On 03/12/2018 06:09 PM, Amit wrote:
Hello Flo,

PFA replica-install log.


sorry if I was not clear, but I meant 389-ds access logs, located in /var/log/dirsrv/slapd-DOMxxx/access. The ones from the master and the soon-to-be-replica may provide more information.

The customer may also try ipa-replica-install with the -d option, which will add debug information to the ipareplica-install.log file.


On 03/12/2018 01:59 PM, Florence Blanc-Renaud wrote:
On 03/10/2018 12:07 PM, Amit via FreeIPA-devel wrote:

On 03/09/2018 02:08 PM, Amit wrote:

Any thoughts would be helpful.


On 03/07/2018 02:57 PM, Amit wrote:

This is scenario in customer env.
Customer is using fresh machine to install replica.

*    IPA-Server
*    # ipa-server-install --no-ntp        //Success

         *IPA Replica*
     # ipa-replica-install --principal admin --admin-password <secret>
     DEBUG Traceback (most recent call last):
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
504, in start_creation        run_step(full_msg, method)
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
494, in run_step        method()
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
439, in __setup_replica     cacert=self.ca_file)
line 1666, in setup_promote_replication    raise RuntimeError("Failed to
start replication")
        RuntimeError: Failed to start replication
     2018-02-06T06:56:48Z DEBUG [error] RuntimeError: Failed to start
     2018-02-06T06:56:48Z DEBUG Destroyed connection context.ldap2_113870544
     2018-02-06T06:56:48Z DEBUG Backing up system configuration file
     2018-02-06T06:56:48Z DEBUG Saving Index File to
     2018-02-06T06:56:48Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
         return_value = self.run()

While I cannot repro in my local lab

Hi Amit,

without any logs it is difficult to tell what could go wrong. The part of code that is failing is doing 2 tasks: - starts the replication by performing a LDAP modification on the replication agreement (dn: cn=meTo$master,cn=replica,cn=dc\3Ddomain\2Cdc\3Dcom,cn=mapping tree,cn=config) in order to set the attribute nsds5BeginReplicaRefresh=start - checks the replication status by reading the replication agreement status (attributes nsds5BeginReplicaRefresh, nsds5replicaUpdateInProgress, nsds5ReplicaLastInitStatus, nsds5ReplicaLastInitStart and nsds5ReplicaLastInitEnd).

So if you have 389-ds access logs, you can start by checking if the mod was successful. Then check the replication status.


Amit Kumar
!!If you stumble, get back up.
What happened yesterday, no longer matters.
Today is another day to move closer to your GOAL!!

FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to