Hello,
I'm trying to add a third replica to a FreeIPA 4.4 domain (level 1),
but I'm getting this error:
[tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w
"XXXXXXXXXX" --mkhomedir --setup-dns --forwarder 8.8.8.8
--forwarder 8.8.4.4
Checking DNS forwarders, please wait ...
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
[1/44]: creating directory server user
[2/44]: creating directory server instance
[3/44]: updating configuration in dse.ldif
[4/44]: restarting directory server
[5/44]: adding default schema
[6/44]: enabling memberof plugin
[7/44]: enabling winsync plugin
[8/44]: configuring replication version plugin
[9/44]: enabling IPA enrollment plugin
[10/44]: enabling ldapi
[11/44]: configuring uniqueness plugin
[12/44]: configuring uuid plugin
[13/44]: configuring modrdn plugin
[14/44]: configuring DNS plugin
[15/44]: enabling entryUSN plugin
[16/44]: configuring lockout plugin
[17/44]: configuring topology plugin
[18/44]: creating indices
[19/44]: enabling referential integrity plugin
[20/44]: configuring certmap.conf
[21/44]: configure autobind for root
[22/44]: configure new location for managed entries
[23/44]: configure dirsrv ccache
[24/44]: enabling SASL mapping fallback
[25/44]: restarting directory server
[26/44]: creating DS keytab
[27/44]: retrieving DS Certificate
[28/44]: restarting directory server
ipa : CRITICAL Failed to restart the directory server
(Command '/bin/systemctl restart [email protected]'
returned non-zero exit status 1). See the installation log for
details.
[29/44]: setting up initial replication
[error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR [Errno
111] Connection refused
ipa.ipapython.install.cli.install_tool(Replica): ERROR The
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
In /var/log/ipareplica-install.log we find:
2017-02-16T15:53:59Z DEBUG [27/44]: retrieving DS Certificate
2017-02-16T15:53:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-02-16T15:53:59Z DEBUG Starting external process
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM
<http://IPA.RDMEDIA.COM> IPA CA -a
2017-02-16T15:53:59Z DEBUG Process finished, return code=255
2017-02-16T15:53:59Z DEBUG stdout=
*2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find cert:
IPA.RDMEDIA.COM <http://IPA.RDMEDIA.COM> IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found*
2017-02-16T15:53:59Z DEBUG Starting external process
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f
/etc/dirsrv/slapd-IPA-RDMEDIA-COM//pwdfile.txt
2017-02-16T15:53:59Z DEBUG Process finished, return code=0
2017-02-16T15:53:59Z DEBUG stdout=
2017-02-16T15:53:59Z DEBUG stderr=
2017-02-16T15:53:59Z DEBUG Starting external process
2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n IPA.RDMEDIA.COM
<http://IPA.RDMEDIA.COM> IPA CA -t CT,C,C -a
2017-02-16T15:53:59Z DEBUG Process finished, return code=0
2017-02-16T15:53:59Z DEBUG stdout=
2017-02-16T15:53:59Z DEBUG stderr=
2017-02-16T15:53:59Z DEBUG certmonger request is in state
dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)
2017-02-16T15:54:04Z DEBUG certmonger request is in state
dbus.String(u'CA_UNREACHABLE', variant_level=1)
2017-02-16T15:54:04Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket from SchemaCache
2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74efd40>
2017-02-16T15:54:05Z DEBUG duration: 5 seconds
2017-02-16T15:54:05Z DEBUG [28/44]: restarting directory server
2017-02-16T15:54:05Z DEBUG Starting external process
2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system daemon-reload
2017-02-16T15:54:05Z DEBUG Process finished, return code=0
2017-02-16T15:54:05Z DEBUG stdout=
2017-02-16T15:54:05Z DEBUG stderr=
2017-02-16T15:54:05Z DEBUG Starting external process
2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart
[email protected]
2017-02-16T15:54:06Z DEBUG Process finished, return code=1
2017-02-16T15:54:06Z DEBUG stdout=
2017-02-16T15:54:06Z DEBUG stderr=Job for
[email protected] failed because the control process
exited with error code. See "systemctl status
[email protected]" and "journalctl -xe" for details.
2017-02-16T15:54:06Z CRITICAL Failed to restart the directory
server (Command '/bin/systemctl restart
[email protected]' returned non-zero exit status 1).
See the installation log for details.
2017-02-16T15:54:06Z DEBUG duration: 1 seconds
2017-02-16T15:54:06Z DEBUG [29/44]: setting up initial replication
2017-02-16T15:54:16Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 405, in __setup_replica
self.dm_password)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 118, in enable_replication_version_checking
conn.do_simple_bind(bindpw=dirman_passwd)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1665, in do_simple_bind
self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1660, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1643, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
line 1286, in wait_for_open_socket
raise e
error: [Errno 111] Connection refused
2017-02-16T15:54:16Z DEBUG [error] error: [Errno 111] Connection
refused
2017-02-16T15:54:16Z DEBUG Destroyed connection context.ldap2_78478480
2017-02-16T15:54:16Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
171, in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
318, in run
cfgr.run()
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
310, in run
self.execute()
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
332, in execute
for nothing in self._executor():
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
362, in __runner
step()
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
586, in _configure
next(executor)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
449, in _handle_exception
self.__parent._handle_exception(exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
362, in __runner
step()
File
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File
"/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1714, in main
promote(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 364, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1415, in promote
promote=True, pkcs12_info=dirsrv_pkcs12_info)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 127, in install_replica_ds
api=remote_api,
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 399, in create_replica
self.start_creation(runtime=60)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 405, in __setup_replica
self.dm_password)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 118, in enable_replication_version_checking
conn.do_simple_bind(bindpw=dirman_passwd)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1665, in do_simple_bind
self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1660, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line 1643, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
line 1286, in wait_for_open_socket
raise e
2017-02-16T15:54:16Z DEBUG The ipa-replica-install command failed,
exception: error: [Errno 111] Connection refused
2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused
2017-02-16T15:54:16Z ERROR The ipa-replica-install command failed.
See /var/log/ipareplica-install.log for more information
How can I troubleshoot this?
--
Tiemen Ruiten
Systems Engineer
R&D Media
