We got it fixed.  But one of the servers became severely out of sync causing other issues.  We got it fixed and replication is now working once again.  Now it is just figuring out if we truly can use Amazon Linux 2 as a FreeIPA replica or if we need to stick w/ CentOS 7.


On Tuesday, March 6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:


Andrew Meyer via FreeIPA-users wrote:
> After getting the feedback previously from the mailing list (thank you
> for all your help) I have deployed a CentOS 7 image in AWS.  I was able
> to add teh client machine to the FreeIPA domain.  The CentOS 7 instance
> is a t2.medium which is a 2 proc by 4GB RAM.  But when I go to promote
> it I get the following error:
>
> ipa-replica-install --setup-ca --ssh-trust-dns --mkhomedir --setup-kra
> --setup-dns --forwarder=10.10.0.2
>
> 2018-03-05T21:33:57Z DEBUG stderr=
> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2018-03-05T21:33:57Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2018-03-05T21:33:57Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2018-03-05T21:33:57Z DEBUG Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2018-03-05T21:33:57Z DEBUG Configuring certificate server (pki-tomcatd).
> Estimated time: 3 minutes
> 2018-03-05T21:33:57Z DEBUG   [1/27]: creating certificate server db
> 2018-03-05T21:33:57Z DEBUG   duration: 0 seconds
> 2018-03-05T21:33:57Z DEBUG   [2/27]: setting up initial replication
> 2018-03-05T21:33:57Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
> 2018-03-05T21:33:57Z DEBUG retrieving schema for SchemaCache
> url=ldap://infra-test-ipa.gatewayblend.net:389
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x93d5368>
> 2018-03-05T21:33:58Z DEBUG Successfully updated nsDS5ReplicaId.
> 2018-03-05T21:34:14Z DEBUG Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 504, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 494, in run_step
>     method()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1192, in __setup_replication
>     repl.setup_cs_replication(self.master_host)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 1814, in setup_cs_replication
>     raise RuntimeError("Failed to start replication")
> RuntimeError: Failed to start replication
>
> 2018-03-05T21:34:14Z DEBUG   [error] RuntimeError: Failed to start
> replication
> 2018-03-05T21:34:14Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
> execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 333, in run
>     cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 368, in run
>     self.execute()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 392, in execute
>     for _nothing in self._executor():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 658, in _configure
>     next(executor)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
>     exc_handler(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 463, in _handle_execute_exception
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 521, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 518, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
>     for _nothing in self._installer(self.parent):
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py",
> line 617, in main
>     replica_install(self)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 386, in decorated
>     func(installer)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1458, in install
>     ca.install(False, config, options)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
> 205, in install
>     install_step_0(standalone, replica_config, options)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
> 284, in install_step_0
>     use_ldaps=standalone)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 447, in configure_instance
>     self.start_creation(runtime=runtime)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 504, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 494, in run_step
>     method()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1192, in __setup_replication
>     repl.setup_cs_replication(self.master_host)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 1814, in setup_cs_replication
>     raise RuntimeError("Failed to start replication")
>
> 2018-03-05T21:34:14Z DEBUG The ipa-replica-install command failed,
> exception: RuntimeError: Failed to start replication
> 2018-03-05T21:34:14Z ERROR Failed to start replication
> 2018-03-05T21:34:14Z ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
> [centos@freeipa02 ~]$ 

You'll need to look at the logs for more information.

rob

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org