On 16.02.2017 17:21, Tiemen Ruiten wrote:
Hello,

I'm trying to add a third replica to a FreeIPA 4.4 domain (level 1), but I'm getting this error:

    [tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w
    "XXXXXXXXXX" --mkhomedir --setup-dns --forwarder 8.8.8.8
    --forwarder 8.8.4.4
    Checking DNS forwarders, please wait ...
    Run connection check to master
    Connection check OK
    Configuring NTP daemon (ntpd)
      [1/4]: stopping ntpd
      [2/4]: writing configuration
      [3/4]: configuring ntpd to start on boot
      [4/4]: starting ntpd
    Done configuring NTP daemon (ntpd).
    Configuring directory server (dirsrv). Estimated time: 1 minute
      [1/44]: creating directory server user
      [2/44]: creating directory server instance
      [3/44]: updating configuration in dse.ldif
      [4/44]: restarting directory server
      [5/44]: adding default schema
      [6/44]: enabling memberof plugin
      [7/44]: enabling winsync plugin
      [8/44]: configuring replication version plugin
      [9/44]: enabling IPA enrollment plugin
      [10/44]: enabling ldapi
      [11/44]: configuring uniqueness plugin
      [12/44]: configuring uuid plugin
      [13/44]: configuring modrdn plugin
      [14/44]: configuring DNS plugin
      [15/44]: enabling entryUSN plugin
      [16/44]: configuring lockout plugin
      [17/44]: configuring topology plugin
      [18/44]: creating indices
      [19/44]: enabling referential integrity plugin
      [20/44]: configuring certmap.conf
      [21/44]: configure autobind for root
      [22/44]: configure new location for managed entries
      [23/44]: configure dirsrv ccache
      [24/44]: enabling SASL mapping fallback
      [25/44]: restarting directory server
      [26/44]: creating DS keytab
      [27/44]: retrieving DS Certificate
      [28/44]: restarting directory server
    ipa         : CRITICAL Failed to restart the directory server
    (Command '/bin/systemctl restart dirsrv@IPA-RDMEDIA-COM.service'
    returned non-zero exit status 1). See the installation log for
    details.
      [29/44]: setting up initial replication
      [error] error: [Errno 111] Connection refused
    Your system may be partly configured.
    Run /usr/sbin/ipa-server-install --uninstall to clean up.
    ipa.ipapython.install.cli.install_tool(Replica): ERROR  [Errno
    111] Connection refused
    ipa.ipapython.install.cli.install_tool(Replica): ERROR  The
    ipa-replica-install command failed. See
    /var/log/ipareplica-install.log for more information


In /var/log/ipareplica-install.log we find:

