When i tried to create the replica from another server, it fails giving me this?
[root@ipa02-aws ~]# ipa-replica-prepare ipa03-aws.rsinc.local --ip-address 10.40.x.x Directory Manager (existing master) password: If you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well. The replica must be created on the primary IPA server. On Thu, Jul 14, 2016 at 8:22 AM, Petr Vobornik <pvobo...@redhat.com> wrote: > On 07/14/2016 07:18 AM, Bjarne Blichfeldt wrote: > > Well, I just had the same problem, but in my case I also tried to > install a ca: > > > > “ipa-replica-install --setup-ca …..” > > > > Without “--set-up” the installation succeeded. > > > > Regards, > > > > Bjarne > > > > The error below is not related to CA. > > It tries to check that new replica's ldap service principal was replica > to master server. The principal is not replicated there and after 60 > attemps it fails. > > What is your replication topology? Could it be that other replicas are > keeping this master busy? > > Does installation against other replica work? > > Could you provide dirsrv error log of the master from the time of > installation? > > > > > > > *From:*Devin Acosta [mailto:linuxguru...@gmail.com] > > *Sent:* 12. juli 2016 21:35 > > *To:* freeipa-users@redhat.com > > *Subject:* [Freeipa-users] FreeIPA (Add Replica fails on GSSAPI) > > > > I am trying to add a 4th replica to my FreeIPA installation. I am > running the > > latest CentOS 7.2 (full updates) and i have tried multiple times and > fails every > > time in same location. When it fails I remove the replication agreements > and try > > again and keeps failing in same location. > > > > [root@ipa03-aws centos]# ipa-replica-install > replica-info-ipa03-aws.rsinc.local.gpg > > > > WARNING: conflicting time&date synchronization service 'chronyd' will > > > > be disabled in favor of ntpd > > > > Directory Manager (existing master) password: > > > > Run connection check to master > > > > Check connection from replica to remote master 'ipa01-aws.rsinc.local': > > > > Directory Service: Unsecure port (389): OK > > > > Directory Service: Secure port (636): OK > > > > Kerberos KDC: TCP (88): OK > > > > Kerberos Kpasswd: TCP (464): OK > > > > HTTP Server: Unsecure port (80): OK > > > > HTTP Server: Secure port (443): OK > > > > The following list of ports use UDP protocol and would need to be > > > > checked manually: > > > > Kerberos KDC: UDP (88): SKIPPED > > > > Kerberos Kpasswd: UDP (464): SKIPPED > > > > Connection from replica to master is OK. > > > > Start listening on required ports for remote master check > > > > Get credentials to log in to remote master > > > > admin@RSINC.LOCAL <mailto:admin@RSINC.LOCAL> password: > > > > Check SSH connection to remote master > > > > Execute check on remote master > > > > Check connection from master to remote replica 'ipa03-aws.rsinc.local': > > > > Directory Service: Unsecure port (389): OK > > > > Directory Service: Secure port (636): OK > > > > Kerberos KDC: TCP (88): OK > > > > Kerberos KDC: UDP (88): OK > > > > Kerberos Kpasswd: TCP (464): OK > > > > Kerberos Kpasswd: UDP (464): OK > > > > HTTP Server: Unsecure port (80): OK > > > > HTTP Server: Secure port (443): OK > > > > Connection from master to replica is OK. > > > > Connection check OK > > > > Configuring NTP daemon (ntpd) > > > > [1/4]: stopping ntpd > > > > [2/4]: writing configuration > > > > [3/4]: configuring ntpd to start on boot > > > > [4/4]: starting ntpd > > > > Done configuring NTP daemon (ntpd). > > > > Configuring directory server (dirsrv). Estimated time: 1 minute > > > > [1/38]: creating directory server user > > > > [2/38]: creating directory server instance > > > > [3/38]: adding default schema > > > > [4/38]: enabling memberof plugin > > > > [5/38]: enabling winsync plugin > > > > [6/38]: configuring replication version plugin > > > > [7/38]: enabling IPA enrollment plugin > > > > [8/38]: enabling ldapi > > > > [9/38]: configuring uniqueness plugin > > > > [10/38]: configuring uuid plugin > > > > [11/38]: configuring modrdn plugin > > > > [12/38]: configuring DNS plugin > > > > [13/38]: enabling entryUSN plugin > > > > [14/38]: configuring lockout plugin > > > > [15/38]: creating indices > > > > [16/38]: enabling referential integrity plugin > > > > [17/38]: configuring ssl for ds instance > > > > [18/38]: configuring certmap.conf > > > > [19/38]: configure autobind for root > > > > [20/38]: configure new location for managed entries > > > > [21/38]: configure dirsrv ccache > > > > [22/38]: enable SASL mapping fallback > > > > [23/38]: restarting directory server > > > > [24/38]: setting up initial replication > > > > Starting replication, please wait until this has completed. > > > > Update in progress, 4 seconds elapsed > > > > Update succeeded > > > > [25/38]: updating schema > > > > [26/38]: setting Auto Member configuration > > > > [27/38]: enabling S4U2Proxy delegation > > > > [28/38]: importing CA certificates from LDAP > > > > [29/38]: initializing group membership > > > > [30/38]: adding master entry > > > > [31/38]: initializing domain level > > > > [32/38]: configuring Posix uid/gid generation > > > > [33/38]: adding replication acis > > > > [34/38]: enabling compatibility plugin > > > > [35/38]: activating sidgen plugin > > > > [36/38]: activating extdom plugin > > > > [37/38]: tuning directory server > > > > [38/38]: configuring directory to start on boot > > > > Done configuring directory server (dirsrv). > > > > Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds > > > > [1/8]: adding sasl mappings to the directory > > > > [2/8]: configuring KDC > > > > [3/8]: creating a keytab for the directory > > > > [4/8]: creating a keytab for the machine > > > > [5/8]: adding the password extension to the directory > > > > [6/8]: enable GSSAPI for replication > > > > [error] RuntimeError: One of the ldap service principals is missing. > > Replication agreement cannot be converted. > > > > Replication error message: Can't acquire busy replica > > > > Your system may be partly configured. > > > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR One of the ldap > > service principals is missing. Replication agreement cannot be converted. > > > > Replication error message: Can't acquire busy replica > > > > Please see attached file for the full log file. > > > > Any help would be appreciated! > > > > > > > > > -- > Petr Vobornik >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
