I'm trying to setup a FreeIPA replica on 4.5.2 and the
ipa-replica-install script dies with:

        [27/40]: setting up initial replication
    Starting replication, please wait until this has completed.
    Update in progress, 14 seconds elapsed
    [ldap://fll2aipa01stg.ipa-stg.chewy.net:389] reports: Update failed!
Status: [-1  - LDAP error: Can't contact LDAP server]

        [error] RuntimeError: Failed to start replication


When I look in the /var/log/dirsrv/slapd-IPA-STG-CHEWY-NET/errors of the
new replica, the last few lines contains:
        [27/Jul/2017:17:54:36.501614930 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
        [27/Jul/2017:17:54:42.511659900 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
        [27/Jul/2017:17:54:54.517563545 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
        [27/Jul/2017:17:55:18.527945464 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389):
Unable to acquire replica: permission denied. The bind dn "" does not
have permission to supply replication updates to the replica. Will retry
later.
        [27/Jul/2017:17:56:06.546462326 -0400] NSMMReplicationPlugin -
agmt="cn=meTofll2aipa01stg.ipa-stg.chewy.net" (fll2aipa01stg:389): The
remote replica has a different database generation ID than the local
database.  You may have to reinitialize the remote replica, or the local
replica.


In the /var/log/dirsrv/slapd-IPA-STG-CHEWY-NET/errors of the original
master, the last few lines has:
        [27/Jul/2017:17:54:33.567167570 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 2 seconds.
        [27/Jul/2017:17:54:35.572200957 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 3 seconds.
        [27/Jul/2017:17:54:36.498618557 -0400] NSMMReplicationPlugin -
conn=115 op=6 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
        [27/Jul/2017:17:54:38.579074442 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 4 seconds.
        [27/Jul/2017:17:54:42.504309388 -0400] NSMMReplicationPlugin -
conn=115 op=7 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
        [27/Jul/2017:17:54:42.586071823 -0400] NSMMReplicationPlugin -
Warning: unable to acquire replica for total update, error: -1, retrying
in 5 seconds.
        [27/Jul/2017:17:54:54.514797243 -0400] NSMMReplicationPlugin -
conn=115 op=9 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied
        [27/Jul/2017:17:55:18.521047403 -0400] NSMMReplicationPlugin -
conn=115 op=11 replica="dc=ipa-stg,dc=chewy,dc=net": Unable to acquire
replica: error: permission denied


The access log on the original master contains:
        [27/Jul/2017:17:31:48.338205279 -0400] conn=115 fd=70 slot=70
connection from 10.0.33.200 to 10.0.33.200
        [27/Jul/2017:17:31:48.338602001 -0400] conn=115 op=0 BIND
dn="cn=Directory Manager" method=128 version=2
        [27/Jul/2017:17:31:48.338684940 -0400] conn=115 op=0 RESULT
err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
        [27/Jul/2017:17:54:32.478121113 -0400] conn=115 fd=121 slot=121
connection from 10.0.33.201 to 10.0.33.200
        [27/Jul/2017:17:54:32.479047230 -0400] conn=115 op=0 BIND dn=""
method=sasl version=3 mech=GSSAPI
        [27/Jul/2017:17:54:32.482605087 -0400] conn=115 op=0 RESULT
err=14 tag=97 nentries=0 etime=0, SASL bind in progress
        [27/Jul/2017:17:54:32.483393321 -0400] conn=115 op=1 BIND dn=""
method=sasl version=3 mech=GSSAPI
        [27/Jul/2017:17:54:32.484615090 -0400] conn=115 op=1 RESULT
err=14 tag=97 nentries=0 etime=0, SASL bind in progress
        [27/Jul/2017:17:54:32.485067380 -0400] conn=115 op=2 BIND dn=""
method=sasl version=3 mech=GSSAPI
        [27/Jul/2017:17:54:32.486355861 -0400] conn=115 op=2 RESULT
err=0 tag=97 nentries=0 etime=0
dn="krbprincipalname=ldap/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net,cn=services,cn=accounts,dc=ipa-stg,dc=chewy,dc=net"
        [27/Jul/2017:17:54:32.486992403 -0400] conn=115 op=3 SRCH
base="" scope=0 filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
        [27/Jul/2017:17:54:32.489473132 -0400] conn=115 op=3 RESULT
err=0 tag=101 nentries=1 etime=0
        [27/Jul/2017:17:54:32.489967733 -0400] conn=115 op=4 SRCH
base="" scope=0 filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
        [27/Jul/2017:17:54:32.492209604 -0400] conn=115 op=4 RESULT
err=0 tag=101 nentries=1 etime=0
        [27/Jul/2017:17:54:32.492559529 -0400] conn=115 op=5 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
        [27/Jul/2017:17:54:32.494124224 -0400] conn=115 op=5 RESULT
err=0 tag=120 nentries=0 etime=0
        [27/Jul/2017:17:54:36.498506345 -0400] conn=115 op=6 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
        [27/Jul/2017:17:54:36.500590218 -0400] conn=115 op=6 RESULT
err=0 tag=120 nentries=0 etime=0
        [27/Jul/2017:17:54:42.504167583 -0400] conn=115 op=7 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
        [27/Jul/2017:17:54:42.507097328 -0400] conn=115 op=7 RESULT
err=0 tag=120 nentries=0 etime=0
        [27/Jul/2017:17:54:54.514671476 -0400] conn=115 op=9 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
        [27/Jul/2017:17:54:54.516861209 -0400] conn=115 op=9 RESULT
err=0 tag=120 nentries=0 etime=0
        [27/Jul/2017:17:55:18.520948176 -0400] conn=115 op=11 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
        [27/Jul/2017:17:55:18.523931139 -0400] conn=115 op=11 RESULT
err=0 tag=120 nentries=0 etime=0


The command being used is:

        ipa-replica-install --principal admin -w XXXX -n
ipa-stg.chewy.net -r IPA-STG.CHEWY.NET --setup-dns --no-host-dns
--setup-kra --mkhomedir --forwarder 10.0.2.10 --forwarder 10.0.2.11
--no-ntp --no-dnssec-validation -U
--server=fll2aipa01stg.ipa-stg.chewy.net --setup-ca --skip-conncheck



Any ideas what's wrong?

I've attached the output of ipa-replica-install as well as
/var/log/ipareplica-install.log. I can provide additional logs if
necessary, just let me know which ones.

