[Freeipa-users] Re: error when promoting new client to replica

2018-03-06 Thread Andrew Meyer via FreeIPA-users 
Agreed.  Going to try and get direct management to move forward w/ CentOS 7 up 
there.Thanks to you and your team for all their help.   FreeIPA is so awesome.

On Tuesday, March 6, 2018 1:31 PM, Rob Crittenden via FreeIPA-users 
 wrote:
 

 Andrew Meyer wrote:
> We got it fixed.  But one of the servers became severely out of sync
> causing other issues.  We got it fixed and replication is now working
> once again.  Now it is just figuring out if we truly can use Amazon
> Linux 2 as a FreeIPA replica or if we need to stick w/ CentOS 7.

If they use a different release of curl who knows what else is
different. Do you want to trust your intrastructure with that?

IPA herds many cats and it can be difficult to keep so many dependent
packages in-line. With so many moving parts even small changes can
sometimes cause a tremendous amount of grief.

rob

> 
> 
> On Tuesday, March 6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users
>  wrote:
> 
> 
> Andrew Meyer via FreeIPA-users wrote:
>> After getting the feedback previously from the mailing list (thank you
>> for all your help) I have deployed a CentOS 7 image in AWS.  I was able
>> to add teh client machine to the FreeIPA domain.  The CentOS 7 instance
>> is a t2.medium which is a 2 proc by 4GB RAM.  But when I go to promote
>> it I get the following error:
>>
>> ipa-replica-install --setup-ca --ssh-trust-dns --mkhomedir --setup-kra
>> --setup-dns --forwarder=10.10.0.2
>>
>> 2018-03-05T21:33:57Z DEBUG stderr=
>> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> 2018-03-05T21:33:57Z DEBUG Saving StateFile to
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> 2018-03-05T21:33:57Z DEBUG Loading Index file from
>> '/var/lib/ipa/sysrestore/sysrestore.index'
>> 2018-03-05T21:33:57Z DEBUG Configuring certificate server (pki-tomcatd).
>> Estimated time: 3 minutes
>> 2018-03-05T21:33:57Z DEBUG   [1/27]: creating certificate server db
>> 2018-03-05T21:33:57Z DEBUG   duration: 0 seconds
>> 2018-03-05T21:33:57Z DEBUG   [2/27]: setting up initial replication
>> 2018-03-05T21:33:57Z DEBUG Fetching nsDS5ReplicaId from master
> [attempt 1/5]
>> 2018-03-05T21:33:57Z DEBUG retrieving schema for SchemaCache
>> url=ldap://infra-test-ipa.gatewayblend.net:389
>> conn=
>> 2018-03-05T21:33:58Z DEBUG Successfully updated nsDS5ReplicaId.
>> 2018-03-05T21:34:14Z DEBUG Traceback (most recent call last):
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 504, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 494, in run_step
>>     method()
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
>> 1192, in __setup_replication
>>     repl.setup_cs_replication(self.master_host)
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>> line 1814, in setup_cs_replication
>>     raise RuntimeError("Failed to start replication")
>> RuntimeError: Failed to start replication
>>
>> 2018-03-05T21:34:14Z DEBUG   [error] RuntimeError: Failed to start
>> replication
>> 2018-03-05T21:34:14Z DEBUG   File
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
>> execute
>>     return_value = self.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
>> 333, in run
>>     cfgr.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 368, in run
>>     self.execute()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 392, in execute
>>     for _nothing in self._executor():
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 434, in __runner
>>     exc_handler(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 463, in _handle_execute_exception
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 453, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 424, in __runner
>>     step()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 421, in 
>>     step = lambda: next(self.__gen)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 81, in run_generator_with_yield_from
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 59, in run_generator_with_yield_from
>>     value = gen.send(prev_value)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 658, in _configure
>>     next(executor)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 434,

[Freeipa-users] Re: error when promoting new client to replica

2018-03-06 Thread Rob Crittenden via FreeIPA-users 
Andrew Meyer wrote:
> We got it fixed.  But one of the servers became severely out of sync
> causing other issues.  We got it fixed and replication is now working
> once again.  Now it is just figuring out if we truly can use Amazon
> Linux 2 as a FreeIPA replica or if we need to stick w/ CentOS 7.

