[Freeipa-users] New replica won't accept replication

Bret Wortman bret.wortman at damascusgrp.com
Wed May 21 15:40:57 UTC 2014


On the new replica (asipa) I see in the access log almost 5000 entries 
like this:

[21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT 
oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update Entry"
[21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120 
nentries=0 etime=0

And these just repeat, increasing the "op" value until they terminate 
with this one. The rest of it just looks like informational messages.

Over on zsipa (the CA master), errors contains:

[21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema 
agmt="cn=meToasipa.foo.net" (asipa:389) must not be overwritten(set 
replication log for additional info)
[21/May/2014:14:31:06 +0000] NSMMReplicationPlugin - 
agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to replicate 
schema: rc=1

These two lines repeat at intervals for a while.

Nothing else leapt out at me.



On 05/21/2014 11:04 AM, Rob Crittenden wrote:
> Bret Wortman wrote:
>> This occurs on our first attempt to join as a replica. I've erased this
>> box and rebaselined it but the same thing happens. No network ports
>> being blocked that we know of, and another replica I created at the same
>> time installed its replica file without issue.
>>
>> asipa is the new replica, zsipa is the ca and original master on which
>> the replica file was created.
>>
>>    [24/34]: setting up initial replication
>> Starting replication, please wait until this has completed
>> Update in progress, 130 seconds elapsed
>> Update in progress yet not in progress
>>
>> [ipamaster.foo.net] reports: Update failed! Status: [10 Total update
>> abortedLDAP error: Referral]
>>
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> Failed to start replication
>> #
>>
>> /var/log/ipareplica-install.log contains this:
>>
>> 2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache
>> url=ldaps://asipa.fopo.net:636 conn=<ldap.ldapobject.SimpleLDAPObject
>> instance at 0x4faf170>
>> 2014-05-21T14:31:08Z DEBUG   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 638, in run_script
>>      return_value = main_function()
>>
>>    File "/usr/sbin/ipa-replica-install", line 663, in main
>>      ds = install_replica_ds(config)
>>
>>    File "/usr/sbin/ipa-replica-install", line 188, in install_replica_ds
>>      ca_file=config.dir + "/ca.crt",
>>
>>    File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
>> 360 in create_replica
>>      self.start_creation(runtime=60)
>>
>>    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 364, in start_creation
>>      method()
>>
>>    File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
>> 373, in __setup_replica
>>      r_bindpw=self.dm_password()
>>
>>    File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>> line 961, in setup_replication
>>      raise RuntimeError("Failed to start replication")
>>
>> 2014-0521T14:31:08Z DEBUG The ipa-replica-install command failed,
>> exception: RuntimeError: Failed to start replication
>>
>> Any guidance on where to start looking?
> Check the 389-ds access and error logs on both masters.
>
> rob
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140521/15c6302e/attachment.p7s>


More information about the Freeipa-users mailing list