[Pki-users] CA Cloning : Failed to setup the replication for cloning
Ade Lee
alee at redhat.com
Mon Oct 3 13:53:40 UTC 2011
This situation occasionally occurs when an error occurs on the DS side,
and the replication is not started. The way the code is written, the CS
will spin while continuing to wait for all the entries to be replicated
over.
The upstream code has been patched with a fix for this issue as
described in :
https://bugzilla.redhat.com/show_bug.cgi?id=683990
https://bugzilla.redhat.com/show_bug.cgi?id=726785
The new code checks the replication status more intelligently. It is
checked into the upstream Dogtag code as well as the code for 8.2.
That said - if what you are seeing is reproducible - i.e. not just a one
time blip - then we need to try and understand why the replication is
failing to start. For this, I'll need debug and catalina logs for the
master and clone, as well as DS logs for both.
Ade
On Thu, 2011-09-29 at 11:12 -0400, Patrick.Raspante at gdc4s.com wrote:
> I’ve been working through the steps in this document:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/Install_Guide/cloning-a-ca.html
>
> Made it through step 11. Stuck on the step where the wizard connects
> to my new directory server instance. CA hangs and spins forever,
> eventually erroring with "Failed to setup the replication for
> cloning".
>
> I think I'm running into similar issues found in these bug-zillas:
> https://bugzilla.redhat.com/show_bug.cgi?id=487739
> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=486191
> http://www.redhat.com/archives/fedora-directory-users/2009-May/msg00128.html -- (I'm not using local host for the fqdn though)
>
>
>
> I mentioned before that I’m using CS 8.0 GA.
>
> pki-ca-8.0.3-1.el5pki
>
> pki-common-8.0.3-3.el5pki
>
>
>
> I’ve been told that the above issues have been already resolved in the
> 8.0 GA release.
>
>
>
> Looking through my GDd directory server access and debug logs, I see
> the new GD CA sets up the new CA backend in the directory server, and
> then does the indexing, but the subsequent replication agreement setup
> never begins.
>
>
>
> Master = GD-CA-1
>
> Clone = GD-CA-2
>
>
>
> ## Log snippits from=m the GD-CA-2 directory server:
>
> ==> errors <==
>
> [28/Sep/2011:18:53:28 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:18:53:28 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Finished
> indexing.
>
> [28/Sep/2011:19:07:54 +0000] - slapd shutting down - signaling
> operation threads
>
> [28/Sep/2011:19:07:54 +0000] - slapd shutting down - waiting for 22
> threads to terminate
>
> [28/Sep/2011:19:07:54 +0000] - slapd shutting down - closing down
> internal subsystems and plugins
>
> [28/Sep/2011:19:07:54 +0000] - Waiting for 4 database threads to stop
>
> [28/Sep/2011:19:07:54 +0000] - All database threads now stopped
>
> [28/Sep/2011:19:07:54 +0000] - slapd stopped.
>
> [28/Sep/2011:19:07:59 +0000] - Red Hat-Directory/8.1.0 B2009.111.1832
> starting up
>
> [28/Sep/2011:19:07:59 +0000] - slapd started. Listening on All
> Interfaces port 3389 for LDAP requests
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allExpiredCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allInvalidCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allInValidCertsNotBefore-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allNonRevokedCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allRevokedCaCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allRevokedCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allRevokedCertsNotAfter-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allRevokedExpiredCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allRevokedOrRevokedExpiredCaCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allRevokedOrRevokedExpiredCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allValidCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allValidCertsNotAfter-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (allValidOrRevokedCerts-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caAll-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCanceled-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCanceledEnrollment-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCanceledRenewal-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCanceledRevocation-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caComplete-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCompleteEnrollment-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCompleteRenewal-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caCompleteRevocation-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caEnrollment-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caPending-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caPendingEnrollment-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caPendingRenewal-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caPendingRevocation-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caRejected-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caRejectedEnrollment-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caRejectedRenewal-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caRejectedRevocation-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caRenewal-GD-CA-2).
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Index.
>
> [28/Sep/2011:19:11:36 +0000] - Deleted Virtual List View Search
> (caRevocation-GD-CA-2).
>
> [28/Sep/2011:19:11:37 +0000] - ldbm: Bringing
> GD-ca-1.mydomain.com-GD-CA-1 offline...
>
> [28/Sep/2011:19:11:37 +0000] - ldbm: removing
> 'GD-ca-1.mydomain.com-GD-CA-1'.
