HI,

on master server and replica server, i have enabled ipv6

below on master server

[root@zkwipamstr01 ~]# ip addr | grep inet6

    inet6 fe80::250:56ff:fea0:3857/64 scope link

[root@zkwipamstr01 ~]# systemctl restart pki-tomcatd@pki-tomcat
[root@zkwipamstr01 ~]# netstat -tunap | grep 8009
tcp6       0      0 ::1:8009                :::*                    LISTEN
     12692/java


after that 8009 is listening on master server.

on replica side uninstalled ipa and tried to enrolled again. Do i need to
enable any service replica side?

[28/44]: restarting directory server
ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service' returned non-zero
exit status 1). See the installation log for details.
  [29/44]: setting up initial replication
  [error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
Connection refused
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
[root@zkwiparepa01 ~]# systemctl restart pki-tomcatd@pki-tomcat
Job for pki-tomcatd@pki-tomcat.service failed because the control process
exited with error code. See "systemctl status pki-tomcatd@pki-tomcat.service"
and "journalctl -xe" for details.

Still same error.

is this service restart pki-tomcatd@pki-tomcat only applicable on master
server?

Regards,
Ben


On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvobo...@redhat.com> wrote:

> On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > HI
> >
> > yes i did the same and still port is not listening.
> >
> > [root@zkwipamstr01 ~]# cat /etc/hosts
> > 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> > ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> example.com>
> >     zkwipamstr01
> > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> >     zkwiparepa01
> > [root@zkwipamstr01 ~]# systemctl restart pki-tomcatd@pki-tomcat
> > [root@zkwipamstr01 ~]# netstat -tunap | grep 8009
> >
> >
> > Regards
> > Ben
>
> Also IPv6 stack needs to be enabled.
>
> >
> > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftwee...@redhat.com
> > <mailto:ftwee...@redhat.com>> wrote:
> >
> >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> >     > HI
> >     >
> >     > port 8009 is not listening in master server
> >     >
> >     > and i added ::1         localhost localhost.localdomain localhost6
> >     > localhost6.localdomain6 in hosts file.
> >     >
> >
> >     Did you add this to the host file on the master (then `systemctl
> >     restart pki-tomcatd@pki-tomcat` and confirm it is listening on port
> >     8009)?  Or just the client you are trying to promote?
> >
> >     It is needed on the master.  Won't hurt to make this change to
> >     /etc/hosts on both machines, though.
> >
> >     HTH,
> >     Fraser
> >
> >      > still getting same error
> >      >
> >      >  [28/44]: restarting directory server
> >      > ipa         : CRITICAL Failed to restart the directory server
> (Command
> >      > '/bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service' returned
> non-zero
> >      > exit status 1). See the installation log for details.
> >      >   [29/44]: setting up initial replication
> >      >   [error] error: [Errno 111] Connection refused
> >      > Your system may be partly configured.
> >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >      >
> >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno
> 111]
> >      > Connection refused
> >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> >      > ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for
> >      > more information
> >      >
> >      >
> >      > Also  ipv6 is disabled on both nodes
> >      >
> >      > Regards,
> >      > Ben
> >      >
> >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
> pvobo...@redhat.com
> >     <mailto:pvobo...@redhat.com>> wrote:
> >      >
> >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> >      > > > HI
> >      > > >
> >      > > > i tried the method mentioned on that document and it end up
> with below
> >      > > error. My
> >      > > > DNS is managed by external box and i dont want to create any
> DNS record
> >      > > on these
> >      > > > servers.
> >      > > >
> >      > > > and the command which i tried is(non client server)
> >      > > >
> >      > > > ipa-replica-install --principal admin --admin-password
> P@ssw0rd --domain
> >      > > > kw.example.com <http://kw.example.com> <http://kw.example.com>
> --server
> >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.example.com
> >
> >      > > > <http://zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> example.com>>
> >      > > >
> >      > > >
> >      > > >
> >      > > > ipa         : CRITICAL Failed to restart the directory server
> (Command
> >      > > > '/bin/systemctl restart dirsrv@KW-EXAMPLE-COM.service'
> returned
> >      > > non-zero exit
> >      > > > status 1). See the installation log for details.
> >      > > >    [29/44]: setting up initial replication
> >      > > >    [error] error: [Errno 111] Connection refused
> >      > > > Your system may be partly configured.
> >      > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >      > > >
> >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> [Errno 111]
> >      > > Connection
> >      > > > refused
> >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> >      > > > ipa-replica-install command failed. See
> /var/log/ipareplica-install.log
> >      > > for more
> >      > > > information
> >      > >
> >      > > This looks like bug https://fedorahosted.org/
> freeipa/ticket/6575
> >     <https://fedorahosted.org/freeipa/ticket/6575>
> >      > >
> >      > > To verify that, could you check if master server internally
> listens on
> >      > > port 8009 or if ipareplica-install.log contains CA_UNREACHABLE
> string
> >      > > near  step 27.
> >      > >
> >      > > Usual fix is to add following line to /etc/hosts