    2017-02-16T15:53:59Z DEBUG   [27/44]: retrieving DS Certificate
    2017-02-16T15:53:59Z DEBUG Loading Index file from
    '/var/lib/ipa/sysrestore/sysrestore.index'
    2017-02-16T15:53:59Z DEBUG Starting external process
    2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
    /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM
    <http://IPA.RDMEDIA.COM> IPA CA -a
    2017-02-16T15:53:59Z DEBUG Process finished, return code=255
    2017-02-16T15:53:59Z DEBUG stdout=
    *2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find cert:
    IPA.RDMEDIA.COM <http://IPA.RDMEDIA.COM> IPA CA
    : PR_FILE_NOT_FOUND_ERROR: File not found*
    2017-02-16T15:53:59Z DEBUG Starting external process
    2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
    /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f
    /etc/dirsrv/slapd-IPA-RDMEDIA-COM//pwdfile.txt
    2017-02-16T15:53:59Z DEBUG Process finished, return code=0
    2017-02-16T15:53:59Z DEBUG stdout=
    2017-02-16T15:53:59Z DEBUG stderr=
    2017-02-16T15:53:59Z DEBUG Starting external process
    2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
    /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n IPA.RDMEDIA.COM
    <http://IPA.RDMEDIA.COM> IPA CA -t CT,C,C -a
    2017-02-16T15:53:59Z DEBUG Process finished, return code=0
    2017-02-16T15:53:59Z DEBUG stdout=
    2017-02-16T15:53:59Z DEBUG stderr=
    2017-02-16T15:53:59Z DEBUG certmonger request is in state
    dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)
    2017-02-16T15:54:04Z DEBUG certmonger request is in state
    dbus.String(u'CA_UNREACHABLE', variant_level=1)
    2017-02-16T15:54:04Z DEBUG flushing
    ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket from SchemaCache
    2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache
    url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket
    conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74efd40>
    2017-02-16T15:54:05Z DEBUG   duration: 5 seconds
    2017-02-16T15:54:05Z DEBUG   [28/44]: restarting directory server
    2017-02-16T15:54:05Z DEBUG Starting external process
    2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system daemon-reload
    2017-02-16T15:54:05Z DEBUG Process finished, return code=0
    2017-02-16T15:54:05Z DEBUG stdout=
    2017-02-16T15:54:05Z DEBUG stderr=
    2017-02-16T15:54:05Z DEBUG Starting external process
    2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart
    dirsrv@IPA-RDMEDIA-COM.service
    2017-02-16T15:54:06Z DEBUG Process finished, return code=1
    2017-02-16T15:54:06Z DEBUG stdout=
    2017-02-16T15:54:06Z DEBUG stderr=Job for
    dirsrv@IPA-RDMEDIA-COM.service failed because the control process
    exited with error code. See "systemctl status
    dirsrv@IPA-RDMEDIA-COM.service" and "journalctl -xe" for details.
    2017-02-16T15:54:06Z CRITICAL Failed to restart the directory
    server (Command '/bin/systemctl restart
    dirsrv@IPA-RDMEDIA-COM.service' returned non-zero exit status 1).
    See the installation log for details.
    2017-02-16T15:54:06Z DEBUG   duration: 1 seconds
    2017-02-16T15:54:06Z DEBUG   [29/44]: setting up initial replication
    2017-02-16T15:54:16Z DEBUG Traceback (most recent call last):
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 449, in start_creation
        run_step(full_msg, method)
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 439, in run_step
        method()
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
    line 405, in __setup_replica
        self.dm_password)
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
    line 118, in enable_replication_version_checking
        conn.do_simple_bind(bindpw=dirman_passwd)
      File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
    line 1665, in do_simple_bind
        self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
      File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
    line 1660, in __bind_with_wait
        self.__wait_for_connection(timeout)
      File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
    line 1643, in __wait_for_connection
        wait_for_open_socket(lurl.hostport, timeout)
      File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
    line 1286, in wait_for_open_socket
        raise e
    error: [Errno 111] Connection refused
    2017-02-16T15:54:16Z DEBUG   [error] error: [Errno 111] Connection
    refused
    2017-02-16T15:54:16Z DEBUG Destroyed connection context.ldap2_78478480
    2017-02-16T15:54:16Z DEBUG   File
    "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
    171, in execute
        return_value = self.run()
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
    318, in run
        cfgr.run()
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    310, in run
        self.execute()
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    332, in execute
        for nothing in self._executor():
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    372, in __runner
        self._handle_exception(exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    394, in _handle_exception
        six.reraise(*exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    362, in __runner
        step()
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    359, in <lambda>
        step = lambda: next(self.__gen)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
    81, in run_generator_with_yield_from
        six.reraise(*exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
    59, in run_generator_with_yield_from
        value = gen.send(prev_value)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    586, in _configure
        next(executor)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    372, in __runner
        self._handle_exception(exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    449, in _handle_exception
        self.__parent._handle_exception(exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    394, in _handle_exception
        six.reraise(*exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    446, in _handle_exception
        super(ComponentBase, self)._handle_exception(exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    394, in _handle_exception
        six.reraise(*exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    362, in __runner
        step()
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
    359, in <lambda>
        step = lambda: next(self.__gen)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
    81, in run_generator_with_yield_from
        six.reraise(*exc_info)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
    59, in run_generator_with_yield_from
        value = gen.send(prev_value)
      File
    "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
    line 63, in _install
        for nothing in self._installer(self.parent):
      File
    
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 1714, in main
        promote(self)
      File
    
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 364, in decorated
        func(installer)
      File
    
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 1415, in promote
        promote=True, pkcs12_info=dirsrv_pkcs12_info)
      File
    
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
    line 127, in install_replica_ds
        api=remote_api,
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
    line 399, in create_replica
        self.start_creation(runtime=60)
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 449, in start_creation
        run_step(full_msg, method)
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
    line 439, in run_step
        method()
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
    line 405, in __setup_replica
        self.dm_password)
      File
    "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
    line 118, in enable_replication_version_checking
        conn.do_simple_bind(bindpw=dirman_passwd)
      File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
    line 1665, in do_simple_bind
        self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
      File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
    line 1660, in __bind_with_wait
        self.__wait_for_connection(timeout)
      File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
    line 1643, in __wait_for_connection
        wait_for_open_socket(lurl.hostport, timeout)
      File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
    line 1286, in wait_for_open_socket
        raise e
    2017-02-16T15:54:16Z DEBUG The ipa-replica-install command failed,
    exception: error: [Errno 111] Connection refused
    2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused
    2017-02-16T15:54:16Z ERROR The ipa-replica-install command failed.
    See /var/log/ipareplica-install.log for more information


How can I troubleshoot this?



--
Tiemen Ruiten
Systems Engineer
R&D Media




Hello,

please check /var/log/dirsrv/slapd-*/errors  log on both master and replica

Martin
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to