Hello, until today we had a ipa configuration with two directory servers (master/replica) up and running. But today unfortunately the replica could not synchronize and is since then unable to resynchronize.
I removed the replica from the master: ipa-replica-manage --force del methusalix2.cl.atix and then recreated the replica: ipa-replica-prepare methusalix2.cl.atix --ip-address=192.168.3.3 Directory Manager (existing master) password: Preparing replica for methusalix2.cl.atix from axinfra01-1.cl.atix Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg Adding DNS records for methusalix2.cl.atix Using reverse zone 3.168.192.in-addr.arpa. On the replica I then issued the proposed commands: [root@methusalix2 ~]# scp 192.168.40.102:/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg /var/lib/ipa/ root@192.168.40.102's password: Permission denied, please try again. root@192.168.40.102's password: replica-info-methusalix2.cl.atix.gpg 100% 28KB 28.4KB/s 00:00 [root@methusalix2 ~]# ipa-replica-install --debug --setup-dns --forwarder=.. --forwarder=.. /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg root : DEBUG /usr/sbin/ipa-replica-install was invoked with argument "/var/lib/ipa/replica-info-methusalix2.cl.atix.gpg" and options: {'no_forwarders': False, 'ui_redirect': True, 'reverse_zone': None, 'unattended': False, 'no_host_dns': False, 'no_reverse': False, 'setup_dns': True, 'setup_ca': False, 'forwarders': [CheckedIPAddress('..'), CheckedIPAddress('..')], 'debug': True, 'conf_ntp': True, 'skip_conncheck': False} root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' Directory Manager (existing master) password: root : DEBUG args=/usr/bin/gpg --batch --homedir /tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpvVcfupipa/files.tar -d /var/lib/ipa/replica-info-methusalix2.cl.atix.gpg root : DEBUG stdout= root : DEBUG stderr=gpg: WARNING: unsafe permissions on homedir `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg' gpg: keyring `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg/secring.gpg' created gpg: keyring `/tmp/tmpvVcfupipa/ipa-GEv1oL/.gnupg/pubring.gpg' created gpg: 3DES encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: message was not integrity protected .. Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master ad...@cl.atix password: Execute check on remote master Check connection from master to remote replica 'methusalix2.cl.atix': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK Connection from master to replica is OK. root : DEBUG args=/usr/sbin/ipa-replica-conncheck --master axinfra01-1.cl.atix --auto-master-check --realm CL.ATIX --principal admin --hostname methusalix2.cl.atix Connection check OK root : DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' root : DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' .. [21/29]: setting up initial replication root : DEBUG args=/sbin/service dirsrv restart CL-ATIX root : DEBUG stdout=Shutting down dirsrv: CL-ATIX... [ OK ] Starting dirsrv: CL-ATIX... [ OK ] root : DEBUG stderr= Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress Update in progress [axinfra01-1.cl.atix] reports: Update failed! Status: [-2 Total update abortedSystem error] creation of replica failed: Failed to start replication root : DEBUG Failed to start replication File "/usr/sbin/ipa-replica-install", line 482, in <module> main() File "/usr/sbin/ipa-replica-install", line 433, in main ds = install_replica_ds(config) File "/usr/sbin/ipa-replica-install", line 135, in install_replica_ds pkcs12_info) File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 284, in create_replica self.start_creation("Configuring directory server", 60) File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 248, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 297, in __setup_replica r_bindpw=self.dm_password) File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", line 694, in setup_replication raise RuntimeError("Failed to start replication") Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. On the master I only see the following: [15/May/2012:13:56:55 +0200] NSMMReplicationPlugin - agmt="cn=meTomethusalix2.cl.atix" (methusalix2:389): Replica has a different generation ID than the local data. I followed instructions from other posts with restarting the master and so on but without success. Any ideas how I can proceed? Thanks Marc. ______________________________________________________________________________ Marc Grimme E-Mail: gri...@atix.de _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users