[Freeipa-users] ipa-replica-install command failed, exception: NotFound: ldap service not found

Mon, 11 Sep 2017 18:53:09 -0700 

Trying to create a replica server with ipa-replica-install, but it breaks 
during installation while restarting the directory service saying that LDAP 
service not found. But I can see LDAP server is running.

I have created around 3 replicas using the same procedure about 4 months ago, 
but now it is failing. I cannot find any obvious reason for this issue.
All the machines are on CentOS 7.x.

Master ipa package versions:
ipa-common-4.4.0-14.el7.centos.6.noarch
ipa-client-common-4.4.0-14.el7.centos.6.noarch
ipa-server-dns-4.4.0-14.el7.centos.6.noarch
ipa-admintools-4.4.0-14.el7.centos.6.noarch
ipa-server-4.4.0-14.el7.centos.6.x86_64

Also tried after updating above to el7.centos.7 packages

Replica ipa package versions:
ipa-common-4.4.0-14.el7.centos.7.noarch
ipa-server-4.4.0-14.el7.centos.7.x86_64
ipa-client-4.4.0-14.el7.centos.7.x86_64
ipa-server-common-4.4.0-14.el7.centos.7.noarch
ipa-admintools-4.4.0-14.el7.centos.7.noarch
ipa-client-common-4.4.0-14.el7.centos.7.noarch
ipa-server-dns-4.4.0-14.el7.centos.7.noarch

Actual results:
[root@auth03-esy1 ~]# ipa-replica-install --principal admin --admin-password 
XXXXXXXX --server=auth02-esy1.srv.symbionetworks.com 
--domain=auth.mnfgroup.limited --setup-ca
Configuring client side components
Client hostname: auth03-esy1.srv.symbionetworks.com
Realm: AUTH.MNFGROUP.LIMITED
DNS Domain: auth.mnfgroup.limited
IPA Server: auth02-esy1.srv.symbionetworks.com
BaseDN: dc=auth,dc=mnfgroup,dc=limited

Skipping synchronizing time with NTP server.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=AUTH.MNFGROUP.LIMITED
    Issuer:      CN=Certificate Authority,O=AUTH.MNFGROUP.LIMITED
    Valid From:  Wed Mar 15 01:04:16 2017 UTC
    Valid Until: Sun Mar 15 01:04:16 2037 UTC

Enrolled in IPA realm AUTH.MNFGROUP.LIMITED
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm AUTH.MNFGROUP.LIMITED
trying https://auth02-esy1.srv.symbionetworks.com/ipa/json
Forwarding 'ping' to json server 
'https://auth02-esy1.srv.symbionetworks.com/ipa/json'
Forwarding 'ca_is_enabled' to json server 
'https://auth02-esy1.srv.symbionetworks.com/ipa/json'
Systemwide CA database updated.
Hostname (auth03-esy1.srv.symbionetworks.com) does not have A/AAAA record.
Failed to update DNS records.
Missing A/AAAA record(s) for host auth03-esy1.srv.symbionetworks.com: 10.53.1.3.
Missing reverse record(s) for address(es): 10.53.1.3.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Forwarding 'host_mod' to json server 
'https://auth02-esy1.srv.symbionetworks.com/ipa/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring auth.mnfgroup.limited as NIS domain.
Client configuration complete.

WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd

ipa         : ERROR    Could not resolve hostname 
auth02-esy1.srv.symbionetworks.com using DNS. Clients may not function 
properly. Please check your DNS setup. (Note that this check queries IPA DNS 
directly and ignores /etc/hosts.)
Continue? [no]: yes
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
  [1/44]: creating directory server user
  [2/44]: creating directory server instance
  [3/44]: updating configuration in dse.ldif
  [4/44]: restarting directory server
  [5/44]: adding default schema
  [6/44]: enabling memberof plugin
  [7/44]: enabling winsync plugin
  [8/44]: configuring replication version plugin
  [9/44]: enabling IPA enrollment plugin
  [10/44]: enabling ldapi
  [11/44]: configuring uniqueness plugin
  [12/44]: configuring uuid plugin
  [13/44]: configuring modrdn plugin
  [14/44]: configuring DNS plugin
  [15/44]: enabling entryUSN plugin
  [16/44]: configuring lockout plugin
  [17/44]: configuring topology plugin
  [18/44]: creating indices
  [19/44]: enabling referential integrity plugin
  [20/44]: configuring certmap.conf
  [21/44]: configure autobind for root
  [22/44]: configure new location for managed entries
  [23/44]: configure dirsrv ccache
  [24/44]: enabling SASL mapping fallback
  [25/44]: restarting directory server
  [26/44]: creating DS keytab
  [error] NotFound: 
ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED: service not found
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    
ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED: service not found
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The 
ipa-replica-install command failed. See /var/log/ipareplica-install.log for 
more information


Additional Infomation:
Form /var/log/ipareplica-install.log,
2017-09-12T01:36:13Z DEBUG stderr=ldap_initialize( 
ldap://auth03-esy1.srv.symbionetworks.com:389/??base )

2017-09-12T01:36:13Z DEBUG   duration: 0 seconds
2017-09-12T01:36:13Z DEBUG   [23/44]: configure dirsrv ccache
2017-09-12T01:36:13Z DEBUG Backing up system configuration file 
'/etc/sysconfig/dirsrv'
2017-09-12T01:36:13Z DEBUG Saving Index File to 
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-09-12T01:36:13Z DEBUG Starting external process
2017-09-12T01:36:13Z DEBUG args=/usr/sbin/selinuxenabled
2017-09-12T01:36:13Z DEBUG Process finished, return code=1
2017-09-12T01:36:13Z DEBUG stdout=
2017-09-12T01:36:13Z DEBUG stderr=
2017-09-12T01:36:13Z DEBUG   duration: 0 seconds
2017-09-12T01:36:13Z DEBUG   [24/44]: enabling SASL mapping fallback
2017-09-12T01:36:13Z DEBUG Starting external process
2017-09-12T01:36:13Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpEjW0XE -H 
ldap://auth03-esy1.srv.symbionetworks.com:389 -x -D cn=Directory Manager -y 
/tmp/tmpED2rPP
2017-09-12T01:36:13Z DEBUG Process finished, return code=0
2017-09-12T01:36:13Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
        on
modifying entry "cn=config"
modify complete


2017-09-12T01:36:13Z DEBUG stderr=ldap_initialize( 
ldap://auth03-esy1.srv.symbionetworks.com:389/??base )

2017-09-12T01:36:13Z DEBUG   duration: 0 seconds
2017-09-12T01:36:13Z DEBUG   [25/44]: restarting directory server
2017-09-12T01:36:13Z DEBUG Starting external process
2017-09-12T01:36:13Z DEBUG args=/bin/systemctl --system daemon-reload
2017-09-12T01:36:13Z DEBUG Process finished, return code=0
2017-09-12T01:36:13Z DEBUG stdout=
2017-09-12T01:36:13Z DEBUG stderr=
2017-09-12T01:36:13Z DEBUG Starting external process
2017-09-12T01:36:13Z DEBUG args=/bin/systemctl restart 
dirsrv@AUTH-MNFGROUP-LIMITED.service
2017-09-12T01:36:14Z DEBUG Process finished, return code=0
2017-09-12T01:36:14Z DEBUG stdout=
2017-09-12T01:36:14Z DEBUG stderr=
2017-09-12T01:36:14Z DEBUG Starting external process
2017-09-12T01:36:14Z DEBUG args=/bin/systemctl is-active 
dirsrv@AUTH-MNFGROUP-LIMITED.service
2017-09-12T01:36:14Z DEBUG Process finished, return code=0
2017-09-12T01:36:14Z DEBUG stdout=active

