[Freeipa-users] New replica won't accept replication

Bret Wortman bret.wortman at damascusgrp.com
Wed May 21 15:49:02 UTC 2014 

...but it did at least look like they were talking, right? Some level of 
replication was happening:

(before the Netscape Replication Total update Entry began running away 
with the logfile):

[21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[21/May/2014:10:28:53 -0400] conn=2 op=3 MOD dn="cn=IPA Version 
Replication,cn=Plugins,cn=config"
[21/May/2014:10:28:53 -0400] conn=2 op=3 RESULT err=0 tag=103 nentries=0 
etime=0
[21/May/2014:10:28:53 -0400] conn=2 op=4 UNBIND

On 05/21/2014 11:40 AM, Bret Wortman wrote:
> On the new replica (asipa) I see in the access log almost 5000 entries 
> like this:
>
> [21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT 
> oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update 
> Entry"
> [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120 
> nentries=0 etime=0
>
> And these just repeat, increasing the "op" value until they terminate 
> with this one. The rest of it just looks like informational messages.
>
> Over on zsipa (the CA master), errors contains:
>
> [21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema 
> agmt="cn=meToasipa.foo.net" (asipa:389) must not be overwritten(set 
> replication log for additional info)
> [21/May/2014:14:31:06 +0000] NSMMReplicationPlugin - 
> agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to replicate 
> schema: rc=1
>
> These two lines repeat at intervals for a while.
>
> Nothing else leapt out at me.
>
>
>
> On 05/21/2014 11:04 AM, Rob Crittenden wrote:
>> Bret Wortman wrote:
>>> This occurs on our first attempt to join as a replica. I've erased this
>>> box and rebaselined it but the same thing happens. No network ports
>>> being blocked that we know of, and another replica I created at the 
>>> same
>>> time installed its replica file without issue.
>>>
>>> asipa is the new replica, zsipa is the ca and original master on which
>>> the replica file was created.
>>>
>>>    [24/34]: setting up initial replication
>>> Starting replication, please wait until this has completed
>>> Update in progress, 130 seconds elapsed
>>> Update in progress yet not in progress
>>>
>>> [ipamaster.foo.net] reports: Update failed! Status: [10 Total update
>>> abortedLDAP error: Referral]
>>>
>>>
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> Failed to start replication
>>> #
>>>
>>> /var/log/ipareplica-install.log contains this:
>>>
>>> 2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache
>>> url=ldaps://asipa.fopo.net:636 conn=<ldap.ldapobject.SimpleLDAPObject
>>> instance at 0x4faf170>
>>> 2014-05-21T14:31:08Z DEBUG   File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>>> line 638, in run_script
>>>      return_value = main_function()
>>>
>>>    File "/usr/sbin/ipa-replica-install", line 663, in main
>>>      ds = install_replica_ds(config)
>>>
>>>    File "/usr/sbin/ipa-replica-install", line 188, in 
>>> install_replica_ds
>>>      ca_file=config.dir + "/ca.crt",
>>>
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", 
>>> line
>>> 360 in create_replica
>>>      self.start_creation(runtime=60)
>>>
>>>    File 
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>> line 364, in start_creation
>>>      method()
>>>
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", 
>>> line
>>> 373, in __setup_replica
>>>      r_bindpw=self.dm_password()
>>>
>>>    File
>>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>>> line 961, in setup_replication
>>>      raise RuntimeError("Failed to start replication")
>>>
>>> 2014-0521T14:31:08Z DEBUG The ipa-replica-install command failed,
>>> exception: RuntimeError: Failed to start replication
>>>
>>> Any guidance on where to start looking?
>> Check the 389-ds access and error logs on both masters.
>>
>> rob
>>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140521/d68738bb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140521/d68738bb/attachment.p7s>

More information about the Freeipa-users mailing list