Hello,

I'm trying to add a third replica to a FreeIPA 4.4 domain (level 1), but
I'm getting this error:

[tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w "XXXXXXXXXX"
> --mkhomedir --setup-dns --forwarder 8.8.8.8 --forwarder 8.8.4.4
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Connection check OK
> Configuring NTP daemon (ntpd)
>   [1/4]: stopping ntpd
>   [2/4]: writing configuration
>   [3/4]: configuring ntpd to start on boot
>   [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server (dirsrv). Estimated time: 1 minute
>   [1/44]: creating directory server user
>   [2/44]: creating directory server instance
>   [3/44]: updating configuration in dse.ldif
>   [4/44]: restarting directory server
>   [5/44]: adding default schema
>   [6/44]: enabling memberof plugin
>   [7/44]: enabling winsync plugin
>   [8/44]: configuring replication version plugin
>   [9/44]: enabling IPA enrollment plugin
>   [10/44]: enabling ldapi
>   [11/44]: configuring uniqueness plugin
>   [12/44]: configuring uuid plugin
>   [13/44]: configuring modrdn plugin
>   [14/44]: configuring DNS plugin
>   [15/44]: enabling entryUSN plugin
>   [16/44]: configuring lockout plugin
>   [17/44]: configuring topology plugin
>   [18/44]: creating indices
>   [19/44]: enabling referential integrity plugin
>   [20/44]: configuring certmap.conf
>   [21/44]: configure autobind for root
>   [22/44]: configure new location for managed entries
>   [23/44]: configure dirsrv ccache
>   [24/44]: enabling SASL mapping fallback
>   [25/44]: restarting directory server
>   [26/44]: creating DS keytab
>   [27/44]: retrieving DS Certificate
>   [28/44]: restarting directory server
> ipa         : CRITICAL Failed to restart the directory server (Command
> '/bin/systemctl restart dirsrv@IPA-RDMEDIA-COM.service' returned non-zero
> exit status 1). See the installation log for details.
>   [29/44]: setting up initial replication
>   [error] error: [Errno 111] Connection refused
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> Connection refused
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log for
> more information


In /var/log/ipareplica-install.log we find:

2017-02-16T15:53:59Z DEBUG   [27/44]: retrieving DS Certificate
> 2017-02-16T15:53:59Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2017-02-16T15:53:59Z DEBUG Starting external process
> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM IPA CA -a
> 2017-02-16T15:53:59Z DEBUG Process finished, return code=255
> 2017-02-16T15:53:59Z DEBUG stdout=
>
> *2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find cert:
> IPA.RDMEDIA.COM <http://IPA.RDMEDIA.COM> IPA CA: PR_FILE_NOT_FOUND_ERROR:
> File not found*
> 2017-02-16T15:53:59Z DEBUG Starting external process
> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f
> /etc/dirsrv/slapd-IPA-RDMEDIA-COM//pwdfile.txt
> 2017-02-16T15:53:59Z DEBUG Process finished, return code=0
> 2017-02-16T15:53:59Z DEBUG stdout=
> 2017-02-16T15:53:59Z DEBUG stderr=
> 2017-02-16T15:53:59Z DEBUG Starting external process
> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d
> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n IPA.RDMEDIA.COM IPA CA -t CT,C,C
> -a
> 2017-02-16T15:53:59Z DEBUG Process finished, return code=0
> 2017-02-16T15:53:59Z DEBUG stdout=
> 2017-02-16T15:53:59Z DEBUG stderr=
> 2017-02-16T15:53:59Z DEBUG certmonger request is in state
> dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)
> 2017-02-16T15:54:04Z DEBUG certmonger request is in state
> dbus.String(u'CA_UNREACHABLE', variant_level=1)
> 2017-02-16T15:54:04Z DEBUG flushing
> ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket from SchemaCache
> 2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74efd40>
> 2017-02-16T15:54:05Z DEBUG   duration: 5 seconds
> 2017-02-16T15:54:05Z DEBUG   [28/44]: restarting directory server
> 2017-02-16T15:54:05Z DEBUG Starting external process
> 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system daemon-reload
> 2017-02-16T15:54:05Z DEBUG Process finished, return code=0
> 2017-02-16T15:54:05Z DEBUG stdout=
> 2017-02-16T15:54:05Z DEBUG stderr=
> 2017-02-16T15:54:05Z DEBUG Starting external process
> 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart
> dirsrv@IPA-RDMEDIA-COM.service
> 2017-02-16T15:54:06Z DEBUG Process finished, return code=1
> 2017-02-16T15:54:06Z DEBUG stdout=
> 2017-02-16T15:54:06Z DEBUG stderr=Job for dirsrv@IPA-RDMEDIA-COM.service
> failed because the control process exited with error code. See "systemctl
> status dirsrv@IPA-RDMEDIA-COM.service" and "journalctl -xe" for details.
> 2017-02-16T15:54:06Z CRITICAL Failed to restart the directory server
> (Command '/bin/systemctl restart dirsrv@IPA-RDMEDIA-COM.service' returned
> non-zero exit status 1). See the installation log for details.
> 2017-02-16T15:54:06Z DEBUG   duration: 1 seconds
> 2017-02-16T15:54:06Z DEBUG   [29/44]: setting up initial replication
> 2017-02-16T15:54:16Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 449, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 439, in run_step
>     method()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
> line 405, in __setup_replica
>     self.dm_password)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line
> 118, in enable_replication_version_checking
>     conn.do_simple_bind(bindpw=dirman_passwd)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1665,
> in do_simple_bind
>     self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1660,
> in __bind_with_wait
>     self.__wait_for_connection(timeout)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643,
> in __wait_for_connection
>     wait_for_open_socket(lurl.hostport, timeout)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286,
> in wait_for_open_socket
>     raise e
> error: [Errno 111] Connection refused
> 2017-02-16T15:54:16Z DEBUG   [error] error: [Errno 111] Connection refused
> 2017-02-16T15:54:16Z DEBUG Destroyed connection context.ldap2_78478480
> 2017-02-16T15:54:16Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 318, in run
>     cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 310, in run
>     self.execute()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 332, in execute
>     for nothing in self._executor():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 372, in __runner
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 394, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 362, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 359, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 586, in _configure
>     next(executor)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 372, in __runner
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 449, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 394, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 446, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 394, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 362, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
> 359, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
> 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
>     for nothing in self._installer(self.parent):
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1714, in main
>     promote(self)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 364, in decorated
>     func(installer)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1415, in promote
>     promote=True, pkcs12_info=dirsrv_pkcs12_info)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 127, in install_replica_ds
>     api=remote_api,
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
> line 399, in create_replica
>     self.start_creation(runtime=60)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 449, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 439, in run_step
>     method()
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
> line 405, in __setup_replica
>     self.dm_password)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line
> 118, in enable_replication_version_checking
>     conn.do_simple_bind(bindpw=dirman_passwd)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1665,
> in do_simple_bind
>     self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1660,
> in __bind_with_wait
>     self.__wait_for_connection(timeout)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643,
> in __wait_for_connection
>     wait_for_open_socket(lurl.hostport, timeout)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286,
> in wait_for_open_socket
>     raise e
> 2017-02-16T15:54:16Z DEBUG The ipa-replica-install command failed,
> exception: error: [Errno 111] Connection refused
> 2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused
> 2017-02-16T15:54:16Z ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>

How can I troubleshoot this?



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to