Hi,

I had this recently and it drove me nuts...might want to take more 
knowledgeable ppls than me advice on the process below to make sure its sane/OK.

8><---
[21/30]: setting up initial replication Starting replication, please wait until 
this has completed. [vuwunicoipam002.ods.vuw.ac.nz]

reports: Update failed! Status: [-2 - System error] creation of replica failed:
Failed to start replication Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up. [root@vuwunicoipam001 
replica]#

The --uninstall seems to not clean up and remove some data in the ldap and a 
new machine fails to re-join.  Something to do with tombstone references and I 
suppose other junk (to deep and techy for me).

So, run the IPA-server-install --uninstall twice or thrice.

Then look for ldap data on the problem replica (ipam001) server,

ldapmodify -x -D "cn=directory manager" -W <<EOF dn: 
cn=meTovuwunicoipam001.ods.vuw.ac.nz,cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dcom,cn=mapping
 tree,cn=config changetype: delete EOF

I then did this and got all this cw*p...

8><-----------
[root@vuwunicoipam002 jonesst1]# ldapsearch -xLLL -D "cn=directory manager" -W 
-b dc=ods,dc=vuw,dc=ac,dc=nz 
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' 
|grep ipam001
nsds50ruv: {replica 33 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 32 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 31 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 30 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 29 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 28 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 27 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 26 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 25 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}
nsds50ruv: {replica 24 ldap://vuwunicoipam001.ods.vuw.ac.nz:389}

etc

etc

I then cleaned them out with,

ldapmodify -x -D "cn=directory manager" -W  -f 0001-mod.ldif

more 0001-mod.ldif
dn: cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping 
tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANRUV33

rinse and repeat 32 etc to all.....

At that point I could get the ipa-replica command to work fine.



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Bret Wortman [bret.wort...@damascusgrp.com]
Sent: Wednesday, 12 December 2012 8:12 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa-replica-install fails

I'm working through them and may simply abandon the idea of automating the 
replica install.


On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal 
<d...@redhat.com<mailto:d...@redhat.com>> wrote:
On 12/11/2012 12:09 PM, Bret Wortman wrote:



On Tue, Dec 11, 2012 at 11:25 AM, Dmitri Pal 
<d...@redhat.com<mailto:d...@redhat.com>> wrote:
On 12/11/2012 10:53 AM, Bret Wortman wrote:
My replica install fails to create a DS instance:

:
[2/30]: creating directory server instance
ipa      : CRITICAL failed to create ds instance Command 
'/usr/sbin/setup-ds.pl<http://setup-ds.pl> --silent --logfile - -f 
/tmp/tmpp80GFc' returned non-zero exit status 1
[3/30]: adding default schema
:
:
[21/30]: setting up initial replication
Starting replication, please wait until this has completed.
[ipa.damascusgrp.com<http://ipa.damascusgrp.com>] reports: Update failed! 
Status: [-2 - System error]
creation of replica failed: Failed to start replication

What could cause the DS setup to fail?

SELinux policy for example, disk being out of space, previous install of DS 
that has not been properly cleaned, etc...


Please reply to the list.



getenforce returns "Disabled", the root filesystem has 3G free, and this was a 
fresh kickstarted cobbler/puppet install. It is true that it was running as an 
IPA client prior to installation of the IPA server package, but I don't think 
that would have resulted in a piece of DS laying around, would it?

It would not.



The system is a virt-manager VM, in case that's related. I'm using IPA-2.2.0 on 
F17, though I'm trying to get 3.1.0 to build.


Have you looked into the logs as I suggested?



And is the second error likely related as I believe it to be?

Yes.
Please look at the install logs, they might have more info about what is going 
on and why DS install failed.


--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman




--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>






--
Bret Wortman
The Damascus Group
Fairfax, VA
http://bretwortman.com/
http://twitter.com/BretWortman

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to