2017-09-12T01:36:14Z DEBUG stderr=
2017-09-12T01:36:14Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-09-12T01:36:14Z DEBUG Starting external process
2017-09-12T01:36:14Z DEBUG args=/bin/systemctl is-active 
dirsrv@AUTH-MNFGROUP-LIMITED.service
2017-09-12T01:36:14Z DEBUG Process finished, return code=0
2017-09-12T01:36:14Z DEBUG stdout=active

2017-09-12T01:36:14Z DEBUG stderr=
2017-09-12T01:36:14Z DEBUG   duration: 0 seconds
2017-09-12T01:36:14Z DEBUG   [26/44]: creating DS keytab
2017-09-12T01:36:14Z DEBUG Backing up system configuration file 
'/etc/dirsrv/ds.keytab'
2017-09-12T01:36:14Z DEBUG   -> Not backing up - '/etc/dirsrv/ds.keytab' 
doesn't exist
2017-09-12T01:36:14Z DEBUG raw: 
service_add(u'ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED', 
force=True, version=u'2.213')
2017-09-12T01:36:14Z DEBUG service_add(<ipapython.kerberos.Principal object at 
0x794e7d0>, force=True, all=False, raw=False, version=u'2.213', 
no_members=False)
2017-09-12T01:36:14Z DEBUG flushing ldaps://auth02-esy1.srv.symbionetworks.com 
from SchemaCache
2017-09-12T01:36:14Z DEBUG retrieving schema for SchemaCache 
url=ldaps://auth02-esy1.srv.symbionetworks.com 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x76610e0>
2017-09-12T01:36:15Z DEBUG raw: 
host_show(u'auth03-esy1.srv.symbionetworks.com', version=u'2.213')
2017-09-12T01:36:15Z DEBUG host_show(u'auth03-esy1.srv.symbionetworks.com', 
rights=False, all=False, raw=False, version=u'2.213', no_members=False)
2017-09-12T01:36:15Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
449, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
439, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
1230, in __get_ds_keytab
    force_service_add=True)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
line 1129, in install_service_keytab
    api.Command.service_add(principal, force=force_service_add)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in 
__call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in 
__do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 799, in run
    return self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 
1221, in execute
    self.obj.handle_not_found(*keys)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 
759, in handle_not_found
    'pkey': pkey, 'oname': self.object_name,
NotFound: ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED: 
service not found

2017-09-12T01:36:15Z DEBUG   [error] NotFound: 
ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED: service not found
2017-09-12T01:36:15Z DEBUG Destroyed connection context.ldap2_89533776
2017-09-12T01:36:15Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, 
in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, 
in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, 
in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, 
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, 
in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, 
in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, 
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, 
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, 
in _install
    for nothing in self._installer(self.parent):
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 1722, in main
    promote(self)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 372, in decorated
    func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 1423, in promote
    promote=True, pkcs12_info=dirsrv_pkcs12_info)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 135, in install_replica_ds
    api=remote_api,
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
401, in create_replica
    self.start_creation(runtime=60)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
449, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
439, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 
1230, in __get_ds_keytab
    force_service_add=True)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
line 1129, in install_service_keytab
    api.Command.service_add(principal, force=force_service_add)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in 
__call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in 
__do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 799, in run
    return self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 
1221, in execute
    self.obj.handle_not_found(*keys)
  File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 
759, in handle_not_found
    'pkey': pkey, 'oname': self.object_name,

2017-09-12T01:36:15Z DEBUG The ipa-replica-install command failed, exception: 
NotFound: ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED: 
service not found
2017-09-12T01:36:15Z ERROR 
ldap/auth03-esy1.srv.symbionetworks.com@AUTH.MNFGROUP.LIMITED: service not found
2017-09-12T01:36:15Z ERROR The ipa-replica-install command failed. See 
/var/log/ipareplica-install.log for more information


Can anyone please help with this issue? 

Regards

Shahriar Rahman
Systems Engineer
MNF Group Limited 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to