If they use a different release of curl who knows what else is
different. Do you want to trust your intrastructure with that?

IPA herds many cats and it can be difficult to keep so many dependent
packages in-line. With so many moving parts even small changes can
sometimes cause a tremendous amount of grief.

rob

> 
> 
> On Tuesday, March 6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users
>  wrote:
> 
> 
> Andrew Meyer via FreeIPA-users wrote:
>> After getting the feedback previously from the mailing list (thank you
>> for all your help) I have deployed a CentOS 7 image in AWS.  I was able
>> to add teh client machine to the FreeIPA domain.  The CentOS 7 instance
>> is a t2.medium which is a 2 proc by 4GB RAM.  But when I go to promote
>> it I get the following error:
>>
>> ipa-replica-install --setup-ca --ssh-trust-dns --mkhomedir --setup-kra
>> --setup-dns --forwarder=10.10.0.2
>>
>> 2018-03-05T21:33:57Z DEBUG stderr=
>> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> 2018-03-05T21:33:57Z DEBUG Saving StateFile to
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> 2018-03-05T21:33:57Z DEBUG Loading Index file from
>> '/var/lib/ipa/sysrestore/sysrestore.index'
>> 2018-03-05T21:33:57Z DEBUG Configuring certificate server (pki-tomcatd).
>> Estimated time: 3 minutes
>> 2018-03-05T21:33:57Z DEBUG   [1/27]: creating certificate server db
>> 2018-03-05T21:33:57Z DEBUG   duration: 0 seconds
>> 2018-03-05T21:33:57Z DEBUG   [2/27]: setting up initial replication
>> 2018-03-05T21:33:57Z DEBUG Fetching nsDS5ReplicaId from master
> [attempt 1/5]
>> 2018-03-05T21:33:57Z DEBUG retrieving schema for SchemaCache
>> url=ldap://infra-test-ipa.gatewayblend.net:389
>> conn=
>> 2018-03-05T21:33:58Z DEBUG Successfully updated nsDS5ReplicaId.
>> 2018-03-05T21:34:14Z DEBUG Traceback (most recent call last):
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 504, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 494, in run_step
>>     method()
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
>> 1192, in __setup_replication
>>     repl.setup_cs_replication(self.master_host)
>>   File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>> line 1814, in setup_cs_replication
>>     raise RuntimeError("Failed to start replication")
>> RuntimeError: Failed to start replication
>>
>> 2018-03-05T21:34:14Z DEBUG   [error] RuntimeError: Failed to start
>> replication
>> 2018-03-05T21:34:14Z DEBUG   File
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
>> execute
>>     return_value = self.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
>> 333, in run
>>     cfgr.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 368, in run
>>     self.execute()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 392, in execute
>>     for _nothing in self._executor():
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 434, in __runner
>>     exc_handler(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 463, in _handle_execute_exception
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 453, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 424, in __runner
>>     step()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 421, in 
>>     step = lambda: next(self.__gen)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 81, in run_generator_with_yield_from
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 59, in run_generator_with_yield_from
>>     value = gen.send(prev_value)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 658, in _configure
>>     next(executor)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 434, in __runner
>>     exc_handler(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 463, in _handle_execute_exception
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 521, in

[Freeipa-users] Re: error when promoting new client to replica

2018-03-06 Thread Andrew Meyer via FreeIPA-users 
We got it fixed.  But one of the servers became severely out of sync causing 
other issues.  We got it fixed and replication is now working once again.  Now 
it is just figuring out if we truly can use Amazon Linux 2 as a FreeIPA replica 
or if we need to stick w/ CentOS 7. 