-Patrick
2017-07-27T21:54:14Z DEBUG Logging to /var/log/ipareplica-install.log
2017-07-27T21:54:14Z DEBUG ipa-replica-install was invoked with arguments [] 
and options: {'no_dns_sshfp': False, 'skip_schema_check': False, 'no_ntp': 
True, 'setup_kra': True, 'ip_addresses': None, 'secondary_rid_base': None, 
'netbios_name': None, 'mkhomedir': True, 'http_cert_files': None, 'no_pkinit': 
False, 'principal': 'admin', 'no_forwarders': False, 'add_sids': False, 
'keytab': None, 'ssh_trust_dns': False, 'no_msdcs': False, 'domain_name': 
'ipa-stg.chewy.net', 'setup_adtrust': False, 'http_cert_name': None, 
'dirsrv_cert_files': None, 'no_dnssec_validation': True, 'no_reverse': False, 
'pkinit_cert_files': None, 'unattended': True, 'skip_conncheck': True, 
'auto_reverse': False, 'auto_forwarders': False, 'no_host_dns': True, 
'dirsrv_cert_name': None, 'no_ui_redirect': False, 'dirsrv_config_file': None, 
'forwarders': [CheckedIPAddress('10.0.2.10'), CheckedIPAddress('10.0.2.11')], 
'verbose': False, 'setup_ca': True, 'servers': 
['fll2aipa01stg.ipa-stg.chewy.net'], 'pkinit_cert_name': None, 'no_ssh': False, 
'enable_compat': False, 'add_agents': False, 'realm_name': 'IPA-STG.CHEWY.NET', 
'force_join': False, 'no_sshd': False, 'forward_policy': None, 'rid_base': 
None, 'quiet': False, 'setup_dns': True, 'host_name': None, 'log_file': None, 
'reverse_zones': None, 'allow_zone_overlap': False}
2017-07-27T21:54:14Z DEBUG IPA version 4.5.2-1.fc25
2017-07-27T21:54:14Z DEBUG Starting external process
2017-07-27T21:54:14Z DEBUG args=/usr/sbin/selinuxenabled
2017-07-27T21:54:14Z DEBUG Process finished, return code=1
2017-07-27T21:54:14Z DEBUG stdout=
2017-07-27T21:54:14Z DEBUG stderr=
2017-07-27T21:54:14Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-07-27T21:54:14Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:14Z DEBUG httpd is not configured
2017-07-27T21:54:14Z DEBUG kadmin is not configured
2017-07-27T21:54:14Z DEBUG dirsrv is not configured
2017-07-27T21:54:14Z DEBUG pki-tomcatd is not configured
2017-07-27T21:54:14Z DEBUG install is not configured
2017-07-27T21:54:14Z DEBUG krb5kdc is not configured
2017-07-27T21:54:14Z DEBUG ntpd is not configured
2017-07-27T21:54:14Z DEBUG named is not configured
2017-07-27T21:54:14Z DEBUG filestore is tracking no files
2017-07-27T21:54:14Z DEBUG Starting external process
2017-07-27T21:54:14Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2017-07-27T21:54:14Z DEBUG Process finished, return code=0
2017-07-27T21:54:14Z DEBUG stdout=VirtualHost configuration:
*:8443                 fll2aipa02stg.ipa-stg.chewy.net 
(/etc/httpd/conf.d/nss.conf:83)

