William Muriithi via FreeIPA-users wrote: > Evening, > > I am attempting to setup a new replica this afternoon and it failed with > an error message that I haven't been able to decipher. Really haven't > been able to get past it as I can't figure out what really tripped the > setup? > > Have someone seen this in their logs and how did you go about fixing it? > > The complete logs are on > https://pastebin.pl/view/85208dbb > > 2020-09-28T20:12:34Z DEBUG Successfully updated nsDS5ReplicaId. > 2020-09-28T20:12:34Z DEBUG Add or update replica config > cn=replica,cn=dc\=external\,dc\=example\,dc\=com,cn=mapping tree,cn=config > 2020-09-28T20:12:34Z DEBUG Added replica config > cn=replica,cn=dc\=external\,dc\=example\,dc\=com,cn=mapping tree,cn=config > 2020-09-28T20:12:34Z DEBUG Add or update replica config > cn=replica,cn=dc\=external\,dc\=example\,dc\=com,cn=mapping tree,cn=config > 2020-09-28T20:12:34Z DEBUG No update to > cn=replica,cn=dc\=external\,dc\=example\,dc\=com,cn=mapping > tree,cn=config necessary > 2020-09-28T20:12:34Z DEBUG Waiting up to 300 seconds for replication > (ldapi://%2Fvar%2Frun%2Fslapd-EXTERNAL-EXAMPLE-COM.socket) > cn=meToneptune.external.example.com > <http://meToneptune.external.example.com>,cn=replica,cn=dc\=external\,dc\=example\,dc\=com,cn=mapping > tree,cn=config (objectclass=*) > 2020-09-28T20:12:34Z DEBUG Entry found > [LDAPEntry(ipapython.dn.DN('cn=meToneptune.external.example.com > <http://meToneptune.external.example.com>,cn=replica,cn=dc\=external\,dc\=example\,dc\=com,cn=mapping > tree,cn=config'), {'objectClass': [b'nsds5replicationagreement', > b'top'], 'cn': [b'meToneptune.external.example.com > <http://meToneptune.external.example.com>'], 'nsDS5ReplicaHost': > [b'neptune.external.example.com <http://neptune.external.example.com>'], > 'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout': [b'120'], > 'nsDS5ReplicaRoot': [b'dc=external,dc=example,dc=com'], 'description': > [b'me to neptune.external.example.com > <http://neptune.external.example.com>'], 'nsDS5ReplicatedAttributeList': > [b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn > krblastsuccessfulauth krblastfailedauth krbloginfailedcount'], > 'nsDS5ReplicaTransportInfo': [b'LDAP'], 'nsDS5ReplicaBindMethod': > [b'SASL/GSSAPI'], 'nsds5ReplicaStripAttrs': [b'modifiersName > modifyTimestamp internalModifiersName internalModifyTimestamp'], > 'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'], > 'nsds5replicareapactive': [b'0'], 'nsds5replicaLastUpdateStart': > [b'19700101000000Z'], 'nsds5replicaLastUpdateEnd': [b'19700101000000Z'], > 'nsds5replicaChangesSentSinceStartup': [b''], > 'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions > started since server startup'], 'nsds5replicaLastUpdateStatusJSON': > [b'{"state": "green", "ldap_rc": "0", "ldap_rc_text": "success", > "repl_rc": "0", "repl_rc_text": "replica acquired", "date": > "2020-09-28T20:12:34Z", "message": "Error (0) No replication sessions > started since server startup"}'], 'nsds5replicaUpdateInProgress': > [b'FALSE'], 'nsds5replicaLastInitStart': [b'19700101000000Z'], > 'nsds5replicaLastInitEnd': [b'19700101000000Z']})] > 2020-09-28T20:12:50Z DEBUG Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", > line 603, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", > line 589, in run_step > method() > File > "/usr/lib/python3.6/site-packages/ipaserver/install/dsinstance.py", line > 427, in __setup_replica > cacert=self.ca_file > File > "/usr/lib/python3.6/site-packages/ipaserver/install/replication.py", > line 1861, in setup_promote_replication > raise RuntimeError("Failed to start replication") > RuntimeError: Failed to start replication >
I'd suggest looking at both servers 389-ds access and errors log to see if anything is logged there. Based on the timestamps it looks like it is failing immediately. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
