Bret Wortman wrote: > ...but it did at least look like they were talking, right? Some level of > replication was happening: > > (before the Netscape Replication Total update Entry began running away > with the logfile): > > [21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0 tag=101 nentries=1 > etime=0 > [21/May/2014:10:28:53 -0400] conn=2 op=3 MOD dn="cn=IPA Version > Replication,cn=Plugins,cn=config" > [21/May/2014:10:28:53 -0400] conn=2 op=3 RESULT err=0 tag=103 nentries=0 > etime=0 > [21/May/2014:10:28:53 -0400] conn=2 op=4 UNBIND
That is just a failsafe so if we ever put incompatible data into an IPA server we can prevent it from polluting other servers. We fortunately haven't needed this. rob > > On 05/21/2014 11:40 AM, Bret Wortman wrote: >> On the new replica (asipa) I see in the access log almost 5000 entries >> like this: >> >> [21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT >> oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update >> Entry" >> [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120 >> nentries=0 etime=0 >> >> And these just repeat, increasing the "op" value until they terminate >> with this one. The rest of it just looks like informational messages. >> >> Over on zsipa (the CA master), errors contains: >> >> [21/May/2014:14:31:06 +0000] NSMMReplciationPlugin - Schema >> agmt="cn=meToasipa.foo.net" (asipa:389) must not be overwritten(set >> replication log for additional info) >> [21/May/2014:14:31:06 +0000] NSMMReplicationPlugin - >> agmt="cn=meToasipa.foo.net" (asipa:389) Warning: unable to replicate >> schema: rc=1 >> >> These two lines repeat at intervals for a while. >> >> Nothing else leapt out at me. >> >> >> >> On 05/21/2014 11:04 AM, Rob Crittenden wrote: >>> Bret Wortman wrote: >>>> This occurs on our first attempt to join as a replica. I've erased this >>>> box and rebaselined it but the same thing happens. No network ports >>>> being blocked that we know of, and another replica I created at the >>>> same >>>> time installed its replica file without issue. >>>> >>>> asipa is the new replica, zsipa is the ca and original master on which >>>> the replica file was created. >>>> >>>> [24/34]: setting up initial replication >>>> Starting replication, please wait until this has completed >>>> Update in progress, 130 seconds elapsed >>>> Update in progress yet not in progress >>>> >>>> [ipamaster.foo.net] reports: Update failed! Status: [10 Total update >>>> abortedLDAP error: Referral] >>>> >>>> >>>> Your system may be partly configured. >>>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>>> >>>> Failed to start replication >>>> # >>>> >>>> /var/log/ipareplica-install.log contains this: >>>> >>>> 2014-05-21T145:28:56Z DEBUG retrieving schema for SchemaCache >>>> url=ldaps://asipa.fopo.net:636 conn=<ldap.ldapobject.SimpleLDAPObject >>>> instance at 0x4faf170> >>>> 2014-05-21T14:31:08Z DEBUG File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", >>>> line 638, in run_script >>>> return_value = main_function() >>>> >>>> File "/usr/sbin/ipa-replica-install", line 663, in main >>>> ds = install_replica_ds(config) >>>> >>>> File "/usr/sbin/ipa-replica-install", line 188, in >>>> install_replica_ds >>>> ca_file=config.dir + "/ca.crt", >>>> >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >>>> line >>>> 360 in create_replica >>>> self.start_creation(runtime=60) >>>> >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line 364, in start_creation >>>> method() >>>> >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >>>> line >>>> 373, in __setup_replica >>>> r_bindpw=self.dm_password() >>>> >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >>>> line 961, in setup_replication >>>> raise RuntimeError("Failed to start replication") >>>> >>>> 2014-0521T14:31:08Z DEBUG The ipa-replica-install command failed, >>>> exception: RuntimeError: Failed to start replication >>>> >>>> Any guidance on where to start looking? >>> Check the 389-ds access and error logs on both masters. >>> >>> rob >>> >> >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users