2017-07-27T21:54:14Z DEBUG stderr=
2017-07-27T21:54:14Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-07-27T21:54:14Z DEBUG Configuring client side components
2017-07-27T21:54:14Z DEBUG Starting external process
2017-07-27T21:54:14Z DEBUG args=/usr/sbin/ipa-client-install --unattended 
--no-ntp --domain ipa-stg.chewy.net --server fll2aipa01stg.ipa-stg.chewy.net 
--realm IPA-STG.CHEWY.NET --principal admin --mkhomedir
2017-07-27T21:54:20Z DEBUG Process finished, return code=0
2017-07-27T21:54:20Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-07-27T21:54:20Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:20Z DEBUG importing all plugin modules in ipaserver.plugins...
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.aci
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.automember
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.automount
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.baseldap
2017-07-27T21:54:20Z DEBUG ipaserver.plugins.baseldap is not a valid plugin 
module
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.baseuser
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.batch
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.ca
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.caacl
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.cert
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.certmap
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.certprofile
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.config
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.delegation
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.dns
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.dogtag
2017-07-27T21:54:20Z DEBUG skipping plugin module ipaserver.plugins.dogtag: 
dogtag not selected as RA plugin
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.group
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.hbac
2017-07-27T21:54:20Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.plugins.hbacsvcgroup
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.hbactest
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.host
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.idrange
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.idviews
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.internal
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.join
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.ldap2
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.location
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.migration
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.misc
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.netgroup
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.otp
2017-07-27T21:54:20Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.otptoken
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.passwd
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.permission
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.ping
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.pkinit
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.privilege
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.rabase
2017-07-27T21:54:20Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.plugins.realmdomains
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.role
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.schema
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.selfservice
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.plugins.selinuxusermap
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.server
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.serverrole
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.serverroles
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.service
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.plugins.servicedelegation
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.session
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.stageuser
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.sudo
2017-07-27T21:54:20Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.plugins.sudocmdgroup
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.sudorule
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.topology
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.trust
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.user
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.vault
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.virtual
2017-07-27T21:54:20Z DEBUG ipaserver.plugins.virtual is not a valid plugin 
module
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.whoami
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2017-07-27T21:54:20Z DEBUG importing all plugin modules in 
ipaserver.install.plugins...
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.adtrust
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.ca_renewal_master
2017-07-27T21:54:20Z DEBUG importing plugin module ipaserver.install.plugins.dns
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.fix_replica_agreements
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.rename_managed
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_ca_topology
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_dna_shared_config
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_idranges
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_ldap_server_list
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_managed_permissions
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_nis
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_pacs
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_passsync
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_ra_cert_store
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_referint
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_services
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.update_uniqueness
2017-07-27T21:54:20Z DEBUG importing plugin module 
ipaserver.install.plugins.upload_cacrt
2017-07-27T21:54:21Z DEBUG Check if fll2aipa02stg.ipa-stg.chewy.net is a 
primary hostname for localhost
2017-07-27T21:54:21Z DEBUG Primary hostname for localhost: 
fll2aipa02stg.ipa-stg.chewy.net
2017-07-27T21:54:21Z DEBUG Check if fll2aipa01stg.ipa-stg.chewy.net is a 
primary hostname for localhost
2017-07-27T21:54:21Z DEBUG socket.gethostbyaddr() error: 1: Unknown host
2017-07-27T21:54:21Z DEBUG Initializing principal 
host/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net using keytab 
/etc/krb5.keytab
2017-07-27T21:54:21Z DEBUG using ccache /tmp/krbcclkPHfD/ccache
2017-07-27T21:54:21Z DEBUG Attempt 1/1: success
2017-07-27T21:54:21Z DEBUG importing all plugin modules in ipaserver.plugins...
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.aci
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.automember
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.automount
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.baseldap
2017-07-27T21:54:21Z DEBUG ipaserver.plugins.baseldap is not a valid plugin 
module
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.baseuser
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.batch
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.ca
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.caacl
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.cert
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.certmap
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.certprofile
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.config
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.delegation
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.dns
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.dogtag
2017-07-27T21:54:21Z DEBUG skipping plugin module ipaserver.plugins.dogtag: 
dogtag not selected as RA plugin
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.group
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.hbac
2017-07-27T21:54:21Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.plugins.hbacsvcgroup
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.hbactest
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.host
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.idrange
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.idviews
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.internal
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.join
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.ldap2
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.location
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.migration
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.misc
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.netgroup
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.otp
2017-07-27T21:54:21Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.otptoken
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.passwd
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.permission
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.ping
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.pkinit
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.privilege
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.rabase
2017-07-27T21:54:21Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.plugins.realmdomains
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.role
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.schema
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.selfservice
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.plugins.selinuxusermap
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.server
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.serverrole
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.serverroles
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.service
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.plugins.servicedelegation
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.session
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.stageuser
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.sudo
2017-07-27T21:54:21Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.plugins.sudocmdgroup
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.sudorule
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.topology
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.trust
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.user
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.vault
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.virtual
2017-07-27T21:54:21Z DEBUG ipaserver.plugins.virtual is not a valid plugin 
module
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.whoami
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2017-07-27T21:54:21Z DEBUG importing all plugin modules in 
ipaserver.install.plugins...
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.adtrust
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.ca_renewal_master
2017-07-27T21:54:21Z DEBUG importing plugin module ipaserver.install.plugins.dns
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.fix_replica_agreements
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.rename_managed
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_ca_topology
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_dna_shared_config
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_idranges
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_ldap_server_list
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_managed_permissions
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_nis
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_pacs
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_passsync
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_ra_cert_store
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_referint
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_services
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.update_uniqueness
2017-07-27T21:54:21Z DEBUG importing plugin module 
ipaserver.install.plugins.upload_cacrt
2017-07-27T21:54:23Z DEBUG Error retrieving cookie from the persistent storage: 
expected string or buffer
2017-07-27T21:54:23Z DEBUG failed to find session_cookie in persistent storage 
for principal 'host/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net'
2017-07-27T21:54:23Z INFO trying 
https://fll2aipa01stg.ipa-stg.chewy.net/ipa/json
2017-07-27T21:54:23Z DEBUG Created connection context.jsonclient_139774082975376
2017-07-27T21:54:23Z INFO [try 1]: Forwarding 'env' to json server 
'https://fll2aipa01stg.ipa-stg.chewy.net/ipa/json'
2017-07-27T21:54:23Z DEBUG New HTTP connection (fll2aipa01stg.ipa-stg.chewy.net)
2017-07-27T21:54:23Z DEBUG received Set-Cookie (<type 
'list'>)'['ipa_session=MagBearerToken=Hz9HoLzix564eiItH2tJiH1tutTACYrimJaCEEMcpa0CTJ2Qx3bTHE4ahnYTofcpiFr25eRonlytiLm6ZGjWnCbIIoKeib7j05oIW1VapR4iHqdxw9qLThDJihFsxkAdYLv9iyTJlQL7BoVpdOBiBKMLH72KOEalM3xzLlAH%2bBp4bW%2fJNSCIi1pwkvFFNmMxBh0TssDxm5TshxxDlr%2fVz%2bBbkqUaNOvlzt3TMKeb0X8kzPnvliIZXhgUXNqw7IgW%2fomqRVeeV%2fqcObhncI0DOKW8G77Z7iLFUKRIKkjJuibdG8csw5VJ2l4m7Kwvx80uBnMPWDSCMn3o0rhP57HUWw%3d%3d;path=/ipa;httponly;secure;']'
2017-07-27T21:54:23Z DEBUG storing cookie 
'ipa_session=MagBearerToken=Hz9HoLzix564eiItH2tJiH1tutTACYrimJaCEEMcpa0CTJ2Qx3bTHE4ahnYTofcpiFr25eRonlytiLm6ZGjWnCbIIoKeib7j05oIW1VapR4iHqdxw9qLThDJihFsxkAdYLv9iyTJlQL7BoVpdOBiBKMLH72KOEalM3xzLlAH%2bBp4bW%2fJNSCIi1pwkvFFNmMxBh0TssDxm5TshxxDlr%2fVz%2bBbkqUaNOvlzt3TMKeb0X8kzPnvliIZXhgUXNqw7IgW%2fomqRVeeV%2fqcObhncI0DOKW8G77Z7iLFUKRIKkjJuibdG8csw5VJ2l4m7Kwvx80uBnMPWDSCMn3o0rhP57HUWw%3d%3d;'
 for principal host/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net
2017-07-27T21:54:23Z INFO [try 1]: Forwarding 'env' to json server 
'https://fll2aipa01stg.ipa-stg.chewy.net/ipa/json'
2017-07-27T21:54:23Z DEBUG HTTP connection keep-alive 
(fll2aipa01stg.ipa-stg.chewy.net)
2017-07-27T21:54:23Z DEBUG received Set-Cookie (<type 
'list'>)'['ipa_session=MagBearerToken=0cYZCfP2le2yElJlOLfggmePPZ9rocCe6qd0R%2biVtbEBEh4ovbQBZzBbK6gtfNR4bZZOOaMECupPeuTZP54GZn5WquL9Ed%2fxZFgWJOwyxGnZbRS7x5X%2fuXsxPbS5GVaOurYgqe57Kcbkrk1FVPBkDBSMTeN5XwipJ4yo6r8rePE6B%2bSKqR%2fb07tVHLVtI8y5MU8XoRHffiyObjlSwgMrub4eTEx%2fGf0zkrT%2ffN21F418LB4NxfeoHBTd1c7VhXAG6tRC2%2bPFlxqU%2fVQoTkQzVTwn4yDJd7XxSFg7r3vgiUGtNaXyVRMou1oLEp98lrobYeLhnAuCY7Bt%2fgHzuZIdAg%3d%3d;path=/ipa;httponly;secure;']'
2017-07-27T21:54:23Z DEBUG storing cookie 
'ipa_session=MagBearerToken=0cYZCfP2le2yElJlOLfggmePPZ9rocCe6qd0R%2biVtbEBEh4ovbQBZzBbK6gtfNR4bZZOOaMECupPeuTZP54GZn5WquL9Ed%2fxZFgWJOwyxGnZbRS7x5X%2fuXsxPbS5GVaOurYgqe57Kcbkrk1FVPBkDBSMTeN5XwipJ4yo6r8rePE6B%2bSKqR%2fb07tVHLVtI8y5MU8XoRHffiyObjlSwgMrub4eTEx%2fGf0zkrT%2ffN21F418LB4NxfeoHBTd1c7VhXAG6tRC2%2bPFlxqU%2fVQoTkQzVTwn4yDJd7XxSFg7r3vgiUGtNaXyVRMou1oLEp98lrobYeLhnAuCY7Bt%2fgHzuZIdAg%3d%3d;'
 for principal host/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net
2017-07-27T21:54:23Z DEBUG Destroyed connection 
context.jsonclient_139774082975376
2017-07-27T21:54:23Z DEBUG Created connection context.ldap2_139774093174416
2017-07-27T21:54:23Z DEBUG flushing ldaps://fll2aipa01stg.ipa-stg.chewy.net 
from SchemaCache
2017-07-27T21:54:23Z DEBUG retrieving schema for SchemaCache 
url=ldaps://fll2aipa01stg.ipa-stg.chewy.net 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fb0906c68>
2017-07-27T21:54:23Z DEBUG raw: domainlevel_get(version=u'2.228')
2017-07-27T21:54:23Z DEBUG domainlevel_get(version=u'2.228')
2017-07-27T21:54:23Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', 
version=u'2.228', host=[u'fll2aipa02stg.ipa-stg.chewy.net'])
2017-07-27T21:54:23Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, 
raw=False, version=u'2.228', no_members=True, pkey_only=False, 
host=(u'fll2aipa02stg.ipa-stg.chewy.net',))
2017-07-27T21:54:23Z DEBUG KRB5CCNAME set to None
2017-07-27T21:54:23Z DEBUG Failed to find default ccache: Major (851968): 
Unspecified GSS failure.  Minor code may provide more information, Minor 
(2529639053): No Kerberos credentials available (default cache: 
KEYRING:persistent:0)
2017-07-27T21:54:23Z DEBUG Initializing principal ad...@ipa-stg.chewy.net using 
password
2017-07-27T21:54:23Z DEBUG Starting external process
2017-07-27T21:54:23Z DEBUG args=/usr/bin/kinit ad...@ipa-stg.chewy.net -c 
/tmp/tmpNoZVv1
2017-07-27T21:54:23Z DEBUG Process finished, return code=0
2017-07-27T21:54:23Z DEBUG stdout=Password for ad...@ipa-stg.chewy.net: 

