Any help would be much appreciated! I really need to add this replica (and others)...
On 17 February 2017 at 10:36, Tiemen Ruiten <[email protected]> wrote: > I went through that bugreport, particularly this section... > > OK, I think I found the error. On the logs I get something like this > *before* the failing dirsrv restart: > > 2017-01-14T03:41:28Z DEBUG [27/44]: retrieving DS Certificate > 2017-01-14T03:41:28Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2017-01-14T03:41:28Z DEBUG Starting external process > 2017-01-14T03:41:28Z DEBUG args=/usr/bin/certutil -d > /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n EXAMPLE.COM IPA CA -a > 2017-01-14T03:41:28Z DEBUG Process finished, return code=255 > 2017-01-14T03:41:28Z DEBUG stdout= > 2017-01-14T03:41:28Z DEBUG stderr=certutil: Could not find cert: EXAMPLE.COM > IPA CA > : PR_FILE_NOT_FOUND_ERROR: File not found > > So, when the process stopped, I run the command again: > > # /usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n EXAMPLE.COM IPA > CA -a > certutil: Could not find cert: EXAMPLE.COM > : PR_FILE_NOT_FOUND_ERROR: File not found > > > and thought "wait... something is missing there": > > # /usr/bin/certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L -n "EXAMPLE.COM IPA > CA" -a > -----BEGIN CERTIFICATE----- > <strip> > -----END CERTIFICATE----- > > So, could this be the problem? > > ...and indeed when I run > > [tiemen@copernicum ipapython]$ sudo /usr/bin/certutil -d >> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM IPA CA -a >> [sudo] password for tiemen: >> certutil: Could not find cert: IPA.RDMEDIA.COM >> : PR_FILE_NOT_FOUND_ERROR: File not found > > > and when I run > > [tiemen@copernicum ipapython]$ sudo /usr/bin/certutil -d > /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n "IPA.RDMEDIA.COM IPA CA" -a > -----BEGIN CERTIFICATE----- > <snip> > -----END CERTIFICATE----- > > valid certificate output. Where can I change this command to quote this > string? > > > On 16 February 2017 at 17:29, Jeff Goddard <[email protected]> wrote: > >> Might be another instance of this: https://fedorahosted.org/freei >> pa/ticket/6613 >> >> Jeff >> >> On Thu, Feb 16, 2017 at 11:21 AM, Tiemen Ruiten <[email protected]> >> wrote: >> >>> Hello, >>> >>> I'm trying to add a third replica to a FreeIPA 4.4 domain (level 1), but >>> I'm getting this error: >>> >>> [tiemen@copernicum ~]$ sudo ipa-replica-install -P admin -w >>>> "XXXXXXXXXX" --mkhomedir --setup-dns --forwarder 8.8.8.8 --forwarder >>>> 8.8.4.4 >>>> Checking DNS forwarders, please wait ... >>>> Run connection check to master >>>> Connection check OK >>>> Configuring NTP daemon (ntpd) >>>> [1/4]: stopping ntpd >>>> [2/4]: writing configuration >>>> [3/4]: configuring ntpd to start on boot >>>> [4/4]: starting ntpd >>>> Done configuring NTP daemon (ntpd). >>>> Configuring directory server (dirsrv). Estimated time: 1 minute >>>> [1/44]: creating directory server user >>>> [2/44]: creating directory server instance >>>> [3/44]: updating configuration in dse.ldif >>>> [4/44]: restarting directory server >>>> [5/44]: adding default schema >>>> [6/44]: enabling memberof plugin >>>> [7/44]: enabling winsync plugin >>>> [8/44]: configuring replication version plugin >>>> [9/44]: enabling IPA enrollment plugin >>>> [10/44]: enabling ldapi >>>> [11/44]: configuring uniqueness plugin >>>> [12/44]: configuring uuid plugin >>>> [13/44]: configuring modrdn plugin >>>> [14/44]: configuring DNS plugin >>>> [15/44]: enabling entryUSN plugin >>>> [16/44]: configuring lockout plugin >>>> [17/44]: configuring topology plugin >>>> [18/44]: creating indices >>>> [19/44]: enabling referential integrity plugin >>>> [20/44]: configuring certmap.conf >>>> [21/44]: configure autobind for root >>>> [22/44]: configure new location for managed entries >>>> [23/44]: configure dirsrv ccache >>>> [24/44]: enabling SASL mapping fallback >>>> [25/44]: restarting directory server >>>> [26/44]: creating DS keytab >>>> [27/44]: retrieving DS Certificate >>>> [28/44]: restarting directory server >>>> ipa : CRITICAL Failed to restart the directory server (Command >>>> '/bin/systemctl restart [email protected]' returned >>>> non-zero exit status 1). See the installation log for details. >>>> [29/44]: setting up initial replication >>>> [error] error: [Errno 111] Connection refused >>>> Your system may be partly configured. >>>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>>> ipa.ipapython.install.cli.install_tool(Replica): ERROR [Errno 111] >>>> Connection refused >>>> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >>>> ipa-replica-install command failed. See /var/log/ipareplica-install.log >>>> for more information >>> >>> >>> In /var/log/ipareplica-install.log we find: >>> >>> 2017-02-16T15:53:59Z DEBUG [27/44]: retrieving DS Certificate >>>> 2017-02-16T15:53:59Z DEBUG Loading Index file from >>>> '/var/lib/ipa/sysrestore/sysrestore.index' >>>> 2017-02-16T15:53:59Z DEBUG Starting external process >>>> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d >>>> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -L -n IPA.RDMEDIA.COM IPA CA -a >>>> 2017-02-16T15:53:59Z DEBUG Process finished, return code=255 >>>> 2017-02-16T15:53:59Z DEBUG stdout= >>>> >>>> *2017-02-16T15:53:59Z DEBUG stderr=certutil: Could not find cert: >>>> IPA.RDMEDIA.COM <http://IPA.RDMEDIA.COM> IPA CA: PR_FILE_NOT_FOUND_ERROR: >>>> File not found* >>>> 2017-02-16T15:53:59Z DEBUG Starting external process >>>> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d >>>> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -N -f /etc/dirsrv/slapd-IPA-RDMEDIA- >>>> COM//pwdfile.txt >>>> 2017-02-16T15:53:59Z DEBUG Process finished, return code=0 >>>> 2017-02-16T15:53:59Z DEBUG stdout= >>>> 2017-02-16T15:53:59Z DEBUG stderr= >>>> 2017-02-16T15:53:59Z DEBUG Starting external process >>>> 2017-02-16T15:53:59Z DEBUG args=/usr/bin/certutil -d >>>> /etc/dirsrv/slapd-IPA-RDMEDIA-COM/ -A -n IPA.RDMEDIA.COM IPA CA -t >>>> CT,C,C -a >>>> 2017-02-16T15:53:59Z DEBUG Process finished, return code=0 >>>> 2017-02-16T15:53:59Z DEBUG stdout= >>>> 2017-02-16T15:53:59Z DEBUG stderr= >>>> 2017-02-16T15:53:59Z DEBUG certmonger request is in state >>>> dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) >>>> 2017-02-16T15:54:04Z DEBUG certmonger request is in state >>>> dbus.String(u'CA_UNREACHABLE', variant_level=1) >>>> 2017-02-16T15:54:04Z DEBUG flushing >>>> ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket >>>> from SchemaCache >>>> 2017-02-16T15:54:04Z DEBUG retrieving schema for SchemaCache >>>> url=ldapi://%2fvar%2frun%2fslapd-IPA-RDMEDIA-COM.socket >>>> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74efd40> >>>> 2017-02-16T15:54:05Z DEBUG duration: 5 seconds >>>> 2017-02-16T15:54:05Z DEBUG [28/44]: restarting directory server >>>> 2017-02-16T15:54:05Z DEBUG Starting external process >>>> 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl --system daemon-reload >>>> 2017-02-16T15:54:05Z DEBUG Process finished, return code=0 >>>> 2017-02-16T15:54:05Z DEBUG stdout= >>>> 2017-02-16T15:54:05Z DEBUG stderr= >>>> 2017-02-16T15:54:05Z DEBUG Starting external process >>>> 2017-02-16T15:54:05Z DEBUG args=/bin/systemctl restart >>>> [email protected] >>>> 2017-02-16T15:54:06Z DEBUG Process finished, return code=1 >>>> 2017-02-16T15:54:06Z DEBUG stdout= >>>> 2017-02-16T15:54:06Z DEBUG stderr=Job for [email protected] >>>> failed because the control process exited with error code. See "systemctl >>>> status [email protected]" and "journalctl -xe" for >>>> details. >>>> 2017-02-16T15:54:06Z CRITICAL Failed to restart the directory server >>>> (Command '/bin/systemctl restart [email protected]' >>>> returned non-zero exit status 1). See the installation log for details. >>>> 2017-02-16T15:54:06Z DEBUG duration: 1 seconds >>>> 2017-02-16T15:54:06Z DEBUG [29/44]: setting up initial replication >>>> 2017-02-16T15:54:16Z DEBUG Traceback (most recent call last): >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line 449, in start_creation >>>> run_step(full_msg, method) >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line 439, in run_step >>>> method() >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >>>> line 405, in __setup_replica >>>> self.dm_password) >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >>>> line 118, in enable_replication_version_checking >>>> conn.do_simple_bind(bindpw=dirman_passwd) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1665, in do_simple_bind >>>> self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1660, in __bind_with_wait >>>> self.