Hello,
until today we had a ipa configuration with two directory servers
(master/replica) up and running.
But today unfortunately the replica could not synchronize and is since then
unable to resynchronize.
I removed the replica from the master:
ipa-replica-manage --force del methusalix2.cl.atix
and then recreated the replica:
ipa-replica-prepare methusalix2.cl.atix --ip-address=192.168.3.3
Directory Manager (existing master) password:
Preparing replica for methusalix2.cl.atix from axinfra01-1.cl.atix
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into
/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg
Adding DNS records for methusalix2.cl.atix
Using reverse zone 3.168.192.in-addr.arpa.
On the replica I then issued the proposed commands:
[root@methusalix2 ~]# scp
192.168.40.102:/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg /var/lib/ipa/
root@192.168.40.102's password:
Permission denied, please try again.
root@192.168.40.102's password:
replica-info-methusalix2.cl.atix.gpg
100% 28KB 28.4KB/s 00:00
[root@methusalix2 ~]# ipa-replica-install --debug --setup-dns --forwarder=..
--forwarder=.. /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg
root : DEBUG /usr/sbin/ipa-replica-install was invoked with argument
"/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg" and options:
{'no_forwarders': False, 'ui_redirect': True, 'reverse_zone': None,
'unattended': False, 'no_host_dns': False, 'no_reverse': False, 'setup_dns':
True, 'setup_ca': False, 'forwarders': [CheckedIPAddress('..'),
CheckedIPAddress('..')], 'debug': True, 'conf_ntp': True, 'skip_conncheck':
False}
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
Directory Manager (existing master) password:
root : DEBUG args=/usr/bin/gpg --batch --homedir
/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg --passphrase-fd 0 --yes --no-tty -o
/tmp/tmpvVcfupipa/files.tar -d /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg
root : DEBUG stdout=
root : DEBUG stderr=gpg: WARNING: unsafe permissions on homedir
`/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg'
gpg: keyring `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg/secring.gpg' created
gpg: keyring `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg/pubring.gpg' created
gpg: 3DES encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
..
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
ad...@cl.atix password:
Execute check on remote master
Check connection from master to remote replica 'methusalix2.cl.atix':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: port 80 (80): OK
HTTP Server: port 443(https) (443): OK
Connection from master to replica is OK.
root : DEBUG args=/usr/sbin/ipa-replica-conncheck --master
axinfra01-1.cl.atix --auto-master-check --realm CL.ATIX --principal admin
--hostname methusalix2.cl.atix
Connection check OK
root : DEBUG importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
root : DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
..
[21/29]: setting up initial replication
root : DEBUG args=/sbin/service dirsrv restart CL-ATIX
root : DEBUG stdout=Shutting down dirsrv:
CL-ATIX... [ OK ]
Starting dirsrv:
CL-ATIX... [ OK ]
root : DEBUG stderr=
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
[axinfra01-1.cl.atix] reports: Update failed! Status: [-2 Total update
abortedSystem error]
creation of replica failed: Failed to start replication
root : DEBUG Failed to start replication
File "/usr/sbin/ipa-replica-install", line 482, in <module>
main()
File "/usr/sbin/ipa-replica-install", line 433, in main
ds = install_replica_ds(config)
File "/usr/sbin/ipa-replica-install", line 135, in install_replica_ds
pkcs12_info)
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line
284, in create_replica
self.start_creation("Configuring directory server", 60)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
248, in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line
297, in __setup_replica
r_bindpw=self.dm_password)
File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py",
line 694, in setup_replication
raise RuntimeError("Failed to start replication")
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
On the master I only see the following:
[15/May/2012:13:56:55 +0200] NSMMReplicationPlugin -
agmt="cn=meTomethusalix2.cl.atix" (methusalix2:389): Replica has a different
generation ID than the local data.
I followed instructions from other posts with restarting the master and so on
but without success.
Any ideas how I can proceed?
Thanks
Marc.
______________________________________________________________________________
Marc Grimme
E-Mail: gri...@atix.de
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