2017-07-27T21:54:23Z DEBUG stderr=
2017-07-27T21:54:23Z DEBUG Destroyed connection context.ldap2_139774093174416
2017-07-27T21:54:23Z DEBUG Created connection context.ldap2_139774093174416
2017-07-27T21:54:23Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True, 
all=True, version=u'2.228')
2017-07-27T21:54:23Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True, 
raw=False, version=u'2.228', no_members=False)
2017-07-27T21:54:23Z DEBUG flushing ldaps://fll2aipa01stg.ipa-stg.chewy.net 
from SchemaCache
2017-07-27T21:54:23Z DEBUG retrieving schema for SchemaCache 
url=ldaps://fll2aipa01stg.ipa-stg.chewy.net 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fb093e7a0>
2017-07-27T21:54:23Z DEBUG Destroyed connection context.ldap2_139774093174416
2017-07-27T21:54:23Z DEBUG Created connection context.ldap2_139774093174416
2017-07-27T21:54:23Z DEBUG flushing ldaps://fll2aipa01stg.ipa-stg.chewy.net 
from SchemaCache
2017-07-27T21:54:23Z DEBUG retrieving schema for SchemaCache 
url=ldaps://fll2aipa01stg.ipa-stg.chewy.net 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fb093bef0>
2017-07-27T21:54:24Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-07-27T21:54:24Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:24Z DEBUG raw: kra_is_enabled(version=u'2.228')
2017-07-27T21:54:24Z DEBUG kra_is_enabled(version=u'2.228')
2017-07-27T21:54:24Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:24Z DEBUG raw: dns_is_enabled(version=u'2.228')
2017-07-27T21:54:24Z DEBUG dns_is_enabled(version=u'2.228')
2017-07-27T21:54:24Z DEBUG Name fll2aipa02stg.ipa-stg.chewy.net resolved to 
set([UnsafeIPAddress('10.0.33.201')])
2017-07-27T21:54:24Z WARNING No network interface matches the IP address 
10.0.33.201
2017-07-27T21:54:24Z DEBUG IP address 10.0.33.201 belongs to a private range, 
using forward policy only
2017-07-27T21:54:24Z DEBUG Checking DNS server: 10.0.2.10
2017-07-27T21:54:24Z DEBUG Checking DNS server: 10.0.2.11
2017-07-27T21:54:24Z DEBUG will use DNS forwarders: 
[CheckedIPAddress('10.0.2.10'), CheckedIPAddress('10.0.2.11')]

2017-07-27T21:54:24Z DEBUG Destroyed connection context.ldap2_139774093174416
2017-07-27T21:54:24Z DEBUG Created connection context.ldap2_139774093174416
2017-07-27T21:54:24Z DEBUG raw: hostgroup_add_member(u'ipaservers', 
version=u'2.228', host=[u'fll2aipa02stg.ipa-stg.chewy.net'])
2017-07-27T21:54:24Z DEBUG hostgroup_add_member(u'ipaservers', all=False, 
raw=False, version=u'2.228', no_members=False, 
host=(u'fll2aipa02stg.ipa-stg.chewy.net',))
2017-07-27T21:54:24Z DEBUG add_entry_to_group: 
dn=fqdn=fll2aipa02stg.ipa-stg.chewy.net,cn=computers,cn=accounts,dc=ipa-stg,dc=chewy,dc=net
 group_dn=cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa-stg,dc=chewy,dc=net 
member_attr=member
2017-07-27T21:54:24Z DEBUG flushing ldaps://fll2aipa01stg.ipa-stg.chewy.net 
from SchemaCache
2017-07-27T21:54:24Z DEBUG retrieving schema for SchemaCache 
url=ldaps://fll2aipa01stg.ipa-stg.chewy.net 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fae0ef5f0>
2017-07-27T21:54:24Z DEBUG Destroyed connection context.ldap2_139774093174416
2017-07-27T21:54:24Z DEBUG Starting external process
2017-07-27T21:54:24Z DEBUG args=/bin/systemctl start messagebus.service
2017-07-27T21:54:24Z DEBUG Process finished, return code=0
2017-07-27T21:54:24Z DEBUG stdout=
2017-07-27T21:54:24Z DEBUG stderr=
2017-07-27T21:54:24Z DEBUG Starting external process
2017-07-27T21:54:24Z DEBUG args=/bin/systemctl is-active messagebus.service
2017-07-27T21:54:24Z DEBUG Process finished, return code=0
2017-07-27T21:54:24Z DEBUG stdout=active

2017-07-27T21:54:24Z DEBUG stderr=
2017-07-27T21:54:24Z DEBUG Starting external process
2017-07-27T21:54:24Z DEBUG args=/bin/systemctl restart certmonger.service
2017-07-27T21:54:24Z DEBUG Process finished, return code=0
2017-07-27T21:54:24Z DEBUG stdout=
2017-07-27T21:54:24Z DEBUG stderr=
2017-07-27T21:54:24Z DEBUG Starting external process
2017-07-27T21:54:24Z DEBUG args=/bin/systemctl is-active certmonger.service
2017-07-27T21:54:24Z DEBUG Process finished, return code=0
2017-07-27T21:54:24Z DEBUG stdout=active

2017-07-27T21:54:24Z DEBUG stderr=
2017-07-27T21:54:24Z DEBUG Starting external process
2017-07-27T21:54:24Z DEBUG args=/bin/systemctl enable certmonger.service
2017-07-27T21:54:24Z DEBUG Process finished, return code=0
2017-07-27T21:54:24Z DEBUG stdout=
2017-07-27T21:54:24Z DEBUG stderr=Created symlink 
/etc/systemd/system/multi-user.target.wants/certmonger.service → 
/usr/lib/systemd/system/certmonger.service.

2017-07-27T21:54:24Z DEBUG Created connection context.ldap2_139774093174416
2017-07-27T21:54:24Z DEBUG flushing ldaps://fll2aipa01stg.ipa-stg.chewy.net 
from SchemaCache
2017-07-27T21:54:24Z DEBUG retrieving schema for SchemaCache 
url=ldaps://fll2aipa01stg.ipa-stg.chewy.net 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fba763128>
2017-07-27T21:54:24Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-07-27T21:54:24Z DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:24Z DEBUG Configuring directory server (dirsrv). Estimated 
time: 30 seconds
2017-07-27T21:54:24Z DEBUG   [1/40]: creating directory server instance
2017-07-27T21:54:24Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-07-27T21:54:24Z DEBUG Saving StateFile to 
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-07-27T21:54:24Z DEBUG Backing up system configuration file 
'/etc/sysconfig/dirsrv'
2017-07-27T21:54:24Z DEBUG Saving Index File to 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:24Z DEBUG 
dn: dc=ipa-stg,dc=chewy,dc=net
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: ipa-stg
info: IPA V2.0

2017-07-27T21:54:24Z DEBUG writing inf template
2017-07-27T21:54:24Z DEBUG 
[General]
FullMachineName=   fll2aipa02stg.ipa-stg.chewy.net
SuiteSpotUserID=   dirsrv
SuiteSpotGroup=    dirsrv
ServerRoot=    /usr/lib64/dirsrv
[slapd]
ServerPort=   389
ServerIdentifier=   IPA-STG-CHEWY-NET
Suffix=   dc=ipa-stg,dc=chewy,dc=net
RootDN=   cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir=   /var/lib/dirsrv/scripts-IPA-STG-CHEWY-NET

