Thanks! I'll give your approach a try before I surrender.
On Tue, Dec 11, 2012 at 3:04 PM, Steven Jones <[email protected]>wrote: > Hi, > > I had this recently and it drove me nuts...might want to take more > knowledgeable ppls than me advice on the process below to make sure its > sane/OK. > > 8><--- > [21/30]: setting up initial replication Starting replication, please wait > until this has completed. [vuwunicoipam002.ods.vuw.ac.nz] > > reports: Update failed! Status: [-2 - System error] creation of replica > failed: > Failed to start replication Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > [root@vuwunicoipam001 replica]# > > The --uninstall seems to not clean up and remove some data in the ldap and > a new machine fails to re-join. Something to do with tombstone references > and I suppose other junk (to deep and techy for me). > > So, run the IPA-server-install --uninstall twice or thrice. > > Then look for ldap data on the problem replica (ipam001) server, > > ldapmodify -x -D "cn=directory manager" -W <<EOF dn: cn= > meTovuwunicoipam001.ods.vuw.ac.nz,cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dcom,cn=mapping > tree,cn=config changetype: delete EOF > > I then did this and got all this cw*p... > > 8><----------- > [root@vuwunicoipam002 jonesst1]# ldapsearch -xLLL -D "cn=directory > manager" -W -b dc=ods,dc=vuw,dc=ac,dc=nz > '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' > |grep ipam001 > nsds50ruv: {replica 33 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 32 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 31 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 30 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 29 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 28 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 27 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 26 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 25 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > nsds50ruv: {replica 24 ldap://vuwunicoipam001.ods.vuw.ac.nz:389} > > etc > > etc > > I then cleaned them out with, > > ldapmodify -x -D "cn=directory manager" -W -f 0001-mod.ldif > > more 0001-mod.ldif > dn: cn=replica,cn=dc\3Dods\2Cdc\3Dvuw\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping > tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV33 > > rinse and repeat 32 etc to all..... > > At that point I could get the ipa-replica command to work fine. > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > ------------------------------ > *From:* [email protected] [[email protected]] > on behalf of Bret Wortman [[email protected]] > *Sent:* Wednesday, 12 December 2012 8:12 a.m. > *To:* [email protected] > *Subject:* Re: [Freeipa-users] ipa-replica-install fails > > I'm working through them and may simply abandon the idea of automating > the replica install. > > > On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal <[email protected]> wrote: > >> On 12/11/2012 12:09 PM, Bret Wortman wrote: >> >> >> >> >> On Tue, Dec 11, 2012 at 11:25 AM, Dmitri Pal <[email protected]> wrote: >> >>> On 12/11/2012 10:53 AM, Bret Wortman wrote: >>> >>> My replica install fails to create a DS instance: >>> >>> : >>> [2/30]: creating directory server instance >>> ipa : CRITICAL failed to create ds instance Command '/usr/sbin/ >>> setup-ds.pl --silent --logfile - -f /tmp/tmpp80GFc' returned non-zero >>> exit status 1 >>> [3/30]: adding default schema >>> : >>> : >>> [21/30]: setting up initial replication >>> Starting replication, please wait until this has completed. >>> [ipa.damascusgrp.com] reports: Update failed! Status: [-2 - System >>> error] >>> creation of replica failed: Failed to start replication >>> >>> What could cause the DS setup to fail? >>> >>> >>> SELinux policy for example, disk being out of space, previous install >>> of DS that has not been properly cleaned, etc... >>> >> >> >> Please reply to the list. >> >> >> >> getenforce returns "Disabled", the root filesystem has 3G free, and >> this was a fresh kickstarted cobbler/puppet install. It is true that it was >> running as an IPA client prior to installation of the IPA server package, >> but I don't think that would have resulted in a piece of DS laying around, >> would it? >> >> >> It would not. >> >> >> >> The system is a virt-manager VM, in case that's related. I'm using >> IPA-2.2.0 on F17, though I'm trying to get 3.1.0 to build. >> >> >> >> Have you looked into the logs as I suggested? >> >> >>> >>> And is the second error likely related as I believe it to be? >>> >>> Yes. >>> Please look at the install logs, they might have more info about what is >>> going on and why DS install failed. >>> >>> >>> -- >>> Bret Wortman >>> The Damascus Group >>> Fairfax, VA >>> http://bretwortman.com/ >>> http://twitter.com/BretWortman >>> >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing >>> [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager for IdM portfolio >>> Red Hat Inc. >>> >>> >>> ------------------------------- >>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/ >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >> >> >> >> -- >> Bret Wortman >> The Damascus Group >> Fairfax, VA >> http://bretwortman.com/ >> http://twitter.com/BretWortman >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs?www.redhat.com/carveoutcosts/ >> >> > > > -- > Bret Wortman > The Damascus Group > Fairfax, VA > http://bretwortman.com/ > http://twitter.com/BretWortman > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > -- Bret Wortman The Damascus Group Fairfax, VA http://bretwortman.com/ http://twitter.com/BretWortman
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
