascusgrp.com>
>> >
>> >     ... after the failed ipa-replica-install. There were issues in the
>> past when
>> >     /etc/resolv.conf changed during replica installation and caused
>> similar error
>> >     in a middle of ipa-replica-install.
>> >
>> >     If the DNS resolution is OK, I would also check
>> >     /var/log/dirsvr/slapd-INST/errors on replica and on master - are
>> there any
>> >     relevant errors?
>> >
>> >     Martin
>> >
>> >
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130319/684520b9/attachment.htm>

More information about the Freeipa-users mailing list