2017-07-27T21:54:24Z DEBUG calling setup-ds.pl
2017-07-27T21:54:24Z DEBUG Starting external process
2017-07-27T21:54:24Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f 
/tmp/tmpLUrpb7
2017-07-27T21:54:26Z DEBUG Process finished, return code=0
2017-07-27T21:54:26Z DEBUG stdout=[17/07/27:17:54:26] - [Setup] Info Your new 
DS instance 'IPA-STG-CHEWY-NET' was successfully created.
Your new DS instance 'IPA-STG-CHEWY-NET' was successfully created.
[17/07/27:17:54:26] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'


2017-07-27T21:54:26Z DEBUG stderr=
2017-07-27T21:54:26Z DEBUG completed creating DS instance
2017-07-27T21:54:26Z DEBUG   duration: 1 seconds
2017-07-27T21:54:26Z DEBUG   [2/40]: enabling ldapi
2017-07-27T21:54:26Z DEBUG Starting external process
2017-07-27T21:54:26Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp1wMUC7 -H 
ldap://localhost -x -D cn=Directory Manager -y /tmp/tmp8Bi0Uo
2017-07-27T21:54:26Z DEBUG Process finished, return code=0
2017-07-27T21:54:26Z DEBUG stdout=replace nsslapd-ldapilisten:
        on
modifying entry "cn=config"
modify complete


2017-07-27T21:54:26Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2017-07-27T21:54:26Z DEBUG   duration: 0 seconds
2017-07-27T21:54:26Z DEBUG   [3/40]: configure autobind for root
2017-07-27T21:54:26Z DEBUG Starting external process
2017-07-27T21:54:26Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory 
Manager -y /tmp/tmpc42Emp
2017-07-27T21:54:26Z DEBUG Process finished, return code=0
2017-07-27T21:54:26Z DEBUG stdout=add objectClass:
        extensibleObject
        top
add cn:
        root-autobind
add uidNumber:
        0
add gidNumber:
        0
adding new entry "cn=root-autobind,cn=config"
modify complete

replace nsslapd-ldapiautobind:
        on
modifying entry "cn=config"
modify complete

replace nsslapd-ldapimaptoentries:
        on
modifying entry "cn=config"
modify complete


2017-07-27T21:54:26Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2017-07-27T21:54:26Z DEBUG   duration: 0 seconds
2017-07-27T21:54:26Z DEBUG   [4/40]: stopping directory server
2017-07-27T21:54:26Z DEBUG Starting external process
2017-07-27T21:54:26Z DEBUG args=/bin/systemctl stop 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:27Z DEBUG Process finished, return code=0
2017-07-27T21:54:27Z DEBUG stdout=
2017-07-27T21:54:27Z DEBUG stderr=
2017-07-27T21:54:27Z DEBUG   duration: 0 seconds
2017-07-27T21:54:27Z DEBUG   [5/40]: updating configuration in dse.ldif
2017-07-27T21:54:27Z DEBUG   duration: 0 seconds
2017-07-27T21:54:27Z DEBUG   [6/40]: starting directory server
2017-07-27T21:54:27Z DEBUG Starting external process
2017-07-27T21:54:27Z DEBUG args=/bin/systemctl start 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=
2017-07-27T21:54:28Z DEBUG stderr=
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/bin/systemctl is-active 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=active

2017-07-27T21:54:28Z DEBUG stderr=
2017-07-27T21:54:28Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-07-27T21:54:28Z DEBUG Created connection context.ldap2_139774114416656
2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [7/40]: adding default schema
2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [8/40]: enabling memberof plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/memberof-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=replace nsslapd-pluginenabled:
        on
add memberofgroupattr:
        memberUser
add memberofgroupattr:
        memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [9/40]: enabling winsync plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/ipa-winsync-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        ipa-winsync
add nsslapd-pluginpath:
        libipa_winsync
add nsslapd-plugininitfunc:
        ipa_winsync_plugin_init
add nsslapd-pluginDescription:
        Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
        ipa-winsync
add nsslapd-pluginversion:
        1.0
add nsslapd-pluginvendor:
        Red Hat
add nsslapd-plugintype:
        preoperation
add nsslapd-pluginenabled:
        on
add nsslapd-plugin-depends-on-type:
        database
add ipaWinSyncRealmFilter:
        (objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
        cn
add ipaWinSyncNewEntryFilter:
        (cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
        ipauserobjectclasses
add ipaWinSyncUserFlatten:
        true
add ipaWinsyncHomeDirAttr:
        ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
        ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
        ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
        (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
        both
add ipaWinSyncForceSync:
        true
add ipaWinSyncUserAttr:
        uidNumber -1
        gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [10/40]: configuring replication version plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/version-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        IPA Version Replication
add nsslapd-pluginpath:
        libipa_repl_version
add nsslapd-plugininitfunc:
        repl_version_plugin_init
add nsslapd-plugintype:
        preoperation
add nsslapd-pluginenabled:
        off
add nsslapd-pluginid:
        ipa_repl_version
add nsslapd-pluginversion:
        1.0
add nsslapd-pluginvendor:
        Red Hat, Inc.
add nsslapd-plugindescription:
        IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-plugin-depends-on-named:
        Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [11/40]: enabling IPA enrollment plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpajXWLf -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        ipa_enrollment_extop
add nsslapd-pluginpath:
        libipa_enrollment_extop
add nsslapd-plugininitfunc:
        ipaenrollment_init
add nsslapd-plugintype:
        extendedop
add nsslapd-pluginenabled:
        on
add nsslapd-pluginid:
        ipa_enrollment_extop
add nsslapd-pluginversion:
        1.0
add nsslapd-pluginvendor:
        RedHat
add nsslapd-plugindescription:
        Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-realmTree:
        dc=ipa-stg,dc=chewy,dc=net
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [12/40]: configuring uniqueness plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpkYqPfb -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectClass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        krbPrincipalName uniqueness
add nsslapd-pluginPath:
        libattr-unique-plugin
add nsslapd-pluginInitfunc:
        NSUniqueAttr_Init
add nsslapd-pluginType:
        preoperation
add nsslapd-pluginEnabled:
        on
add uniqueness-attribute-name:
        krbPrincipalName
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-pluginId:
        NSUniqueAttr
add nsslapd-pluginVersion:
        1.1.0
add nsslapd-pluginVendor:
        Fedora Project
add nsslapd-pluginDescription:
        Enforce unique attribute values
add uniqueness-subtrees:
        dc=ipa-stg,dc=chewy,dc=net
add uniqueness-exclude-subtrees:
        cn=staged users,cn=accounts,cn=provisioning,dc=ipa-stg,dc=chewy,dc=net
add uniqueness-across-all-subtrees:
        on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        krbCanonicalName uniqueness
add nsslapd-pluginPath:
        libattr-unique-plugin
add nsslapd-pluginInitfunc:
        NSUniqueAttr_Init
add nsslapd-pluginType:
        preoperation
add nsslapd-pluginEnabled:
        on
add uniqueness-attribute-name:
        krbCanonicalName
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-pluginId:
        NSUniqueAttr
add nsslapd-pluginVersion:
        1.1.0
add nsslapd-pluginVendor:
        Fedora Project
add nsslapd-pluginDescription:
        Enforce unique attribute values
add uniqueness-subtrees:
        dc=ipa-stg,dc=chewy,dc=net
add uniqueness-exclude-subtrees:
        cn=staged users,cn=accounts,cn=provisioning,dc=ipa-stg,dc=chewy,dc=net
add uniqueness-across-all-subtrees:
        on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        netgroup uniqueness
add nsslapd-pluginPath:
        libattr-unique-plugin
add nsslapd-pluginInitfunc:
        NSUniqueAttr_Init
add nsslapd-pluginType:
        preoperation
add nsslapd-pluginEnabled:
        on
add uniqueness-attribute-name:
        cn
add uniqueness-subtrees:
        cn=ng,cn=alt,dc=ipa-stg,dc=chewy,dc=net
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-pluginId:
        NSUniqueAttr
add nsslapd-pluginVersion:
        1.1.0
add nsslapd-pluginVendor:
        Fedora Project
add nsslapd-pluginDescription:
        Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        ipaUniqueID uniqueness
add nsslapd-pluginPath:
        libattr-unique-plugin
add nsslapd-pluginInitfunc:
        NSUniqueAttr_Init
add nsslapd-pluginType:
        preoperation
add nsslapd-pluginEnabled:
        on
add uniqueness-attribute-name:
        ipaUniqueID
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-pluginId:
        NSUniqueAttr
add nsslapd-pluginVersion:
        1.1.0
add nsslapd-pluginVendor:
        Fedora Project
add nsslapd-pluginDescription:
        Enforce unique attribute values
add uniqueness-subtrees:
        dc=ipa-stg,dc=chewy,dc=net
add uniqueness-exclude-subtrees:
        cn=staged users,cn=accounts,cn=provisioning,dc=ipa-stg,dc=chewy,dc=net
add uniqueness-across-all-subtrees:
        on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        sudorule name uniqueness
add nsslapd-pluginDescription:
        Enforce unique attribute values
add nsslapd-pluginPath:
        libattr-unique-plugin
add nsslapd-pluginInitfunc:
        NSUniqueAttr_Init
add nsslapd-pluginType:
        preoperation
add nsslapd-pluginEnabled:
        on
add uniqueness-attribute-name:
        cn
add uniqueness-subtrees:
        cn=sudorules,cn=sudo,dc=ipa-stg,dc=chewy,dc=net
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-pluginId:
        NSUniqueAttr
add nsslapd-pluginVersion:
        1.1.0
add nsslapd-pluginVendor:
        Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [13/40]: configuring uuid plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/uuid-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        IPA UUID
add nsslapd-pluginpath:
        libipa_uuid
add nsslapd-plugininitfunc:
        ipauuid_init
add nsslapd-plugintype:
        preoperation
add nsslapd-pluginenabled:
        on
add nsslapd-pluginid:
        ipauuid_version
add nsslapd-pluginversion:
        1.0
add nsslapd-pluginvendor:
        Red Hat, Inc.
add nsslapd-plugindescription:
        IPA UUID plugin
add nsslapd-plugin-depends-on-type:
        database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpysInIp -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        extensibleObject
add cn:
        IPA Unique IDs
add ipaUuidAttr:
        ipaUniqueID
add ipaUuidMagicRegen:
        autogenerate
add ipaUuidFilter:
        (|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
        dc=ipa-stg,dc=chewy,dc=net
add ipaUuidEnforce:
        TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

