Hello, I'm trying to add a third replica to a FreeIPA 4.4 domain (level 1), but I'm getting this error:
[tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w "XXXXXXXXXX" > --mkhomedir --setup-dns --forwarder 8.8.8.8 --forwarder 8.8.4.4 > Checking DNS forwarders, please wait ... > Run connection check to master > Connection check OK > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 1 minute > [1/44]: creating directory server user > [2/44]: creating directory server instance > [3/44]: updating configuration in dse.ldif > [4/44]: restarting directory server > [5/44]: adding default schema > [6/44]: enabling memberof plugin > [7/44]: enabling winsync plugin > [8/44]: configuring replication version plugin > [9/44]: enabling IPA enrollment plugin > [10/44]: enabling ldapi > [11/44]: configuring uniqueness plugin > [12/44]: configuring uuid plugin > [13/44]: configuring modrdn plugin > [14/44]: configuring DNS plugin > [15/44]: enabling entryUSN plugin > [16/44]: configuring lockout plugin > [17/44]: configuring topology plugin > [18/44]: creating indices > [19/44]: enabling referential integrity plugin > [20/44]: configuring certmap.conf > [21/44]: configure autobind for root > [22/44]: configure new location for managed entries > [23/44]: configure dirsrv ccache > [24/44]: enabling SASL mapping fallback > [25/44]: restarting directory server > [26/44]: creating DS keytab > [27/44]: retrieving DS Certificate > [28/44]: restarting directory server > ipa : CRITICAL Failed to restart the directory server (Command > '/bin/systemctl restart [email protected]' returned non-zero > exit status 1). See the installation log for details. > [29/44]: setting up initial replication > [error] error: [Errno 111] Connection refused > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > ipa.ipapython.install.cli.install_tool(Replica): ERROR [Errno 111] > Connection refused > ipa.ipapython.install.cli.install_tool(Replica): ERROR The > ipa-replica-install command failed. See /var/log/ipareplica-install.log for > more information In /var/log/ipareplica-install.log we find: 2017-02-16T15:53:59Z DEBUG [27/44]: retrieving DS Certificate > 2017-02-16T15:53:59Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2017-02-16T15:53:59Z DEBUG Starting external process > 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d > /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM IPA CA -a > 2017-02-16T15:53:59Z DEBUG Process finished, return code=255 > 2017-02-16T15:53:59Z DEBUG stdout= > > *2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find cert: > IPA.RDMEDIA.COM <http://IPA.RDMEDIA.COM> IPA CA: PR_FILE_NOT_FOUND_ERROR: > File not found* > 2017-02-16T15:53:59Z DEBUG Starting external process > 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d > /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f > /etc/dirsrv/slapd-IPA-RDMEDIA-COM//pwdfile.txt > 2017-02-16T15:53:59Z DEBUG Process finished, return code=0 > 2017-02-16T15:53:59Z DEBUG stdout= > 2017-02-16T15:53:59Z DEBUG stderr= > 2017-02-16T15:53:59Z DEBUG Starting external process > 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d > /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n IPA.RDMEDIA.COM IPA CA -t CT,C,C > -a > 2017-02-16T15:53:59Z DEBUG Process finished, return code=0 > 2017-02-16T15:53:59Z DEBUG stdout= > 2017-02-16T15:53:59Z DEBUG stderr= > 2017-02-16T15:53:59Z DEBUG certmonger request is in state > dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) > 2017-02-16T15:54:04Z DEBUG certmonger request is in state > dbus.String(u'CA_UNREACHABLE', variant_level=1) > 2017-02-16T15:54:04Z DEBUG flushing > ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket from SchemaCache > 2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache > url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74efd40> > 2017-02-16T15:54:05Z DEBUG duration: 5 seconds > 2017-02-16T15:54:05Z DEBUG [28/44]: restarting directory server > 2017-02-16T15:54:05Z DEBUG Starting external process > 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system daemon-reload > 2017-02-16T15:54:05Z DEBUG Process finished, return code=0 > 2017-02-16T15:54:05Z DEBUG stdout= > 2017-02-16T15:54:05Z DEBUG stderr= > 2017-02-16T15:54:05Z DEBUG Starting external process > 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart > [email protected] > 2017-02-16T15:54:06Z DEBUG Process finished, return code=1 > 2017-02-16T15:54:06Z DEBUG stdout= > 2017-02-16T15:54:06Z DEBUG stderr=Job for [email protected] > failed because the control process exited with error code. See "systemctl > status [email protected]" and "journalctl -xe" for details. > 2017-02-16T15:54:06Z CRITICAL Failed to restart the directory server > (Command '/bin/systemctl restart [email protected]' returned > non-zero exit status 1). See the installation log for details. > 2017-02-16T15:54:06Z DEBUG duration: 1 seconds > 2017-02-16T15:54:06Z DEBUG [29/44]: setting up initial replication > 2017-02-16T15:54:16Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 449, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 439, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 405, in __setup_replica > self.dm_password) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line > 118, in enable_replication_version_checking > conn.do_simple_bind(bindpw=dirman_passwd) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1665, > in do_simple_bind > self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1660, > in __bind_with_wait > self.__wait_for_connection(timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643, > in __wait_for_connection > wait_for_open_socket(lurl.hostport, timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286, > in wait_for_open_socket > raise e > error: [Errno 111] Connection refused > 2017-02-16T15:54:16Z DEBUG [error] error: [Errno 111] Connection refused > 2017-02-16T15:54:16Z DEBUG Destroyed connection context.ldap2_78478480 > 2017-02-16T15:54:16Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in > execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line > 318, in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 310, in run > self.execute() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 332, in execute > for nothing in self._executor(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 586, in _configure > next(executor) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", > line 63, in _install > for nothing in self._installer(self.parent): > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1714, in main > promote(self) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 364, in decorated > func(installer) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1415, in promote > promote=True, pkcs12_info=dirsrv_pkcs12_info) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 127, in install_replica_ds > api=remote_api, > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 399, in create_replica > self.start_creation(runtime=60) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 449, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 439, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 405, in __setup_replica > self.dm_password) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line > 118, in enable_replication_version_checking > conn.do_simple_bind(bindpw=dirman_passwd) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1665, > in do_simple_bind > self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1660, > in __bind_with_wait > self.__wait_for_connection(timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643, > in __wait_for_connection > wait_for_open_socket(lurl.hostport, timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286, > in wait_for_open_socket > raise e > 2017-02-16T15:54:16Z DEBUG The ipa-replica-install command failed, > exception: error: [Errno 111] Connection refused > 2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused > 2017-02-16T15:54:16Z ERROR The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > How can I troubleshoot this? -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