__wait_for_connection(timeout) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1643, in __wait_for_connection >>>> wait_for_open_socket(lurl.hostport, timeout) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line >>>> 1286, in wait_for_open_socket >>>> raise e >>>> error: [Errno 111] Connection refused >>>> 2017-02-16T15:54:16Z DEBUG [error] error: [Errno 111] Connection >>>> refused >>>> 2017-02-16T15:54:16Z DEBUG Destroyed connection context.ldap2_78478480 >>>> 2017-02-16T15:54:16Z DEBUG File >>>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", >>>> line 171, in execute >>>> return_value = self.run() >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", >>>> line 318, in run >>>> cfgr.run() >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 310, in run >>>> self.execute() >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 332, in execute >>>> for nothing in self._executor(): >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 372, in __runner >>>> self._handle_exception(exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 394, in _handle_exception >>>> six.reraise(*exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 362, in __runner >>>> step() >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 359, in <lambda> >>>> step = lambda: next(self.__gen) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>>> line 81, in run_generator_with_yield_from >>>> six.reraise(*exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>>> line 59, in run_generator_with_yield_from >>>> value = gen.send(prev_value) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 586, in _configure >>>> next(executor) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 372, in __runner >>>> self._handle_exception(exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 449, in _handle_exception >>>> self.__parent._handle_exception(exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 394, in _handle_exception >>>> six.reraise(*exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 446, in _handle_exception >>>> super(ComponentBase, self)._handle_exception(exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 394, in _handle_exception >>>> six.reraise(*exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 362, in __runner >>>> step() >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >>>> line 359, in <lambda> >>>> step = lambda: next(self.__gen) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>>> line 81, in run_generator_with_yield_from >>>> six.reraise(*exc_info) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >>>> line 59, in run_generator_with_yield_from >>>> value = gen.send(prev_value) >>>> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", >>>> line 63, in _install >>>> for nothing in self._installer(self.parent): >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >>>> line 1714, in main >>>> promote(self) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >>>> line 364, in decorated >>>> func(installer) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >>>> line 1415, in promote >>>> promote=True, pkcs12_info=dirsrv_pkcs12_info) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >>>> line 127, in install_replica_ds >>>> api=remote_api, >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >>>> line 399, in create_replica >>>> self.start_creation(runtime=60) >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line 449, in start_creation >>>> run_step(full_msg, method) >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line 439, in run_step >>>> method() >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >>>> line 405, in __setup_replica >>>> self.dm_password) >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >>>> line 118, in enable_replication_version_checking >>>> conn.do_simple_bind(bindpw=dirman_passwd) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1665, in do_simple_bind >>>> self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1660, in __bind_with_wait >>>> self.__wait_for_connection(timeout) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >>>> 1643, in __wait_for_connection >>>> wait_for_open_socket(lurl.hostport, timeout) >>>> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line >>>> 1286, in wait_for_open_socket >>>> raise e >>>> 2017-02-16T15:54:16Z DEBUG The ipa-replica-install command failed, >>>> exception: error: [Errno 111] Connection refused >>>> 2017-02-16T15:54:16Z ERROR [Errno 111] Connection refused >>>> 2017-02-16T15:54:16Z ERROR The ipa-replica-install command failed. See >>>> /var/log/ipareplica-install.log for more information >>>> >>> >>> How can I troubleshoot this? >>> >>> >>> >>> -- >>> Tiemen Ruiten >>> Systems Engineer >>> R&D Media >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >> >> >> >> >> > > > -- > Tiemen Ruiten > Systems Engineer > R&D Media > -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
