<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 08/12/2011 12:06 PM, Shawn Nock wrote: <blockquote cite="mid:suvr54qtsgk.fsf@nock.cfmi.georgetown.edu" type="cite"> <pre wrap=""> I am trying to create a replica of my working FreeIPA 2.0.1 installation. Both the server and would-be replica are F15 minimal installs dedicated to FreeIPA. Both hosts are in DNS (forward and reverse) with iptables and selinux temporarily disabled. ipa-replica-install fails at: 2011-08-12 13:48:14,768 DEBUG [3/11]: restarting certificate server 2011-08-12 13:48:17,882 DEBUG args=/sbin/service pki-cad restart 2011-08-12 13:48:17,882 DEBUG stdout=Stopping pki-ca: [FAILED] Starting pki-ca: [ OK ] 'pki-ca' must still be CONFIGURED! (see /var/log/pki-ca-install.log) 2011-08-12 13:48:17,882 DEBUG stderr= 2011-08-12 13:48:17,905 DEBUG duration: 3 seconds 2011-08-12 13:48:17,906 DEBUG [4/11]: configuring certificate server instance The IPA-PKI instance access log on the replica is full of: SRCH base="ou=people,o=ipaca" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL The IPA-PKI instance error log on the replica contains: [12/Aug/2011:13:49:09 -0400] NSMMReplicationPlugin - agmt="cn=cloneAgreement1-ipa-slave.cfmi.georgetown.edu-pki-ca" (ipa:7389): Replica has a different generation ID than the local data. [12/Aug/2011:13:49:10 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica o=ipaca is going offline; disabling replication [12/Aug/2011:13:49:11 -0400] - entrycache_clear_int: there are still 2 entries in the entry cache. [12/Aug/2011:13:49:11 -0400] - dncache_clear_int: there are still 2 dn's in the dn cache. :/ [12/Aug/2011:13:49:11 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [12/Aug/2011:13:49:15 -0400] - import ipaca: Workers finished; cleaning up... [12/Aug/2011:13:49:15 -0400] - import ipaca: Workers cleaned up. [12/Aug/2011:13:49:15 -0400] - import ipaca: Indexing complete. Post-processing... [12/Aug/2011:13:49:15 -0400] - import ipaca: Flushing caches... [12/Aug/2011:13:49:15 -0400] - import ipaca: Closing files... [12/Aug/2011:13:49:15 -0400] - entrycache_clear_int: there are still 12 entries in the entry cache. [12/Aug/2011:13:49:15 -0400] - dncache_clear_int: there are still 82 dn's in the dn cache. :/ [12/Aug/2011:13:49:15 -0400] - import ipaca: Import complete. Processed 82 entries in 4 seconds. (20.50 entries/sec) [12/Aug/2011:13:49:15 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica o=ipaca is coming online; enabling replication [12/Aug/2011:13:49:15 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:49:15 -0400] NSMMReplicationPlugin - replica_enable_replication: reloading ruv failed [12/Aug/2011:13:49:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:49:47 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:50:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:50:47 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:51:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:51:47 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:51:55 -0400] - Error: ldbm_txn_ruv_modify_context failed to retrieve and lock RUV entry [12/Aug/2011:13:51:55 -0400] - ldbm_back_modify: ldbm_txn_ruv_modify_context failed to construct RUV modify context [12/Aug/2011:13:52:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:52:47 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:53:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 [12/Aug/2011:13:53:47 -0400] NSMMReplicationPlugin - _replica_configure_ruv: failed to create replica ruv tombstone entry (o=ipaca); LDAP error - 68 /var/log/pki-ca/debug on the replica is full of: DatabasePanel comparetAndWaitEntries ou=people,o=ipaca not found, let's wait! This seems to be the problem described in the docs under troubleshooting (<a class="moz-txt-link-freetext" href="https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html">https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html</a>) when port 7389 is unavailable on the replica. This server is running nothing else, however, and lsof and netstat confirm that 7389 is available. The only other problem is a message about 7389 already existing in selinux policy, which (from reading the bug report) seems harmless. Please advise what may be done to further troubleshoot this issue. </pre> </blockquote> what version of 389-ds-base? rpm -qi 389-ds-base<br> this is supposed to be fixed in 389-ds-base-1.2.9.6 available from updates-testing<br> <blockquote cite="mid:suvr54qtsgk.fsf@nock.cfmi.georgetown.edu" type="cite"> <pre wrap=""> </pre> <pre wrap=""> <fieldset class="mimeAttachmentHeader"></fieldset> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> </body> </html>