On Tuesday, March 6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users 
 wrote:
 

 Andrew Meyer via FreeIPA-users wrote:
> After getting the feedback previously from the mailing list (thank you
> for all your help) I have deployed a CentOS 7 image in AWS.  I was able
> to add teh client machine to the FreeIPA domain.  The CentOS 7 instance
> is a t2.medium which is a 2 proc by 4GB RAM.  But when I go to promote
> it I get the following error:
> 
> ipa-replica-install --setup-ca --ssh-trust-dns --mkhomedir --setup-kra
> --setup-dns --forwarder=10.10.0.2
> 
> 2018-03-05T21:33:57Z DEBUG stderr=
> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2018-03-05T21:33:57Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2018-03-05T21:33:57Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2018-03-05T21:33:57Z DEBUG Configuring certificate server (pki-tomcatd).
> Estimated time: 3 minutes
> 2018-03-05T21:33:57Z DEBUG   [1/27]: creating certificate server db
> 2018-03-05T21:33:57Z DEBUG   duration: 0 seconds
> 2018-03-05T21:33:57Z DEBUG   [2/27]: setting up initial replication
> 2018-03-05T21:33:57Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
> 2018-03-05T21:33:57Z DEBUG retrieving schema for SchemaCache
> url=ldap://infra-test-ipa.gatewayblend.net:389
> conn=
> 2018-03-05T21:33:58Z DEBUG Successfully updated nsDS5ReplicaId.
> 2018-03-05T21:34:14Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 504, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 494, in run_step
>     method()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1192, in __setup_replication
>     repl.setup_cs_replication(self.master_host)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 1814, in setup_cs_replication
>     raise RuntimeError("Failed to start replication")
> RuntimeError: Failed to start replication
> 
> 2018-03-05T21:34:14Z DEBUG   [error] RuntimeError: Failed to start
> replication
> 2018-03-05T21:34:14Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
> execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 333, in run
>     cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 368, in run
>     self.execute()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 392, in execute
>     for _nothing in self._executor():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in 
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 658, in _configure
>     next(executor)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 521, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 518, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>

[Freeipa-users] Re: error when promoting new client to replica

2018-03-06 Thread Rob Crittenden via FreeIPA-users 
Andrew Meyer via FreeIPA-users wrote:
> After getting the feedback previously from the mailing list (thank you
> for all your help) I have deployed a CentOS 7 image in AWS.  I was able
> to add teh client machine to the FreeIPA domain.  The CentOS 7 instance
> is a t2.medium which is a 2 proc by 4GB RAM.  But when I go to promote
> it I get the following error:
> 
> ipa-replica-install --setup-ca --ssh-trust-dns --mkhomedir --setup-kra
> --setup-dns --forwarder=10.10.0.2
> 
> 2018-03-05T21:33:57Z DEBUG stderr=
> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2018-03-05T21:33:57Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2018-03-05T21:33:57Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2018-03-05T21:33:57Z DEBUG Configuring certificate server (pki-tomcatd).
> Estimated time: 3 minutes
> 2018-03-05T21:33:57Z DEBUG   [1/27]: creating certificate server db
> 2018-03-05T21:33:57Z DEBUG   duration: 0 seconds
> 2018-03-05T21:33:57Z DEBUG   [2/27]: setting up initial replication
> 2018-03-05T21:33:57Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
> 2018-03-05T21:33:57Z DEBUG retrieving schema for SchemaCache
> url=ldap://infra-test-ipa.gatewayblend.net:389
> conn=
> 2018-03-05T21:33:58Z DEBUG Successfully updated nsDS5ReplicaId.
> 2018-03-05T21:34:14Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 504, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 494, in run_step
>     method()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1192, in __setup_replication
>     repl.setup_cs_replication(self.master_host)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 1814, in setup_cs_replication
>     raise RuntimeError("Failed to start replication")
> RuntimeError: Failed to start replication
> 
> 2018-03-05T21:34:14Z DEBUG   [error] RuntimeError: Failed to start
> replication
> 2018-03-05T21:34:14Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
> execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 333, in run
>     cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 368, in run
>     self.execute()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 392, in execute
>     for _nothing in self._executor():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in 
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 658, in _configure
>     next(executor)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 521, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 518, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in 
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in

[Freeipa-users] Re: error when promoting new client to replica

2018-03-05 Thread Andrew Meyer via FreeIPA-users 
I think I figured out my problem.  I think its the Amazon Linux replica.  
named-pkcs11 keeps dying which is causing my issues. 

