[Freeipa-users] RHEL 7 Upgrade experience so far
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon Aug 4 02:45:34 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
>
>
>
> Whether related or not I am getting the following in my RHEL 6.5
> IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
>
> [26/Jul/2014:20:23:23 +0000] slapi_ldap_bind - Error: could not
> send startTLS re quest: error -1 (Can't contact LDAP server) errno
> 107 (Transport endpoint is not connected) [26/Jul/2014:20:23:23
> +0000] NSMMReplicationPlugin - agmt="cn=masterAgreement1-i
> pa2.example.com-pki-ca" (ipa2:7389): Replication bind with SIMPLE
> auth failed: LD AP error -1 (Can't contact LDAP server) ((null))
> [26/Jul/2014:20:23:37 +0000] slapi_ldap_bind - Error: could not
> send startTLS re quest: error -1 (Can't contact LDAP server) errno
> 107 (Transport endpoint is not connected) [26/Jul/2014:20:23:48
> +0000] slapi_ldap_bind - Error: could not send startTLS re quest:
> error -1 (Can't contact LDAP server) errno 107 (Transport endpoint
> is not connected)
>
> And these errors just continue to be logged.
>
> When attempting to run ipa-ca-install -d on the RHEL 7 replica
> (all other services are on there running fine) I receive the
> following:
>
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -vv -s CA -f /tmp/tmpqd0WwF' returned non-zero
> exit status 1 ipa : DEBUG File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>
>
line 638, in run_script
> return_value = main_function()
>
> File "/usr/sbin/ipa-ca-install", line 179, in main CA =
> cainstance.install_replica_ca(config, postinstall=True)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>
>
line 1678, in install_replica_ca
> subject_base=config.subject_base)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>
>
line 478, in configure_instance
> self.start_creation(runtime=210)
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 364, in start_creation method()
>
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>
>
line 604, in __spawn_instance
> raise RuntimeError('Configuration of CA failed')
>
> ipa : DEBUG The ipa-ca-install command failed,
> exception: RuntimeError: Configuration of CA failed
>
> Your system may be partly configured. Run
> /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Configuration of CA failed
>
>
> So this behavior changed after restarting the IPA service on the
> RHEL 6.5 system.
>
> So at this point I have a RHEL 6.5 system and a RHEL 7 replica of
> everything except the CA. The RHEL 6.5 system, when the IPA service
> is restarted throws an error, perhaps from schema change?
>
> Any ideas?
>
> -Erinn
>
>
I went in and debugged this a bit further by changing the verbosity
for nsslapd-errorlog-level. It appears that the rhel 6.5 system is
attempting to connect to the RHEL 7 system on port 7389 and since the
RHEL 7 system does not have the CA installed this would obviously
fail. This leads me to believe that there is cruft in the directory
that is pointing to the wrong place. I don't think this will fix my
second group of errors, but how does one view the replication
agreements specifically for the ca?
As well I omitted to lines from the ipa-ca-install error which are
probably pertinent:
ERROR: Unable to access directory server: Server is unwilling to perform
ipa : DEBUG stderr=
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJT3vPJAAoJEFg7BmJL2iPOv+MH/iRgdN+7R5q3BtQE9RcoZHss
eMoUIEwAji/I1ddHklZc03p9fU5HTHlKKqRcfRGLA5nka5q3g4ZKlqh+N4BVoZrq
2wGxhD4Qh1Ye3TzwuB2Ex2oXQmRqrd96irdUnu/nf5LoFz0eBMPOcdAGRX6uMyoa
lRF91cLX4HlA3neL0cSGsAp376WGMnU/EWdnriGmORkkoIqmYkR/38GYPCC3qoYG
hYJK/YjInQxv1B5bXCJ/IQC3xgKkeXlzDiChp4rLNSJXWByxX3hcxTZ51YqTE49d
t+yNIGkQk73yojW7WBluw2IidYXFEqqO/ORTMsd2mWUHDaGID+G3q9VCLdRHp/s=
=Qv14
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list