add objectclass:
        top
        extensibleObject
add cn:
        IPK11 Unique IDs
add ipaUuidAttr:
        ipk11UniqueID
add ipaUuidMagicRegen:
        autogenerate
add ipaUuidFilter:
        (objectclass=ipk11Object)
add ipaUuidScope:
        dc=ipa-stg,dc=chewy,dc=net
add ipaUuidEnforce:
        FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [14/40]: configuring modrdn plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/modrdn-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        IPA MODRDN
add nsslapd-pluginpath:
        libipa_modrdn
add nsslapd-plugininitfunc:
        ipamodrdn_init
add nsslapd-plugintype:
        betxnpostoperation
add nsslapd-pluginenabled:
        on
add nsslapd-pluginid:
        ipamodrdn_version
add nsslapd-pluginversion:
        1.0
add nsslapd-pluginvendor:
        Red Hat, Inc.
add nsslapd-plugindescription:
        IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
        database
add nsslapd-pluginPrecedence:
        60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp51odYQ -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        extensibleObject
add cn:
        Kerberos Principal Name
add ipaModRDNsourceAttr:
        uid
add ipaModRDNtargetAttr:
        krbPrincipalName
add ipaModRDNsuffix:
        @IPA-STG.CHEWY.NET
add ipaModRDNfilter:
        (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
        dc=ipa-stg,dc=chewy,dc=net
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

add objectclass:
        top
        extensibleObject
add cn:
        Kerberos Canonical Name
add ipaModRDNsourceAttr:
        uid
add ipaModRDNtargetAttr:
        krbCanonicalName
add ipaModRDNsuffix:
        @IPA-STG.CHEWY.NET
add ipaModRDNfilter:
        (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
        dc=ipa-stg,dc=chewy,dc=net
adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [15/40]: configuring DNS plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/ipa-dns-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsslapdPlugin
        extensibleObject
add cn:
        IPA DNS
add nsslapd-plugindescription:
        IPA DNS support plugin
add nsslapd-pluginenabled:
        on
add nsslapd-pluginid:
        ipa_dns
add nsslapd-plugininitfunc:
        ipadns_init
add nsslapd-pluginpath:
        libipa_dns.so
add nsslapd-plugintype:
        preoperation
add nsslapd-pluginvendor:
        Red Hat, Inc.
add nsslapd-pluginversion:
        1.0
add nsslapd-plugin-depends-on-type:
        database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [16/40]: enabling entryUSN plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/entryusn.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=replace nsslapd-entryusn-global:
        on
modifying entry "cn=config"
modify complete

replace nsslapd-entryusn-import-initval:
        next
modifying entry "cn=config"
modify complete

