Might be another instance of this: https://fedorahosted.org/freeipa/ticket/6613
Jeff On Thu, Feb 16, 2017 at 11:21 AM, Tiemen Ruiten <t.rui...@rdmedia.com> wrote: > Hello, > > I'm trying to add a third replica to a FreeIPA 4.4 domain (level 1), but > I'm getting this error: > > [tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w "XXXXXXXXXX" >> --mkhomedir --setup-dns --forwarder 8.8.8.8 --forwarder 8.8.4.4 >> Checking DNS forwarders, please wait ... >> Run connection check to master >> Connection check OK >> Configuring NTP daemon (ntpd) >> [1/4]: stopping ntpd >> [2/4]: writing configuration >> [3/4]: configuring ntpd to start on boot >> [4/4]: starting ntpd >> Done configuring NTP daemon (ntpd). >> Configuring directory server (dirsrv). Estimated time: 1 minute >> [1/44]: creating directory server user >> [2/44]: creating directory server instance >> [3/44]: updating configuration in dse.ldif >> [4/44]: restarting directory server >> [5/44]: adding default schema >> [6/44]: enabling memberof plugin >> [7/44]: enabling winsync plugin >> [8/44]: configuring replication version plugin >> [9/44]: enabling IPA enrollment plugin >> [10/44]: enabling ldapi >> [11/44]: configuring uniqueness plugin >> [12/44]: configuring uuid plugin >> [13/44]: configuring modrdn plugin >> [14/44]: configuring DNS plugin >> [15/44]: enabling entryUSN plugin >> [16/44]: configuring lockout plugin >> [17/44]: configuring topology plugin >> [18/44]: creating indices >> [19/44]: enabling referential integrity plugin >> [20/44]: configuring certmap.conf >> [21/44]: configure autobind for root >> [22/44]: configure new location for managed entries >> [23/44]: configure dirsrv ccache >> [24/44]: enabling SASL mapping fallback >> [25/44]: restarting directory server >> [26/44]: creating DS keytab >> [27/44]: retrieving DS Certificate >> [28/44]: restarting directory server >> ipa : CRITICAL Failed to restart the directory server (Command >> '/bin/systemctl restart dirsrv@IPA-RDMEDIA-COM.service' returned >> non-zero exit status 1). See the installation log for details. >> [29/44]: setting up initial replication >> [error] error: [Errno 111] Connection refused >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> ipa.ipapython.install.cli.install_tool(Replica): ERROR [Errno 111] >> Connection refused >> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >> ipa-replica-install command failed. See /var/log/ipareplica-install.log >> for more information > > > In /var/log/ipareplica-install.log we find: > > 2017-02-16T15:53:59Z DEBUG [27/44]: retrieving DS Certificate >> 2017-02-16T15:53:59Z DEBUG Loading Index file from >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2017-02-16T15:53:59Z DEBUG Starting external process >> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM IPA CA -a >> 2017-02-16T15:53:59Z DEBUG Process finished, return code=255 >> 2017-02-16T15:53:59Z DEBUG stdout= >> >> *2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find cert: >> IPA.RDMEDIA.COM <http://IPA.RDMEDIA.COM> IPA CA: PR_FILE_NOT_FOUND_ERROR: >> File not found* >> 2017-02-16T15:53:59Z DEBUG Starting external process >> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f /etc/dirsrv/slapd-IPA-RDMEDIA- >> COM//pwdfile.txt >> 2017-02-16T15:53:59Z DEBUG Process finished, return code=0 >> 2017-02-16T15:53:59Z DEBUG stdout= >> 2017-02-16T15:53:59Z DEBUG stderr= >> 2017-02-16T15:53:59Z DEBUG Starting external process >> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n IPA.RDMEDIA.COM IPA CA -t >> CT,C,C -a >> 2017-02-16T15:53:59Z DEBUG Process finished, return code=0 >> 2017-02-16T15:53:59Z DEBUG stdout= >> 2017-02-16T15:53:59Z DEBUG stderr= >> 2017-02-16T15:53:59Z DEBUG certmonger request is in state >> dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) >> 2017-02-16T15:54:04Z DEBUG certmonger request is in state >> dbus.String(u'CA_UNREACHABLE', variant_level=1) >> 2017-02-16T15:54:04Z DEBUG flushing >> ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket >> from SchemaCache >> 2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache >> url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket >> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74efd40> >> 2017-02-16T15:54:05Z DEBUG duration: 5 seconds >> 2017-02-16T15:54:05Z DEBUG [28/44]: restarting directory server >> 2017-02-16T15:54:05Z DEBUG Starting external process >> 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system daemon-reload >> 2017-02-16T15:54:05Z DEBUG Process finished, return code=0 >> 2017-02-16T15:54:05Z DEBUG stdout= >> 2017-02-16T15:54:05Z DEBUG stderr= >> 