On 06/01/18 19:54, lejeczek via FreeIPA-users wrote:
hi
I'm trying to install replica, process fails:
..
[3/5]: creating anonymous principal
[4/5]: starting the KDC
[5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
[1/3]: configuring TLS for DS instance
[error] RuntimeError: Certificate issuance failed
(CA_UNREACHABLE)
Your system may be partly configured.
..
-- end
and in intall log file:
..
2018-01-06T13:50:29Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -A -n
PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -t CT,C,C -a -f
/etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
2018-01-06T13:50:29Z DEBUG Process finished, return code=0
2018-01-06T13:50:29Z DEBUG stdout=
2018-01-06T13:50:29Z DEBUG stderr=
2018-01-06T13:50:30Z DEBUG certmonger request is in state
dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1)
2018-01-06T13:50:35Z DEBUG certmonger request is in state
dbus.String(u'CA_UNREACHABLE', variant_level=1)
2018-01-06T13:50:35Z DEBUG Traxx.ck (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 504, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 494, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 824, in __enable_ssl
post_command=cmd)
File
"/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py",
line 317, in request_and_wait_for_cert
raise RuntimeError("Certificate issuance failed
({})".format(state))
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
2018-01-06T13:50:35Z DEBUG [error] RuntimeError:
Certificate issuance failed (CA_UNREACHABLE)
2018-01-06T13:50:35Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py",
line 172, in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
line 333, in run
cfgr.run()
File "/usr/lib/python2.7/site-
...
-- end
Would this be that new candidate's problem or some
communication issues with existing server? Client
installed (kind of)okey though.
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
I might have missed this(if reveals some more?) in dirsrv on
"working" newly installed server, at the time of -
ipa-replica-install --no-ntp
...
Configuring directory server (dirsrv)
[1/3]: configuring TLS for DS instance
[error] RuntimeError: Certificate issuance failed
(CA_UNREACHABLE)
Server dirsrv errors log file:
...
[11/Jan/2018:11:42:49.118819569 +0000] - NOTICE -
NSMMReplicationPlugin - changelog program - _cl5ConstructRUV
- Rebuilding replication changelog RUV complete. Result 0
(Success)
[11/Jan/2018:11:42:49.120916672 +0000] - NOTICE -
NSMMReplicationPlugin - changelog program - _cl5ConstructRUV
- Rebuilding the replication changelog RUV, this may take
several minutes...
[11/Jan/2018:11:42:49.122618751 +0000] - NOTICE -
NSMMReplicationPlugin - changelog program - _cl5ConstructRUV
- Rebuilding replication changelog RUV complete. Result 0
(Success)
[11/Jan/2018:11:42:49.219688584 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=104
op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:42:49.242628179 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=105
op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:42:50.789296435 +0000] - INFO -
NSMMReplicationPlugin - repl5_tot_run - Beginning total
update of replica
"agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)".
[11/Jan/2018:11:42:50.793594364 +0000] - NOTICE -
NSMMReplicationPlugin - replica_subentry_check - Need to
create replication keep alive entry <cn=repl keep alive
4,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x>
[11/Jan/2018:11:42:50.795313633 +0000] - INFO -
NSMMReplicationPlugin - replica_subentry_create - add dn:
cn=repl keep alive
4,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x
objectclass: top
objectclass: ldapsubentry
objectclass: extensibleObject
cn: repl keep alive 4
[11/Jan/2018:11:42:53.955962624 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=106
op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:42:55.159161994 +0000] - INFO -
NSMMReplicationPlugin - repl5_tot_run - Finished total
update of replica
"agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)".
Sent 471 entries.
[11/Jan/2018:11:42:56.970750501 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=106
op=6 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:43:02.041747211 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=107
op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:43:05.054749534 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=107
op=6 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:43:11.099143389 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=107
op=7 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:43:23.153766360 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=107
op=9 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
[11/Jan/2018:11:43:47.262418191 +0000] - ERR -
NSMMReplicationPlugin -
multimaster_extop_StartNSDS50ReplicationRequest - conn=107
op=11
replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x":
Unable to acquire replica: error: permission denied
Does above help to explain as what might be wrong?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
