Hello all... FreeIPA newbie here.
I have inherited a freeipa infrastructure. It consists of 12 servers all authign to freeipa fro ssh and some ftp. My problem is as follows; Original master(Dunlop) is dead, there remains a replica(freeipa) that barley works on a VM in virtualbox on a linux server. I am trying to setup a new freeipa server(Auth-1) to replace both of the current freeipa servers in vmware. SO in the current working serve(freeipa) i run this in debug mode.... [root@freeipa /]# ipa-replica-prepare --debug auth-1.domain.com ipa: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa: DEBUG: importing all plugin modules in ipaserver.plugins... ipa: DEBUG: importing plugin module ipaserver.plugins.aci ipa: DEBUG: importing plugin module ipaserver.plugins.automember ipa: DEBUG: importing plugin module ipaserver.plugins.automount ipa: DEBUG: importing plugin module ipaserver.plugins.baseldap ipa: DEBUG: ipaserver.plugins.baseldap is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.baseuser ipa: DEBUG: importing plugin module ipaserver.plugins.batch ipa: DEBUG: importing plugin module ipaserver.plugins.ca ipa: DEBUG: importing plugin module ipaserver.plugins.caacl ipa: DEBUG: importing plugin module ipaserver.plugins.cert ipa: DEBUG: importing plugin module ipaserver.plugins.certprofile ipa: DEBUG: importing plugin module ipaserver.plugins.config ipa: DEBUG: importing plugin module ipaserver.plugins.delegation ipa: DEBUG: importing plugin module ipaserver.plugins.dns ipa: DEBUG: importing plugin module ipaserver.plugins.dnsserver ipa: DEBUG: importing plugin module ipaserver.plugins.dogtag ipa: DEBUG: importing plugin module ipaserver.plugins.domainlevel ipa: DEBUG: importing plugin module ipaserver.plugins.group ipa: DEBUG: importing plugin module ipaserver.plugins.hbac ipa: DEBUG: ipaserver.plugins.hbac is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.hbacrule ipa: DEBUG: importing plugin module ipaserver.plugins.hbacsvc ipa: DEBUG: importing plugin module ipaserver.plugins.hbacsvcgroup ipa: DEBUG: importing plugin module ipaserver.plugins.hbactest ipa: DEBUG: importing plugin module ipaserver.plugins.host ipa: DEBUG: importing plugin module ipaserver.plugins.hostgroup ipa: DEBUG: importing plugin module ipaserver.plugins.idrange ipa: DEBUG: importing plugin module ipaserver.plugins.idviews ipa: DEBUG: importing plugin module ipaserver.plugins.internal ipa: DEBUG: importing plugin module ipaserver.plugins.join ipa: DEBUG: importing plugin module ipaserver.plugins.krbtpolicy ipa: DEBUG: importing plugin module ipaserver.plugins.ldap2 ipa: DEBUG: importing plugin module ipaserver.plugins.location ipa: DEBUG: importing plugin module ipaserver.plugins.migration ipa: DEBUG: importing plugin module ipaserver.plugins.misc ipa: DEBUG: importing plugin module ipaserver.plugins.netgroup ipa: DEBUG: importing plugin module ipaserver.plugins.otp ipa: DEBUG: ipaserver.plugins.otp is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.otpconfig ipa: DEBUG: importing plugin module ipaserver.plugins.otptoken ipa: DEBUG: importing plugin module ipaserver.plugins.passwd ipa: DEBUG: importing plugin module ipaserver.plugins.permission ipa: DEBUG: importing plugin module ipaserver.plugins.ping ipa: DEBUG: importing plugin module ipaserver.plugins.pkinit ipa: DEBUG: ipaserver.plugins.pkinit is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.privilege ipa: DEBUG: importing plugin module ipaserver.plugins.pwpolicy ipa: DEBUG: Starting external process ipa: DEBUG: args=klist -V ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=Kerberos 5 version 1.14.1 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module ipaserver.plugins.rabase ipa: DEBUG: ipaserver.plugins.rabase is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.radiusproxy ipa: DEBUG: importing plugin module ipaserver.plugins.realmdomains ipa: DEBUG: importing plugin module ipaserver.plugins.role ipa: DEBUG: importing plugin module ipaserver.plugins.schema ipa: DEBUG: importing plugin module ipaserver.plugins.selfservice ipa: DEBUG: importing plugin module ipaserver.plugins.selinuxusermap ipa: DEBUG: importing plugin module ipaserver.plugins.server ipa: DEBUG: importing plugin module ipaserver.plugins.serverrole ipa: DEBUG: importing plugin module ipaserver.plugins.serverroles ipa: DEBUG: importing plugin module ipaserver.plugins.service ipa: DEBUG: importing plugin module ipaserver.plugins.servicedelegation ipa: DEBUG: importing plugin module ipaserver.plugins.session ipa: DEBUG: importing plugin module ipaserver.plugins.stageuser ipa: DEBUG: importing plugin module ipaserver.plugins.sudo ipa: DEBUG: ipaserver.plugins.sudo is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.sudocmd ipa: DEBUG: importing plugin module ipaserver.plugins.sudocmdgroup ipa: DEBUG: importing plugin module ipaserver.plugins.sudorule ipa: DEBUG: importing plugin module ipaserver.plugins.topology ipa: DEBUG: importing plugin module ipaserver.plugins.trust ipa: DEBUG: importing plugin module ipaserver.plugins.user ipa: DEBUG: importing plugin module ipaserver.plugins.vault ipa: DEBUG: importing plugin module ipaserver.plugins.virtual ipa: DEBUG: ipaserver.plugins.virtual is not a valid plugin module ipa: DEBUG: importing plugin module ipaserver.plugins.xmlserver ipa.ipapython.ipaldap.SchemaCache: DEBUG: flushing ldapi://%2fvar%2frun%2fslapd-DOMAIN-COM.socket from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-DOMAIN-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c178c0> Directory Manager (existing master) password: ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Created connection context.ldap2_49561488 ipa.ipaserver.plugins.cert.ca_is_enabled: DEBUG: raw: ca_is_enabled(version=u'2.213') ipa.ipaserver.plugins.cert.ca_is_enabled: DEBUG: ca_is_enabled(version=u'2.213') ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Destroyed connection context.ldap2_49561488 ipa: DEBUG: Search DNS for auth-1.domain.com ipa: DEBUG: Check if auth-1.domain.com is not a CNAME ipa: DEBUG: Check reverse address of 192.168.2.251 ipa: DEBUG: Found reverse name: auth-1.domain.com ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: INFO: If you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well. ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 169, in execute self.ask_for_options() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", line 342, in ask_for_options raise admintool.ScriptError("The replica must be created on the " ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The ipa-replica-prepare command failed, exception: ScriptError: The replica must be created on the primary IPA server. ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: The replica must be created on the primary IPA server. ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: The ipa-replica-prepare command failed. So if i cannot create a replica prepare file i cannot create a new replica and hence not migrate the current dying vm server(freeipa) to the new vmware vm. What can i do?? I am running freeipa v4 on current replica. I have too many servers and user to start from scratch.. Any help appreciated... Thanks to all! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org