replace nsslapd-pluginenabled:
        on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [17/40]: configuring lockout plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/lockout-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectclass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        IPA Lockout
add nsslapd-pluginpath:
        libipa_lockout
add nsslapd-plugininitfunc:
        ipalockout_init
add nsslapd-plugintype:
        object
add nsslapd-pluginenabled:
        on
add nsslapd-pluginid:
        ipalockout_version
add nsslapd-pluginversion:
        1.0
add nsslapd-pluginvendor:
        Red Hat, Inc.
add nsslapd-plugindescription:
        IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
        database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [18/40]: configuring topology plugin
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp50rU2U -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:28Z DEBUG Process finished, return code=0
2017-07-27T21:54:28Z DEBUG stdout=add objectClass:
        top
        nsSlapdPlugin
        extensibleObject
add cn:
        IPA Topology Configuration
add nsslapd-pluginPath:
        libtopology
add nsslapd-pluginInitfunc:
        ipa_topo_init
add nsslapd-pluginType:
        object
add nsslapd-pluginEnabled:
        on
add nsslapd-topo-plugin-shared-config-base:
        cn=ipa,cn=etc,dc=ipa-stg,dc=chewy,dc=net
add nsslapd-topo-plugin-shared-replica-root:
        dc=ipa-stg,dc=chewy,dc=net
        o=ipaca
add nsslapd-topo-plugin-shared-binddngroup:
        cn=replication managers,cn=sysaccounts,cn=etc,dc=ipa-stg,dc=chewy,dc=net
add nsslapd-topo-plugin-startup-delay:
        20
add nsslapd-pluginId:
        none
add nsslapd-plugin-depends-on-named:
        ldbm database
        Multimaster Replication Plugin
add nsslapd-pluginVersion:
        1.0
add nsslapd-pluginVendor:
        none
add nsslapd-pluginDescription:
        none
adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:28Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:28Z DEBUG   duration: 0 seconds
2017-07-27T21:54:28Z DEBUG   [19/40]: creating indices
2017-07-27T21:54:28Z DEBUG Starting external process
2017-07-27T21:54:28Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/indices.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:29Z DEBUG Process finished, return code=0
2017-07-27T21:54:29Z DEBUG stdout=add objectClass:
        top
        nsIndex
add cn:
        krbPrincipalName
add nsSystemIndex:
        false
add nsIndexType:
        eq
        sub
add nsMatchingRule:
        caseIgnoreIA5Match
        caseExactIA5Match
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        ou
add nsSystemIndex:
        false
add nsIndexType:
        eq
        sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        carLicense
add nsSystemIndex:
        false
add nsIndexType:
        eq
        sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        title
add nsSystemIndex:
        false
add nsIndexType:
        eq
        sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        manager
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        secretary
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        displayname
add nsSystemIndex:
        false
add nsIndexType:
        eq
        sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add nsIndexType:
        sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        uidnumber
add nsSystemIndex:
        false
add nsIndexType:
        eq
add nsMatchingRule:
        integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add objectClass:
        top
        nsIndex
add cn:
        gidnumber
add nsSystemIndex:
        false
add nsIndexType:
        eq
add nsMatchingRule:
        integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
        eq
        pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
        eq
        pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add ObjectClass:
        top
        nsIndex
add cn:
        fqdn
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add ObjectClass:
        top
        nsIndex
add cn:
        macAddress
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        memberHost
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        memberUser
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        sourcehost
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        memberservice
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        managedby
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        memberallowcmd
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        memberdenycmd
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipasudorunas
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipasudorunasgroup
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        automountkey
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipakrbprincipalalias
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipauniqueid
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipaMemberCa
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipaMemberCertProfile
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
        sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        userCertificate
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        ipalocation
add ObjectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        pres
adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete

add cn:
        krbCanonicalName
add objectClass:
        top
        nsIndex
add nsSystemIndex:
        false
add nsIndexType:
        eq
        sub
adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm 
database,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:29Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:29Z DEBUG   duration: 0 seconds
2017-07-27T21:54:29Z DEBUG   [20/40]: enabling referential integrity plugin
2017-07-27T21:54:29Z DEBUG Starting external process
2017-07-27T21:54:29Z DEBUG args=/usr/bin/ldapmodify -v -f 
/usr/share/ipa/referint-conf.ldif -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:29Z DEBUG Process finished, return code=0
2017-07-27T21:54:29Z DEBUG stdout=replace nsslapd-pluginenabled:
        on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:29Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:29Z DEBUG   duration: 0 seconds
2017-07-27T21:54:29Z DEBUG   [21/40]: configuring certmap.conf
2017-07-27T21:54:29Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-07-27T21:54:29Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-07-27T21:54:29Z DEBUG Saving StateFile to 
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-07-27T21:54:29Z DEBUG   duration: 0 seconds
2017-07-27T21:54:29Z DEBUG   [22/40]: configure new location for managed entries
2017-07-27T21:54:29Z DEBUG Starting external process
2017-07-27T21:54:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpqRhAon -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:29Z DEBUG Process finished, return code=0
2017-07-27T21:54:29Z DEBUG stdout=add nsslapd-pluginConfigArea:
        cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa-stg,dc=chewy,dc=net
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete


2017-07-27T21:54:29Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:29Z DEBUG   duration: 0 seconds
2017-07-27T21:54:29Z DEBUG   [23/40]: configure dirsrv ccache
2017-07-27T21:54:29Z DEBUG Backing up system configuration file 
'/etc/sysconfig/dirsrv'
2017-07-27T21:54:29Z DEBUG Saving Index File to 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:29Z DEBUG Starting external process
2017-07-27T21:54:29Z DEBUG args=/usr/sbin/selinuxenabled
2017-07-27T21:54:29Z DEBUG Process finished, return code=1
2017-07-27T21:54:29Z DEBUG stdout=
2017-07-27T21:54:29Z DEBUG stderr=
2017-07-27T21:54:29Z DEBUG   duration: 0 seconds
2017-07-27T21:54:29Z DEBUG   [24/40]: enabling SASL mapping fallback
2017-07-27T21:54:29Z DEBUG Starting external process
2017-07-27T21:54:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpZqyr_2 -H 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket -Y EXTERNAL
2017-07-27T21:54:29Z DEBUG Process finished, return code=0
2017-07-27T21:54:29Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
        on
modifying entry "cn=config"
modify complete


2017-07-27T21:54:29Z DEBUG stderr=ldap_initialize( 
ldapi://%2Fvar%2Frun%2Fslapd-IPA-STG-CHEWY-NET.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2017-07-27T21:54:29Z DEBUG   duration: 0 seconds
2017-07-27T21:54:29Z DEBUG   [25/40]: restarting directory server
2017-07-27T21:54:29Z DEBUG Destroyed connection context.ldap2_139774114416656
2017-07-27T21:54:29Z DEBUG Starting external process
2017-07-27T21:54:29Z DEBUG args=/bin/systemctl --system daemon-reload
2017-07-27T21:54:29Z DEBUG Process finished, return code=0
2017-07-27T21:54:29Z DEBUG stdout=
2017-07-27T21:54:29Z DEBUG stderr=
2017-07-27T21:54:29Z DEBUG Starting external process
2017-07-27T21:54:29Z DEBUG args=/bin/systemctl restart 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:30Z DEBUG Process finished, return code=0
2017-07-27T21:54:30Z DEBUG stdout=
2017-07-27T21:54:30Z DEBUG stderr=
2017-07-27T21:54:30Z DEBUG Starting external process
2017-07-27T21:54:30Z DEBUG args=/bin/systemctl is-active 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:30Z DEBUG Process finished, return code=0
2017-07-27T21:54:30Z DEBUG stdout=active

2017-07-27T21:54:30Z DEBUG stderr=
2017-07-27T21:54:30Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-07-27T21:54:30Z DEBUG Starting external process
2017-07-27T21:54:30Z DEBUG args=/bin/systemctl is-active 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:30Z DEBUG Process finished, return code=0
2017-07-27T21:54:30Z DEBUG stdout=active