>
> [28/Sep/2011:19:11:37 +0000] - Destructor for instance
> GD-ca-1.mydomain.com-GD-CA-1 called
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allExpiredCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allInvalidCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allInValidCertsNotBefore-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allNonRevokedCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allRevokedCaCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allRevokedCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allRevokedCertsNotAfter-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allRevokedExpiredCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allRevokedOrRevokedExpiredCaCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allRevokedOrRevokedExpiredCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allValidCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allValidCertsNotAfter-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: allValidOrRevokedCerts-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caAll-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCanceled-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCanceledEnrollment-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCanceledRenewal-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCanceledRevocation-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caComplete-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCompleteEnrollment-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCompleteRenewal-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caCompleteRevocation-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caEnrollment-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caPending-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caPendingEnrollment-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caPendingRenewal-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caPendingRevocation-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caRejected-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caRejectedEnrollment-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caRejectedRenewal-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caRejectedRevocation-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caRenewal-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Indexing
> VLV: caRevocation-GD-CA-2Index
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1';
> entry ou=certificaterepository,ou=ca,dc=GD-ca-1.mydomain.com-GD-ca-1
> may not be added to the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - info: entrydn not indexed on
> 'ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1'; entry
> ou=ca,ou=requests,dc=GD-ca-1.mydomain.com-GD-ca-1 may not be added to
> the database yet.
>
> [28/Sep/2011:19:11:39 +0000] - GD-ca-1.mydomain.com-GD-CA-1: Finished
> indexing.
>
> …
>
> ==> access <==
>
> …..
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=85 ADD
> dn="cn=caRejected-GD-CA-2Index, cn=caRejected-GD-CA-2,
> cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
> cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=85 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=86 ADD
> dn="cn=caRejectedEnrollment-GD-CA-2Index,
> cn=caRejectedEnrollment-GD-CA-2, cn=GD-ca-1.mydomain.com-GD-CA-1,
> cn=ldbm database, cn=plugins, cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=86 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=87 ADD
> dn="cn=caRejectedRenewal-GD-CA-2Index, cn=caRejectedRenewal-GD-CA-2,
> cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
> cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=87 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=88 ADD
> dn="cn=caRejectedRevocation-GD-CA-2Index,
> cn=caRejectedRevocation-GD-CA-2, cn=GD-ca-1.mydomain.com-GD-CA-1,
> cn=ldbm database, cn=plugins, cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=88 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=89 ADD
> dn="cn=caRenewal-GD-CA-2Index, cn=caRenewal-GD-CA-2,
> cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
> cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=89 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=90 ADD
> dn="cn=caRevocation-GD-CA-2Index, cn=caRevocation-GD-CA-2,
> cn=GD-ca-1.mydomain.com-GD-CA-1, cn=ldbm database, cn=plugins,
> cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=90 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=91 ADD dn="cn=index1160589769,
> cn=index, cn=tasks, cn=config"
>
> [28/Sep/2011:19:11:39 +0000] conn=24 op=91 RESULT err=0 tag=105
> nentries=0 etime=0
>
> [28/Sep/2011:19:11:40 +0000] conn=24 op=92 SRCH
> base="cn=index1160589769, cn=index, cn=tasks, cn=config" scope=0
> filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
>
> [28/Sep/2011:19:11:40 +0000] conn=24 op=92 RESULT err=0 tag=101
> nentries=1 etime=0
>
> [28/Sep/2011:19:11:40 +0000] conn=24 op=93 UNBIND
>
> [28/Sep/2011:19:11:40 +0000] conn=24 op=93 fd=80 closed - U1
>
>
>
> ## And that’s it.
>
>
>
> ## I never get to this stage ( this is from making clones of brand new
> CA and DS instances – not an existing master CA):
>
> [24/Sep/2011:16:46:28 +0000] NSMMReplicationPlugin -
> agmt="cn=cloneAgreement1-mydomain.com-GD-CA-3" (GD-ds-1:3389): Replica
> has a different generation ID than the local data.
>
> [24/Sep/2011:16:46:29 +0000] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=mydomain.com-GD-ca-2 is going
> offline; disabling replication
>
> [24/Sep/2011:16:46:29 +0000] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
>
> [24/Sep/2011:16:46:33 +0000] - import mydomain.com-GD-CA-2: Workers
> finished; cleaning up...
>
> [24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Workers
> cleaned up.
>
> [24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Indexing
> complete. Post-processing...
>
> [24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Flushing
> caches...
>
> [24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Closing
> files...
>
> [24/Sep/2011:16:46:34 +0000] - import mydomain.com-GD-CA-2: Import
> complete. Processed 57 entries in 4 seconds. (14.25 entries/sec)
>
> [24/Sep/2011:16:46:34 +0000] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=mydomain.com-GD-ca-2 is coming
> online; enabling replication
>
>
>
>
>
>
>
> Thanks,
>
> Patrick
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list