(before the Netscape Replication Total update Entry began running away with the logfile):
[21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [21/May/2014:10:28:53 -0400] conn=2 op=3 MOD dn="cn=IPA Version Replication,cn=Plugins,cn=config" [21/May/2014:10:28:53 -0400] conn=2 op=3 RESULT err=0 tag=103 nentries=0 etime=0
[21/May/2014:10:28:53 -0400] conn=2 op=4 UNBIND On 05/21/2014 11:40 AM, Bret Wortman wrote:
On the new replica (asipa) I see in the access log almost 5000 entries like this:[21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update Entry" [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120 nentries=0 etime=0And these just repeat, increasing the "op" value until they terminate with this one. The rest of it just looks like informational messages.Over on zsipa (the CA master), errors contains:[21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema agmt="cn=meToasipa.foo.net" (asipa:389) must not be overwritten(set replication log for additional info) [21/May/2014:14:31:06 +0000] NSMMReplicationPlugin - agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to replicate schema: rc=1These two lines repeat at intervals for a while. Nothing else leapt out at me. On 05/21/2014 11:04 AM, Rob Crittenden wrote:Bret Wortman wrote:This occurs on our first attempt to join as a replica. I've erased this box and rebaselined it but the same thing happens. No network portsbeing blocked that we know of, and another replica I created at the sametime installed its replica file without issue. asipa is the new replica, zsipa is the ca and original master on which the replica file was created. [24/34]: setting up initial replication Starting replication, please wait until this has completed Update in progress, 130 seconds elapsed Update in progress yet not in progress [ipamaster.foo.net] reports: Update failed! Status: [10 Total update abortedLDAP error: Referral] Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Failed to start replication # /var/log/ipareplica-install.log contains this: 2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache url=ldaps://asipa.fopo.net:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4faf170> 2014-05-21T14:31:08Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 638, in run_script return_value = main_function() File "/usr/sbin/ipa-replica-install", line 663, in main ds = install_replica_ds(config)File "/usr/sbin/ipa-replica-install", line 188, in install_replica_dsca_file=config.dir + "/ca.crt", File"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line360 in create_replica self.start_creation(runtime=60)File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",line 364, in start_creation method() File"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line373, in __setup_replica r_bindpw=self.dm_password() File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 961, in setup_replication raise RuntimeError("Failed to start replication") 2014-0521T14:31:08Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Failed to start replication Any guidance on where to start looking?Check the 389-ds access and error logs on both masters. rob_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