2017-02-16T15:54:05Z DEBUG Starting external process >> 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart >> dirsrv@IPA-RDMEDIA-COM.service >> 2017-02-16T15:54:06Z DEBUG Process finished, return code=1 >> 2017-02-16T15:54:06Z DEBUG stdout= >> 2017-02-16T15:54:06Z DEBUG stderr=Job for dirsrv@IPA-RDMEDIA-COM.service >> failed because the control process exited with error code. See "systemctl >> status dirsrv@IPA-RDMEDIA-COM.service" and "journalctl -xe" for details. >> 2017-02-16T15:54:06Z CRITICAL Failed to restart the directory server >> (Command '/bin/systemctl restart dirsrv@IPA-RDMEDIA-COM.service' >> returned non-zero exit status 1). See the installation log for details. >> 2017-02-16T15:54:06Z DEBUG duration: 1 seconds >> 2017-02-16T15:54:06Z DEBUG [29/44]: setting up initial replication >> 2017-02-16T15:54:16Z DEBUG Traceback (most recent call last): >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 449, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 439, in run_step >> method() >> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 405, in __setup_replica >> self.dm_password) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 118, in enable_replication_version_checking >> conn.do_simple_bind(bindpw=dirman_passwd) >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1665, in do_simple_bind >> self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1660, in __bind_with_wait >> self.__wait_for_connection(timeout) >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1643, in __wait_for_connection >> wait_for_open_socket(lurl.hostport, timeout) >> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line >> 1286, in wait_for_open_socket >> raise e >> error: [Errno 111] Connection refused >> 2017-02-16T15:54:16Z DEBUG [error] error: [Errno 111] Connection refused >> 2017-02-16T15:54:16Z DEBUG Destroyed connection context.ldap2_78478480 >> 2017-02-16T15:54:16Z DEBUG File "/usr/lib/python2.7/site- >> packages/ipapython/admintool.py", line 171, in execute >> return_value = self.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line >> 318, in run >> cfgr.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 310, in run >> self.execute() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 332, in execute >> for nothing in self._executor(): >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 359, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 586, in _configure >> next(executor) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 449, in _handle_exception >> self.__parent._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 446, in _handle_exception >> super(ComponentBase, self)._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 359, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", >> line 63, in _install >> for nothing in self._installer(self.parent): >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1714, in main >> promote(self) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 364, in decorated >> func(installer) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1415, in promote >> promote=True, pkcs12_info=dirsrv_pkcs12_info) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 127, in install_replica_ds >> api=remote_api, >> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 399, in create_replica >> self.start_creation(runtime=60) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 449, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 439, in run_step >> method() >> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 405, in __setup_replica >> self.dm_password) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 118, in enable_replication_version_checking >> conn.do_simple_bind(bindpw=dirman_passwd) >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1665, in do_simple_bind >> self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1660, in __bind_with_wait >> self.__wait_for_connection(timeout) >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1643, in __wait_for_connection >> wait_for_open_socket(lurl.hostport, timeout) >> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line >> 1286, in wait_for_open_socket >> raise e >> 2017-02-16T15:54:16Z DEBUG The ipa-replica-install command failed, >> exception: error: [Errno 111] Connection refused >> 2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused >> 2017-02-16T15:54:16Z ERROR The ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> > > How can I troubleshoot this? > > > > -- > Tiemen Ruiten > Systems Engineer > R&D Media > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project