> >      > >   ::1         localhost localhost.localdomain localhost6
> >      > > localhost6.localdomain6
> >      > >
> >      > >
> >      > > > [root@zkwiparepa01 ~]# /bin/systemctl restart
> >      > > dirsrv@KW-EXAMPLE-COM.service
> >      > > > Job for dirsrv@KW-EXAMPLE-COM.service failed because the
> control
> >      > > process exited
> >      > > > with error code. See "systemctl status
> dirsrv@KW-EXAMPLE-COM.service"
> >      > > and
> >      > > > "journalctl -xe" for details.
> >      > > >
> >      > > > [root@zkwiparepa01 ~]# systemctl status
> dirsrv@KW-EXAMPLE-COM.service
> >      > > > ‚óŹ dirsrv@KW-EXAMPLE-COM.service - 389 Directory Server
> KW-EXAMPLE-COM.
> >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service;
> enabled;
> >      > > vendor
> >      > > > preset: disabled)
> >      > > >     Active: failed (Result: exit-code) since Wed 2017-01-04
> 12:54:46
> >      > > AST; 13s ago
> >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> /etc/dirsrv/slapd-%i -i
> >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
> >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
> systemd_ask_password_acl
> >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
> >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> >      > > >
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300]
> Error:
> >      > > > betxnpostoperation plu...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300]
> Error: object
> >      > > plugin
> >      > > > Roles Pl...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300]
> Error:
> >      > > preoperation
> >      > > > plugin su...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300]
> Error: object
> >      > > plugin USN
> >      > > > is n...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300]
> Error: object
> >      > > plugin
> >      > > > Views is...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300]
> Error:
> >      > > extendedop plugin
> >      > > > whoa...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: dirsrv@KW-EXAMPLE-COM.service: main process
> exited,
> >      > > code=exited,
> >      > > > status=1/FAILURE
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: Failed to start 389 Directory Server
> KW-EXAMPLE-COM..
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: Unit dirsrv@KW-EXAMPLE-COM.service entered
> failed state.
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: dirsrv@KW-EXAMPLE-COM.service failed.
> >      > > > Hint: Some lines were ellipsized, use -l to show in full.
> >      > > >
> >      > > >
> >      > > >
> >      > > > Regards,
> >      > > > Ben
> >      > > >
> >      > > >
> >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> mbabi...@redhat.com
> >     <mailto:mbabi...@redhat.com>
> >      > > > <mailto:mbabi...@redhat.com <mailto:mbabi...@redhat.com>>>
> wrote:
> >      > > >
> >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> >      > > >
> >      > > >         HI
> >      > > >
> >      > > >         while trying to create ipa replica, i am getting
> below error,
> >      > > >
> >      > > >         Replica creation using 'ipa-replica-prepare' to
> generate replica
> >      > > file
> >      > > >         is supported only in 0-level IPA domain.
> >      > > >
> >      > > >         The current IPA domain level is 1 and thus the
> replica must
> >      > > >         be created by promoting an existing IPA client.
> >      > > >
> >      > > >         To set up a replica use the following procedure:
> >      > > >              1.) set up a client on the host using
> 'ipa-client-install'
> >      > > >              2.) promote the client to replica running
> >      > > 'ipa-replica-install'
> >      > > >                  *without* replica file specified
> >      > > >
> >      > > >         'ipa-replica-prepare' is allowed only in domain level
> 0
> >      > > >         The ipa-replica-prepare command failed.
> >      > > >
> >      > > >
> >      > > >         i have IPA master server without AD integration and
> DNS is
> >      > > managed by
> >      > > >         3rd party appliances.
> >      > > >
> >      > > >
> >      > > >
> >      > > >         Regards,
> >      > > >         Ben
> >      > > >
> >      > > >
> >      > > >
> >      > > >     Hi Ben,
> >      > > >
> >      > > >     If you installed IPA 4.4 server then domain level 1 is
> the default.
> >      > > This
> >      > > >     domain level uses different mechanism to stand up
> replicas. See the
> >      > > latest
> >      > > >     IdM documentation[1] for more details.
> >      > > >
> >      > > >     [1]
> >      > > > https://access.redhat.com/documentation/en-US/Red_Hat_
> >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> Authentication_and_Policy_
> >      > > Guide/creating-the-replica.html
> >      > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_
> >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> Authentication_and_Policy_
> >      > > Guide/creating-the-replica.html>
> >      > > >
> >      > > >     --
> >      > > >     Martin^3 Babinsky
> >      > > >
> >      > > >     --
> >      > > >     Manage your subscription for the Freeipa-users mailing
> list:
> >      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >      > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
> >      > > >     Go to http://freeipa.org for more info on the project
> >      > > >
> >      > > >
> >      > > >
> >      > > >
> >      > >
> >      > >
> >      > > --
> >      > > Petr Vobornik
> >      > >
> >
> >      > --
> >      > Manage your subscription for the Freeipa-users mailing list:
> >      > https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >      > Go to http://freeipa.org for more info on the project
> >
> >
>
>
> --
> Petr Vobornik
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to