<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
...but it did at least look like they were talking, right? Some
level of replication was happening:<br>
<br>
(before the Netscape Replication Total update Entry began running
away with the logfile):<br>
<tt><br>
</tt><tt>[21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0
tag=101 nentries=1 etime=0</tt><tt><br>
</tt><tt>[21/May/2014:10:28:53 -0400] conn=2 op=3 MOD dn="cn=IPA
Version Replication,cn=Plugins,cn=config"</tt><tt><br>
</tt><tt>[21/May/2014:10:28:53 -0400] conn=2 op=3 RESULT err=0
tag=103 nentries=0 etime=0</tt><tt><br>
</tt><tt>[21/May/2014:10:28:53 -0400] conn=2 op=4 UNBIND</tt><br>
<br>
<div class="moz-cite-prefix">On 05/21/2014 11:40 AM, Bret Wortman
wrote:<br>
</div>
<blockquote cite="mid:537CC909.1060905@damascusgrp.com" type="cite">On
the new replica (asipa) I see in the access log almost 5000
entries like this:
<br>
<br>
[21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT
oid="2.16.840.113730.3.5.6" name="Netscape Replication Total
update Entry"
<br>
[21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120
nentries=0 etime=0
<br>
<br>
And these just repeat, increasing the "op" value until they
terminate with this one. The rest of it just looks like
informational messages.
<br>
<br>
Over on zsipa (the CA master), errors contains:
<br>
<br>
[21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema
agmt="cn=meToasipa.foo.net" (asipa:389) must not be
overwritten(set replication log for additional info)
<br>
[21/May/2014:14:31:06 +0000] NSMMReplicationPlugin -
agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to
replicate schema: rc=1
<br>
<br>
These two lines repeat at intervals for a while.
<br>
<br>
Nothing else leapt out at me.
<br>
<br>
<br>
<br>
On 05/21/2014 11:04 AM, Rob Crittenden wrote:
<br>
<blockquote type="cite">Bret Wortman wrote:
<br>
<blockquote type="cite">This occurs on our first attempt to join
as a replica. I've erased this
<br>
box and rebaselined it but the same thing happens. No network
ports
<br>
being blocked that we know of, and another replica I created
at the same
<br>
time installed its replica file without issue.
<br>
<br>
asipa is the new replica, zsipa is the ca and original master
on which
<br>
the replica file was created.
<br>
<br>
[24/34]: setting up initial replication
<br>
Starting replication, please wait until this has completed
<br>
Update in progress, 130 seconds elapsed
<br>
Update in progress yet not in progress
<br>
<br>
[ipamaster.foo.net] reports: Update failed! Status: [10 Total
update
<br>
abortedLDAP error: Referral]
<br>
<br>
<br>
Your system may be partly configured.
<br>
Run /usr/sbin/ipa-server-install --uninstall to clean up.
<br>
<br>
Failed to start replication
<br>
#
<br>
<br>
/var/log/ipareplica-install.log contains this:
<br>
<br>
2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache
<br>
url=<a class="moz-txt-link-freetext" href="ldaps://asipa.fopo.net:636">ldaps://asipa.fopo.net:636</a>
conn=<ldap.ldapobject.SimpleLDAPObject
<br>
instance at 0x4faf170>
<br>
2014-05-21T14:31:08Z DEBUG File
<br>
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
<br>
line 638, in run_script
<br>
return_value = main_function()
<br>
<br>
File "/usr/sbin/ipa-replica-install", line 663, in main
<br>
ds = install_replica_ds(config)
<br>
<br>
File "/usr/sbin/ipa-replica-install", line 188, in
install_replica_ds
<br>
ca_file=config.dir + "/ca.crt",
<br>
<br>
File
<br>
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line
<br>
360 in create_replica
<br>
self.start_creation(runtime=60)
<br>
<br>
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
<br>
line 364, in start_creation
<br>
method()
<br>
<br>
File
<br>
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line
<br>
373, in __setup_replica
<br>
r_bindpw=self.dm_password()
<br>
<br>
File
<br>
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
<br>
line 961, in setup_replication
<br>
raise RuntimeError("Failed to start replication")
<br>
<br>
2014-0521T14:31:08Z DEBUG The ipa-replica-install command
failed,
<br>
exception: RuntimeError: Failed to start replication
<br>
<br>
Any guidance on where to start looking?
<br>
</blockquote>
Check the 389-ds access and error logs on both masters.
<br>
<br>
rob
<br>
<br>
</blockquote>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>