On 01/11/2018 12:56 PM, lejeczek via FreeIPA-users wrote:


On 06/01/18 19:54, lejeczek via FreeIPA-users wrote:

hi

I'm trying to install replica, process fails:
..
  [3/5]: creating anonymous principal
  [4/5]: starting the KDC
  [5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
  [1/2]: starting kadmin
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
  [1/3]: configuring TLS for DS instance
  [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Your system may be partly configured.
..
-- end

and in intall log file:
..
2018-01-06T13:50:29Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -A -n PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt
2018-01-06T13:50:29Z DEBUG Process finished, return code=0
2018-01-06T13:50:29Z DEBUG stdout=
2018-01-06T13:50:29Z DEBUG stderr=
2018-01-06T13:50:30Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1) 2018-01-06T13:50:35Z DEBUG certmonger request is in state dbus.String(u'CA_UNREACHABLE', variant_level=1)
2018-01-06T13:50:35Z DEBUG Traxx.ck (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 824, in __enable_ssl
    post_command=cmd)
  File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 317, in request_and_wait_for_cert
    raise RuntimeError("Certificate issuance failed ({})".format(state))
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)

2018-01-06T13:50:35Z DEBUG   [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) 2018-01-06T13:50:35Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-
...
-- end

Would this be that new candidate's problem or some communication issues with existing server? Client installed (kind of)okey though.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

I might have missed this(if reveals some more?) in dirsrv on "working" newly installed server, at the time of - ipa-replica-install --no-ntp
...
Configuring directory server (dirsrv)
   [1/3]: configuring TLS for DS instance
   [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE)

I must admit that I'm getting lost among all the errors... Can you summarize your topology (for instance server A installed as first IPA master, then server B successfully configured as a replica, then server C where I tried to run ipa-replica-install but the command failed).

This way we'll be able to sort out the various issues.

Thanks,
Flo

Server dirsrv errors log file:
...
[11/Jan/2018:11:42:49.118819569 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete.  Result 0 (Success) [11/Jan/2018:11:42:49.120916672 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding the replication changelog RUV, this may take several minutes... [11/Jan/2018:11:42:49.122618751 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete.  Result 0 (Success) [11/Jan/2018:11:42:49.219688584 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=104 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:42:49.242628179 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=105 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:42:50.789296435 +0000] - INFO - NSMMReplicationPlugin - repl5_tot_run - Beginning total update of replica "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". [11/Jan/2018:11:42:50.793594364 +0000] - NOTICE - NSMMReplicationPlugin - replica_subentry_check - Need to create replication keep alive entry <cn=repl keep alive 4,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x> [11/Jan/2018:11:42:50.795313633 +0000] - INFO - NSMMReplicationPlugin - replica_subentry_create - add dn: cn=repl keep alive 4,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x
objectclass: top
objectclass: ldapsubentry
objectclass: extensibleObject
cn: repl keep alive 4
[11/Jan/2018:11:42:53.955962624 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=106 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:42:55.159161994 +0000] - INFO - NSMMReplicationPlugin - repl5_tot_run - Finished total update of replica "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". Sent 471 entries. [11/Jan/2018:11:42:56.970750501 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=106 op=6 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:02.041747211 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:05.054749534 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=6 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:11.099143389 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=7 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:23.153766360 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=9 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:47.262418191 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=11 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied

Does above help to explain as what might be wrong?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to