On 01/04/2017 10:59 AM, Ben .T.George wrote:
> HI
> 
> i tried the method mentioned on that document and it end up with below error. 
> My 
> DNS is managed by external box and i dont want to create any DNS record on 
> these 
> servers.
> 
> and the command which i tried is(non client server)
> 
> ipa-replica-install --principal admin --admin-password P@ssw0rd --domain 
> kw.example.com <http://kw.example.com> --server zkwipamstr01.kw.example.com 
> <http://zkwipamstr01.kw.example.com>
> 
> 
> 
> ipa         : CRITICAL Failed to restart the directory server (Command 
> '/bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service' returned non-zero exit 
> status 1). See the installation log for details.
>    [29/44]: setting up initial replication
>    [error] error: [Errno 111] Connection refused
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111] 
> Connection 
> refused
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The 
> ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
> more 
> information

This looks like bug https://fedorahosted.org/freeipa/ticket/6575

To verify that, could you check if master server internally listens on
port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
near  step 27.

Usual fix is to add following line to /etc/hosts
  ::1         localhost localhost.localdomain localhost6
localhost6.localdomain6


> [root@zkwiparepa01 ~]# /bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service
> Job for dirsrv@KW-EXAMPLE-COM.service failed because the control process 
> exited 
> with error code. See "systemctl status dirsrv@KW-EXAMPLE-COM.service" and 
> "journalctl -xe" for details.
> 
> [root@zkwiparepa01 ~]# systemctl status dirsrv@KW-EXAMPLE-COM.service
> ‚óŹ dirsrv@KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
>     Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor 
> preset: disabled)
>     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46 AST; 13s 
> ago
>    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i 
> /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
>    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl 
> /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
>   Main PID: 14893 (code=exited, status=1/FAILURE)
> 
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error: 
> betxnpostoperation plu...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object plugin 
> Roles Pl...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error: preoperation 
> plugin su...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object plugin 
> USN 
> is n...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object plugin 
> Views is...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error: extendedop 
> plugin 
> whoa...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> systemd[1]: dirsrv@KW-EXAMPLE-COM.service: main process exited, code=exited, 
> status=1/FAILURE
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> systemd[1]: Unit dirsrv@KW-EXAMPLE-COM.service entered failed state.
> Jan 04 12:54:46 zkwiparepa01.kw.example.com 
> <http://zkwiparepa01.kw.example.com> 
> systemd[1]: dirsrv@KW-EXAMPLE-COM.service failed.
> Hint: Some lines were ellipsized, use -l to show in full.
> 
> 
> 
> Regards,
> Ben
> 
> 
> On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabi...@redhat.com 
> <mailto:mbabi...@redhat.com>> wrote:
> 
>     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> 
>         HI
> 
>         while trying to create ipa replica, i am getting below error,
> 
>         Replica creation using 'ipa-replica-prepare' to generate replica file
>         is supported only in 0-level IPA domain.
> 
>         The current IPA domain level is 1 and thus the replica must
>         be created by promoting an existing IPA client.
> 
>         To set up a replica use the following procedure:
>              1.) set up a client on the host using 'ipa-client-install'
>              2.) promote the client to replica running 'ipa-replica-install'
>                  *without* replica file specified
> 
>         'ipa-replica-prepare' is allowed only in domain level 0
>         The ipa-replica-prepare command failed.
> 
> 
>         i have IPA master server without AD integration and DNS is managed by
>         3rd party appliances.
> 
> 
> 
>         Regards,
>         Ben
> 
> 
> 
>     Hi Ben,
> 
>     If you installed IPA 4.4 server then domain level 1 is the default. This
>     domain level uses different mechanism to stand up replicas. See the latest
>     IdM documentation[1] for more details.
> 
>     [1]
>     
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html
>     
> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html>
> 
>     -- 
>     Martin^3 Babinsky
> 
>     -- 
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
> 
> 
> 
> 


-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to