[Freeipa-users] New replica won't accept replication

Rob Crittenden rcritten at redhat.com
Wed May 21 20:24:51 UTC 2014 

Bret Wortman wrote:
> ...but it did at least look like they were talking, right? Some level of
> replication was happening:
> 
> (before the Netscape Replication Total update Entry began running away
> with the logfile):
> 
> [21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0 tag=101 nentries=1
> etime=0
> [21/May/2014:10:28:53 -0400] conn=2 op=3 MOD dn="cn=IPA Version
> Replication,cn=Plugins,cn=config"
> [21/May/2014:10:28:53 -0400] conn=2 op=3 RESULT err=0 tag=103 nentries=0
> etime=0
> [21/May/2014:10:28:53 -0400] conn=2 op=4 UNBIND

That is just a failsafe so if we ever put incompatible data into an IPA
server we can prevent it from polluting other servers. We fortunately
haven't needed this.

rob

> 
> On 05/21/2014 11:40 AM, Bret Wortman wrote:
>> On the new replica (asipa) I see in the access log almost 5000 entries
>> like this:
>>
>> [21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT
>> oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update
>> Entry"
>> [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120
>> nentries=0 etime=0
>>
>> And these just repeat, increasing the "op" value until they terminate
>> with this one. The rest of it just looks like informational messages.
>>
>> Over on zsipa (the CA master), errors contains:
>>
>> [21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema
>> agmt="cn=meToasipa.foo.net" (asipa:389) must not be overwritten(set
>> replication log for additional info)
>> [21/May/2014:14:31:06 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to replicate
>> schema: rc=1
>>
>> These two lines repeat at intervals for a while.
>>
>> Nothing else leapt out at me.
>>
>>
>>
>> On 05/21/2014 11:04 AM, Rob Crittenden wrote:
>>> Bret Wortman wrote:
>>>> This occurs on our first attempt to join as a replica. I've erased this
>>>> box and rebaselined it but the same thing happens. No network ports
>>>> being blocked that we know of, and another replica I created at the
>>>> same
>>>> time installed its replica file without issue.
>>>>
>>>> asipa is the new replica, zsipa is the ca and original master on which
>>>> the replica file was created.
>>>>
>>>>    [24/34]: setting up initial replication
>>>> Starting replication, please wait until this has completed
>>>> Update in progress, 130 seconds elapsed
>>>> Update in progress yet not in progress
>>>>
>>>> [ipamaster.foo.net] reports: Update failed! Status: [10 Total update
>>>> abortedLDAP error: Referral]
>>>>
>>>>
>>>> Your system may be partly configured.
>>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>>
>>>> Failed to start replication
>>>> #
>>>>
>>>> /var/log/ipareplica-install.log contains this:
>>>>
>>>> 2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache
>>>> url=ldaps://asipa.fopo.net:636 conn=<ldap.ldapobject.SimpleLDAPObject
>>>> instance at 0x4faf170>
>>>> 2014-05-21T14:31:08Z DEBUG   File
>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>>>> line 638, in run_script
>>>>      return_value = main_function()
>>>>
>>>>    File "/usr/sbin/ipa-replica-install", line 663, in main
>>>>      ds = install_replica_ds(config)
>>>>
>>>>    File "/usr/sbin/ipa-replica-install", line 188, in
>>>> install_replica_ds
>>>>      ca_file=config.dir + "/ca.crt",
>>>>
>>>>    File
>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>>>> line
>>>> 360 in create_replica
>>>>      self.start_creation(runtime=60)
>>>>
>>>>    File
>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>>> line 364, in start_creation
>>>>      method()
>>>>
>>>>    File
>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>>>> line
>>>> 373, in __setup_replica
>>>>      r_bindpw=self.dm_password()
>>>>
>>>>    File
>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>>>> line 961, in setup_replication
>>>>      raise RuntimeError("Failed to start replication")
>>>>
>>>> 2014-0521T14:31:08Z DEBUG The ipa-replica-install command failed,
>>>> exception: RuntimeError: Failed to start replication
>>>>
>>>> Any guidance on where to start looking?
>>> Check the 389-ds access and error logs on both masters.
>>>
>>> rob
>>>
>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list