On Monday, March 5, 2018 3:40 PM, Andrew Meyer via FreeIPA-users 
 wrote:
 

 After getting the feedback previously from the mailing list (thank you for all 
your help) I have deployed a CentOS 7 image in AWS.  I was able to add teh 
client machine to the FreeIPA domain.  The CentOS 7 instance is a t2.medium 
which is a 2 proc by 4GB RAM.  But when I go to promote it I get the following 
error:
ipa-replica-install --setup-ca --ssh-trust-dns --mkhomedir --setup-kra 
--setup-dns --forwarder=10.10.0.2

2018-03-05T21:33:57Z DEBUG stderr=2018-03-05T21:33:57Z DEBUG Loading StateFile 
from '/var/lib/ipa/sysupgrade/sysupgrade.state'2018-03-05T21:33:57Z DEBUG 
Saving StateFile to 
'/var/lib/ipa/sysupgrade/sysupgrade.state'2018-03-05T21:33:57Z DEBUG Loading 
StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'2018-03-05T21:33:57Z 
DEBUG Loading Index file from 
'/var/lib/ipa/sysrestore/sysrestore.index'2018-03-05T21:33:57Z DEBUG 
Configuring certificate server (pki-tomcatd). Estimated time: 3 
minutes2018-03-05T21:33:57Z DEBUG   [1/27]: creating certificate server 
db2018-03-05T21:33:57Z DEBUG   duration: 0 seconds2018-03-05T21:33:57Z DEBUG   
[2/27]: setting up initial replication2018-03-05T21:33:57Z DEBUG Fetching 
nsDS5ReplicaId from master [attempt 1/5]2018-03-05T21:33:57Z DEBUG retrieving 
schema for SchemaCache url=ldap://infra-test-ipa.gatewayblend.net:389 
conn=2018-03-05T21:33:58Z DEBUG Successfully updated 
nsDS5ReplicaId.2018-03-05T21:34:14Z DEBUG Traceback (most recent call last):  
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, 
in start_creation    run_step(full_msg, method)  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in 
run_step    method()  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1192, 
in __setup_replication    repl.setup_cs_replication(self.master_host)  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1814, 
in setup_cs_replication    raise RuntimeError("Failed to start 
replication")RuntimeError: Failed to start replication
2018-03-05T21:34:14Z DEBUG   [error] RuntimeError: Failed to start 
replication2018-03-05T21:34:14Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute 
   return_value = self.run()  File 
"/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run   
 cfgr.run()  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 368, in run    self.execute()  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, in 
execute    for _nothing in self._executor():  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in 
__runner    exc_handler(exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in 
_handle_execute_exception    self._handle_exception(exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in 
_handle_exception    six.reraise(*exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in 
__runner    step()  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in 
    step = lambda: next(self.__gen)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in 
run_generator_with_yield_from    six.reraise(*exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in 
run_generator_with_yield_from    value = gen.send(prev_value)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in 
_configure    next(executor)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in 
__runner    exc_handler(exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in 
_handle_execute_exception    self._handle_exception(exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in 
_handle_exception    self.__parent._handle_exception(exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in 
_handle_exception    six.reraise(*exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in 
_handle_exception    super(ComponentBase, self)._handle_exception(exc_info)  
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in 
_handle_exception    six.reraise(*exc_info)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in 
__runner    step()  File 
"/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in 
    step = lambda: next(self.__gen)  File 
"/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in