[Freeipa-users] ipa replica installation help

Ben .T.George bentech4you at gmail.com
Wed Jan 4 09:59:56 UTC 2017 

HI

i tried the method mentioned on that document and it end up with below
error. My DNS is managed by external box and i dont want to create any DNS
record on these servers.

and the command which i tried is(non client server)

ipa-replica-install --principal admin --admin-password P at ssw0rd --domain
kw.example.com --server zkwipamstr01.kw.example.com



ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
exit status 1). See the installation log for details.
  [29/44]: setting up initial replication
  [error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
Connection refused
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
[root at zkwiparepa01 ~]# /bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service
Job for dirsrv at KW-EXAMPLE-COM.service failed because the control process
exited with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service"
and "journalctl -xe" for details.

[root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.servicedirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
   Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor
preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46 AST;
13s ago
  Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i
/var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
  Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
/etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
 Main PID: 14893 (code=exited, status=1/FAILURE)

Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.177617891 +0300] Error: betxnpostoperation plu...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.178379752 +0300] Error: object plugin Roles Pl...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.179162340 +0300] Error: preoperation plugin su...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.179993432 +0300] Error: object plugin USN is n...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.181305209 +0300] Error: object plugin Views is...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.182094981 +0300] Error: extendedop plugin whoa...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]:
dirsrv at KW-EXAMPLE-COM.service: main process exited, code=exited,
status=1/FAILURE
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: Failed to start 389
Directory Server KW-EXAMPLE-COM..
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: Unit
dirsrv at KW-EXAMPLE-COM.service entered failed state.
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]:
dirsrv at KW-EXAMPLE-COM.service failed.
Hint: Some lines were ellipsized, use -l to show in full.



Regards,
Ben


On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com>
wrote:

> On 01/04/2017 07:21 AM, Ben .T.George wrote:
>
>> HI
>>
>> while trying to create ipa replica, i am getting below error,
>>
>> Replica creation using 'ipa-replica-prepare' to generate replica file
>> is supported only in 0-level IPA domain.
>>
>> The current IPA domain level is 1 and thus the replica must
>> be created by promoting an existing IPA client.
>>
>> To set up a replica use the following procedure:
>>     1.) set up a client on the host using 'ipa-client-install'
>>     2.) promote the client to replica running 'ipa-replica-install'
>>         *without* replica file specified
>>
>> 'ipa-replica-prepare' is allowed only in domain level 0
>> The ipa-replica-prepare command failed.
>>
>>
>> i have IPA master server without AD integration and DNS is managed by
>> 3rd party appliances.
>>
>>
>>
>> Regards,
>> Ben
>>
>>
>>
> Hi Ben,
>
> If you installed IPA 4.4 server then domain level 1 is the default. This
> domain level uses different mechanism to stand up replicas. See the latest
> IdM documentation[1] for more details.
>
> [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterp
> rise_Linux/7/html/Linux_Domain_Identity_Authentication_and_
> Policy_Guide/creating-the-replica.html
>
> --
> Martin^3 Babinsky
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5e3d9a94/attachment.htm>

More information about the Freeipa-users mailing list