2017-07-27T21:54:30Z DEBUG stderr=
2017-07-27T21:54:30Z DEBUG Created connection context.ldap2_139774114416656
2017-07-27T21:54:30Z DEBUG   duration: 0 seconds
2017-07-27T21:54:30Z DEBUG   [26/40]: creating DS keytab
2017-07-27T21:54:30Z DEBUG raw: 
service_add(u'ldap/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net', 
force=True, version=u'2.228')
2017-07-27T21:54:30Z DEBUG 
service_add(ipapython.kerberos.Principal('ldap/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net'),
 force=True, all=False, raw=False, version=u'2.228', no_members=False)
2017-07-27T21:54:30Z DEBUG raw: host_show(u'fll2aipa02stg.ipa-stg.chewy.net', 
version=u'2.228')
2017-07-27T21:54:30Z DEBUG host_show(u'fll2aipa02stg.ipa-stg.chewy.net', 
rights=False, all=False, raw=False, version=u'2.228', no_members=False)
2017-07-27T21:54:30Z DEBUG Backing up system configuration file 
'/etc/dirsrv/ds.keytab'
2017-07-27T21:54:30Z DEBUG   -> Not backing up - '/etc/dirsrv/ds.keytab' 
doesn't exist
2017-07-27T21:54:30Z DEBUG Starting external process
2017-07-27T21:54:30Z DEBUG args=/usr/sbin/ipa-getkeytab -k 
/etc/dirsrv/ds.keytab -p ldap/fll2aipa02stg.ipa-stg.chewy....@ipa-stg.chewy.net 
-H ldaps://fll2aipa01stg.ipa-stg.chewy.net
2017-07-27T21:54:30Z DEBUG Process finished, return code=0
2017-07-27T21:54:30Z DEBUG stdout=
2017-07-27T21:54:30Z DEBUG stderr=Keytab successfully retrieved and stored in: 
/etc/dirsrv/ds.keytab

2017-07-27T21:54:30Z DEBUG   duration: 0 seconds
2017-07-27T21:54:30Z DEBUG   [27/40]: setting up initial replication
2017-07-27T21:54:30Z DEBUG retrieving schema for SchemaCache 
url=ldapi://%2fvar%2frun%2fslapd-IPA-STG-CHEWY-NET.socket 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fadfab368>
2017-07-27T21:54:31Z DEBUG Destroyed connection context.ldap2_139774114416656
2017-07-27T21:54:31Z DEBUG Starting external process
2017-07-27T21:54:31Z DEBUG args=/bin/systemctl --system daemon-reload
2017-07-27T21:54:31Z DEBUG Process finished, return code=0
2017-07-27T21:54:31Z DEBUG stdout=
2017-07-27T21:54:31Z DEBUG stderr=
2017-07-27T21:54:31Z DEBUG Starting external process
2017-07-27T21:54:31Z DEBUG args=/bin/systemctl restart 
dirsrv@IPA-STG-CHEWY-NET.service
2017-07-27T21:54:31Z DEBUG Process finished, return code=0
2017-07-27T21:54:31Z DEBUG stdout=
2017-07-27T21:54:31Z DEBUG stderr=
2017-07-27T21:54:31Z DEBUG Created connection context.ldap2_139774114416656
2017-07-27T21:54:32Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2017-07-27T21:54:32Z DEBUG retrieving schema for SchemaCache 
url=ldap://fll2aipa01stg.ipa-stg.chewy.net:389 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f1fae7a11b8>
2017-07-27T21:54:32Z DEBUG Successfully updated nsDS5ReplicaId.
2017-07-27T21:54:32Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2017-07-27T21:54:32Z DEBUG Successfully updated nsDS5ReplicaId.
2017-07-27T21:54:47Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
494, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
439, in __setup_replica
    cacert=self.ca_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 1666, in setup_promote_replication
    raise RuntimeError("Failed to start replication")
RuntimeError: Failed to start replication

2017-07-27T21:54:47Z DEBUG   [error] RuntimeError: Failed to start replication
2017-07-27T21:54:47Z DEBUG Destroyed connection context.ldap2_139774093174416
2017-07-27T21:54:47Z DEBUG Backing up system configuration file 
'/etc/ipa/default.conf'
2017-07-27T21:54:47Z DEBUG Saving Index File to 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-07-27T21:54:47Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, 
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, 
in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, 
in execute
    for _nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, 
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, 
in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, 
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, 
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, 
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, 
in _install
    for _nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", 
line 617, in main
    replica_install(self)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 390, in decorated
    func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 1415, in install
    pkcs12_info=dirsrv_pkcs12_info)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 111, in install_replica_ds
    setup_pkinit=not options.no_pkinit,
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
404, in create_replica
    self.start_creation(runtime=30)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
494, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
439, in __setup_replica
    cacert=self.ca_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 1666, in setup_promote_replication
    raise RuntimeError("Failed to start replication")

2017-07-27T21:54:47Z DEBUG The ipa-replica-install command failed, exception: 
RuntimeError: Failed to start replication
2017-07-27T21:54:47Z ERROR Failed to start replication
2017-07-27T21:54:47Z ERROR The ipa-replica-install command failed. See 
/var/log/ipareplica-install.log for more information
Client hostname: fll2aipa02stg.ipa-stg.chewy.net
Realm: IPA-STG.CHEWY.NET
DNS Domain: ipa-stg.chewy.net
IPA Server: fll2aipa01stg.ipa-stg.chewy.net
BaseDN: dc=ipa-stg,dc=chewy,dc=net
Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=IPA-STG.CHEWY.NET
    Issuer:      CN=Certificate Authority,O=IPA-STG.CHEWY.NET
    Valid From:  2017-07-27 21:30:49
    Valid Until: 2037-07-27 21:30:49

Enrolled in IPA realm IPA-STG.CHEWY.NET
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm IPA-STG.CHEWY.NET
trying https://fll2aipa01stg.ipa-stg.chewy.net/ipa/json
[try 1]: Forwarding 'schema' to json server 
'https://fll2aipa01stg.ipa-stg.chewy.net/ipa/json'
trying https://fll2aipa01stg.ipa-stg.chewy.net/ipa/session/json
[try 1]: Forwarding 'ping' to json server 
'https://fll2aipa01stg.ipa-stg.chewy.net/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 
'https://fll2aipa01stg.ipa-stg.chewy.net/ipa/session/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
[try 1]: Forwarding 'host_mod' to json server 
'https://fll2aipa01stg.ipa-stg.chewy.net/ipa/session/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring ipa-stg.chewy.net as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
WARNING: No network interface matches the IP address 10.0.33.201
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    
Failed to start replication
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
more information
stdout: Configuring client side components


Warning: skipping DNS resolution of host fll2aipa02stg.ipa-stg.chewy.net
Warning: skipping DNS resolution of host fll2aipa01stg.ipa-stg.chewy.net
Checking DNS forwarders, please wait ...
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/40]: creating directory server instance
  [2/40]: enabling ldapi
  [3/40]: configure autobind for root
  [4/40]: stopping directory server
  [5/40]: updating configuration in dse.ldif
  [6/40]: starting directory server
  [7/40]: adding default schema
  [8/40]: enabling memberof plugin
  [9/40]: enabling winsync plugin
  [10/40]: configuring replication version plugin
  [11/40]: enabling IPA enrollment plugin
  [12/40]: configuring uniqueness plugin
  [13/40]: configuring uuid plugin
  [14/40]: configuring modrdn plugin
  [15/40]: configuring DNS plugin
  [16/40]: enabling entryUSN plugin
  [17/40]: configuring lockout plugin
  [18/40]: configuring topology plugin
  [19/40]: creating indices
  [20/40]: enabling referential integrity plugin
  [21/40]: configuring certmap.conf
  [22/40]: configure new location for managed entries
  [23/40]: configure dirsrv ccache
  [24/40]: enabling SASL mapping fallback
  [25/40]: restarting directory server
  [26/40]: creating DS keytab
  [27/40]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://fll2aipa01stg.ipa-stg.chewy.net:389] reports: Update failed! Status: 
[-1  - LDAP error: Can't contact LDAP server]

  [error] RuntimeError: Failed to start replication
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

FATAL: all hosts have already failed -- aborting
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to