Hi Oleg,
don't know if it is relevant for the current problem, but maybe you
shoudl address this warning:#
Configuring DNS (named)
[1/9]: generating rndc key file
WARNING: Your system is running out of entropy, you may experience long
delays
Ludwig
On 06/22/2015 11:01 AM, Oleg Fayans wrote:
Here is the session transcript, together with the directory server
logs from master
On 06/22/2015 10:57 AM, Oleg Fayans wrote:
Hi Petr, team,
I was able to reproduce it today with sequential installation.
Again: one of three replicas caught this issue. Hostnames were other
than those on Friday, all three vm's from the same template.
On 06/19/2015 05:10 PM, Petr Vobornik wrote:
On 06/19/2015 04:27 PM, Oleg Fayans wrote:
Hi everybody,
While preparing the replica files on the latest IPA master I've
noticed
the following error messages in the dirsrv error log:
[19/Jun/2015:15:26:10 +0200] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-vm-244.idm.lab.eng.brq.redhat.com-pki-tomcat"
(vm-244:389): Replication bind with SIMPLE auth failed: LDAP error -1
(Can't contact LDAP server) ()
Probably a leftover CA replication agreement with some removed
master. Can be removed with ipa-csreplica-manage del --force.
[19/Jun/2015:15:26:10 +0200] - Entry "uid=admin,ou=people,o=ipaca" --
attribute "krbExtraData" not allowed
[19/Jun/2015:15:26:13 +0200] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 0
(Success)
Though the stdout of the replica preparation reports success, when I
later use the resulting gpg file to actually setup a replica the setup
process fails with the following output:
Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
[1/8]: adding sasl mappings to the directory
[2/8]: configuring KDC
[3/8]: creating a keytab for the directory
[4/8]: creating a keytab for the machine
[5/8]: adding the password extension to the directory
[6/8]: enable GSSAPI for replication
[error] RuntimeError: One of the ldap service principals is
missing.
Replication agreement cannot be converted.
Replication error message: Unable to acquire replicaLDAP error: No
such
object
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR One of the
ldap service principals is missing. Replication agreement cannot be
converted.
Replication error message: Unable to acquire replicaLDAP error: No
such
object
The corresponding part of the ipareplica-install.log is attached
I've encountered this already twice. The strangest part is that I
prepared 3 replicas simultaneously: 2 of them installed
successfully and
one - failed. All three replicas were launched from the same
vm-template
Could this be the cause? It would be safer to run it sequentially.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
