Dear all, We still struggle with the same error to setup our replication.
As we do not know if this is a setup problem or a bug, we would be happy to get some feedback before filling a bug report if needed. Best, Christian On Mon, 2020-06-15 at 17:09 -0700, Christian Mertes via FreeIPA-users wrote: > Dear all, > > we tried to setup our first replica for our current ipa installation > but failed with > > RuntimeError: Failed to start replication > > Our main instance is running on Scientific Linux 7 and is already 4 > years old but kept always up-to-date and served us with no problems. > > We followed the steps lined out in the documentation: > https://www.freeipa.org/page/V4/Replica_Setup > But we always fail at the point where the replication starts. > > ~# ipa-replica-install > Run connection check to master > Connection check OK > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 30 seconds > [1/42]: creating directory server instance > [2/42]: enabling ldapi > [3/42]: configure autobind for root > [4/42]: stopping directory server > [5/42]: updating configuration in dse.ldif > [6/42]: starting directory server > [7/42]: adding default schema > [8/42]: enabling memberof plugin > [9/42]: enabling winsync plugin > [10/42]: configure password logging > [11/42]: configuring replication version plugin > [12/42]: enabling IPA enrollment plugin > [13/42]: configuring uniqueness plugin > [14/42]: configuring uuid plugin > [15/42]: configuring modrdn plugin > [16/42]: configuring DNS plugin > [17/42]: enabling entryUSN plugin > [18/42]: configuring lockout plugin > [19/42]: configuring topology plugin > [20/42]: creating indices > [21/42]: enabling referential integrity plugin > [22/42]: configuring certmap.conf > [23/42]: configure new location for managed entries > [24/42]: configure dirsrv ccache > [25/42]: enabling SASL mapping fallback > [26/42]: restarting directory server > [27/42]: creating DS keytab > [28/42]: ignore time skew for initial replication > [29/42]: setting up initial replication > Starting replication, please wait until this has completed. > Update in progress, 15 seconds elapsed > [ldap://freeipa.xxx.xxx.xxx:389] reports: Update failed! Status: > [Error (-2) - LDAP error: Local error] > > [error] RuntimeError: Failed to start replication > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipapython.admintool: ERROR Failed to start replication > ipapython.admintool: ERROR The ipa-replica-install command failed. > See /var/log/ipareplica-install.log for more information > > We tried to debug it a bit but did not come far. Somehow our master > fails to acquire the replica for a total update (error log from > dirsrv on main): > > [16/Jun/2020:01:26:00.049005795 +0200] - WARN - NSMMReplicationPlugin > - repl5_tot_run - Unable to acquire replica for total update, error: > -2, retrying in 1 seconds. > [16/Jun/2020:01:26:01.080674785 +0200] - WARN - NSMMReplicationPlugin > - repl5_tot_run - Unable to acquire replica for total update, error: > -2, retrying in 2 seconds. > [16/Jun/2020:01:26:03.115527897 +0200] - WARN - NSMMReplicationPlugin > - repl5_tot_run - Unable to acquire replica for total update, error: > -2, retrying in 3 seconds. > [16/Jun/2020:01:26:06.137927640 +0200] - WARN - NSMMReplicationPlugin > - repl5_tot_run - Unable to acquire replica for total update, error: > -2, retrying in 4 seconds. > [16/Jun/2020:01:26:10.167358832 +0200] - WARN - NSMMReplicationPlugin > - repl5_tot_run - Unable to acquire replica for total update, error: > -2, retrying in 5 seconds. > > I guess the error log on the replica is intended, since we just > started to replicate it > > [16/Jun/2020:01:26:00.674747749 +0200] - WARN - NSMMReplicationPlugin > - repl5_inc_run - agmt="cn=meTofreeipa.xxx.xxx.xxx" (freeipa:389): > The remote replica has a different database generation ID than the > local database. You may have to reinitialize the remote replica, or > the local replica. > > As we do not know if this is a bug or just a configuration issue on > our side, we would appreciate any help or hints on this. > The times are synchronized btw. > To make sure we, did the the right things we tried successfully > everything with a fresh installation within a VM network using CentOS > 7 images. > > For more details I attached the install log and the error log from > our dirsrv. If you need further logs please let me know. > > Some additional information from our system (our main instance): > > # lsb_release -a > LSB Version: :core-4.1-amd64:core-4.1-noarch > Distributor ID: Scientific > Description: Scientific Linux release 7.8 (Nitrogen) > Release: 7.8 > Codename: Nitrogen > # ipa --version > VERSION: 4.8.7, API_VERSION: 2.239 > # yum list installed "ipa-server" > Loaded plugins: fastestmirror, langpacks > Loading mirror speeds from cached hostfile > * epel > * sl > * sl-fastbugs > * sl-security > Installed Packages > ipa-server.x86_64 4.6.6-11.sl7 @sl > > And from our replica system: > > # lsb_release -a > LSB Version: :core-4.1-amd64:core-4.1-noarch > Distributor ID: CentOS > Description: CentOS Linux release 7.8.2003 (Core) > Release: 7.8.2003 > Codename: Core > # ipa --version > VERSION: 4.6.6, API_VERSION: 2.231 > # yum list installed ipa-server > Loaded plugins: fastestmirror > Loading mirror speeds from cached hostfile > * base: > * elrepo: > * epel: > * extras: > * updates: > Installed Packages > ipa-server.x86_64 4.6.6-11.el7.centos @base > > I'm just puzzled a bit by the difference in version number on the > master. Could that be an issue and if so how to solve this? > > Best, > Christian > > -- > Christian Mertes | PhD Student / Lab Administrator > > Gagneur Lab - Computational Genomics > I12 - Department of Informa ti > Technical University of Munich > Boltzmannstr. 3, 85748 Garching, Germany > > [email protected] | https://in.tum.de/gagneurlab > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] -- Christian Mertes | PhD Student / Lab Administrator Gagneur Lab | Computation Molecular Medicine I29 - Department of Informatics Technical University of Munich Boltzmannstr. 3, 85748, Garching, Germany [email protected] | https://in.tum.de/gagneurlab/ _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
