Hi,
replica installation failures are often related to either a wrong DNS
configuration or firewall preventing the communication.
Did you run ipa-replica-installation with or without the option
--skip-conncheck? Without the option you may have some hints if the issue
is related to the firewall.
You can find more info in Host name and DNS requirements for IdM [1] and
Opening the ports required by IdM [2].
The timestamp for replica installation is 2023-05-24T*10:15:04Z* but the
master logs don't match (24/May/2023:*11:47:29.382502138 +0200*). Difficult
to draw any conclusion with that, do you have the master logs from the same
time?
flo
[1]
On Wed, May 24, 2023 at 12:34 PM Jakub Werwiński via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hi i have problem with freeipa replica installation log:
Starting replication, please wait until this has completed.
Update in progress, 12 seconds elapsed
[ldap://freeipa.mydomain.com:389] reports: Update failed! Status: [Error
(-11) connection error: Unknown connection error (-11) - Total update
aborted]
[error] RuntimeError: Failed to start replication
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Failed to start replication
The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
---------------------------------------- var/log/ipareplica-install.log
-------------------------------------------------------
2023-05-24T10:14:50Z DEBUG Waiting up to 300 seconds for replication
(ldapi://%2Frun%2Fslapd-MY-DOMAIN.COM.socket)
cn=meTofreeipa.mydomain.com,cn=replica,cn=dc\=xxx-poland\,dc\=com\,dc\=pl,cn=mapping
tree,cn=config (objectclass=*)
2023-05-24T10:14:50Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=
meTofreeipa.mydomain.com,cn=replica,cn=dc\=xxx-com\,dc\=com\,dc\=pl,cn=mapping
tree,cn=config'), {'objectClass': [b'nsds5replicationagreement',
b'top'],
'cn': [b'meTofreeipa.mydomain.com'], 'nsDS5ReplicaHost': [b'
freeipa.mydomain.com'], 'nsDS5ReplicaPort': [b'389'],
'nsds5replicaTimeout': [b'120'], 'nsDS5ReplicaRoot':
[b'dc=mydomain,dc=com,dc=pl'], 'description': [b'me to
freeipa.mydomain.com'], 'nsDS5ReplicatedAttributeList':
[b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn
krblastsuccessfulauth krblastfailedauth krbloginfailedcount
passwordgraceusertime'], 'nsDS5ReplicaTransportInfo': [b'LDAP'],
'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'],
'nsds5ReplicaStripAttrs':
[b'modifiersName modifyTimestamp internalModifiersName
internalModifyTimestamp'], 'nsDS5ReplicatedAttributeListTotal':
[b'(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth
krblastfailedauth krbloginfailedcount passwordgraceusertime'],
'nsds5replicareapactive': [b'0'],
'nsds5replicaLastUpdateStart':
[b'19700101000000Z'], 'nsds5replicaLastUpdateEnd':
[b'19700101000000Z'],
'nsds5replicaChangesSentSinceStartup': [b''],
'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions
started since server startup'], 'nsds5replicaLastUpdateStatusJSON':
[b'{"state": "green", "ldap_rc": "0",
"ldap_rc_text": "success", "repl_rc":
"0", "repl_rc_text": "replica acquired", "date":
"2023-05-24T10:14:50Z",
"message": "Error (0) No replication sessions started since server
startup"}'], 'nsds5replicaUpdateInProgress': [b'FALSE'],
'nsds5replicaLastInitStart': [b'19700101000000Z'],
'nsds5replicaLastInitEnd': [b'19700101000000Z']})]
2023-05-24T10:15:04Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py",
line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py",
line 672, in run_step
method()
File "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py",
line 430, in __setup_replica
repl.setup_promote_replication(
File
"/usr/lib/python3.9/site-packages/ipaserver/install/replication.py", line
1930, in setup_promote_replication
raise RuntimeError("Failed to start replication")
RuntimeError: Failed to start replication
2023-05-24T10:15:04Z DEBUG [error] RuntimeError: Failed to start
replication
2023-05-24T10:15:04Z DEBUG Destroyed connection
context.ldap2_140645096151696
2023-05-24T10:15:04Z DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2023-05-24T10:15:04Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2023-05-24T10:15:04Z DEBUG Writing configuration file /etc/ipa/default.conf
2023-05-24T10:15:04Z DEBUG [global]
basedn = dc=mydomain,dc=com,dc=pl
host =
freeipa-replica.mydomain.com
realm =
My.REALM.COM
domain =
mydomain.com
xmlrpc_uri =
https://freeipa-replica.mydomain.com/ipa/xml
ldap_uri = ldapi://%2Frun%2Fslapd-MY-DOMAIN-COM.socket
mode = production
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
ca_host =
freeipa.mydomain.com
2023-05-24T10:15:04Z DEBUG File
"/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 180, in
execute
return_value = self.run()
File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line
344, in run
return cfgr.run()
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
360, in run
return self.execute()
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
386, in execute
for rval in self._executor():
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
431, in __runner
exc_handler(exc_info)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
raise value
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
421, in __runner
step()
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
raise value
File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
655, in _configure
next(executor)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
431, in __runner
exc_handler(exc_info)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
raise value
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
raise value
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
421, in __runner
step()
File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line
418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
raise value
File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.9/site-packages/ipapython/install/common.py",
line 65, in _install
for unused in self._installer(self.parent):
File
"/usr/lib/python3.9/site-packages/ipaserver/install/server/__init__.py",
line 599, in main
replica_install(self)
File
"/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py",
line 401, in decorated
func(installer)
File
"/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py",
line 1267, in install
ds = install_replica_ds(config, options, ca_enabled,
File
"/usr/lib/python3.9/site-packages/ipaserver/install/server/replicainstall.py",
line 100, in install_replica_ds
ds.create_replica(
File "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py",
line 398, in create_replica
self.start_creation(runtime=30)
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py",
line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py",
line 672, in run_step
method()
File "/usr/lib/python3.9/site-packages/ipaserver/install/dsinstance.py",
line 430, in __setup_replica
repl.setup_promote_replication(
File
"/usr/lib/python3.9/site-packages/ipaserver/install/replication.py", line
1930, in setup_promote_replication
raise RuntimeError("Failed to start replication")
2023-05-24T10:15:04Z DEBUG The ipa-replica-install command failed,
exception: RuntimeError: Failed to start replication
2023-05-24T10:15:04Z ERROR Failed to start replication
2023-05-24T10:15:04Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
---------------------------------------- master: /var/log/dirsrv/slapd-MY-
DOMAIN.COM/error -------------------------------------------------------
[24/May/2023:11:47:02.653622389 +0200] - ERR - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com"
(freeipa-replica:389) - Replication bind
with GSSAPI auth failed: LDAP error 49 (Invalid
credentials) ()
[24/May/2023:11:47:08.700315039 +0200] - ERR - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com"
(freeipa-replica:389) - Replication bind
with GSSAPI auth failed: LDAP error -1 (Can't contact
LDAP server) ()
[24/May/2023:11:47:16.774918557 +0200] - INFO - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com"
(freeipa-replica:389): Replication bind
with GSSAPI auth resumed
[24/May/2023:11:47:17.035351907 +0200] - INFO - NSMMReplicationPlugin -
repl5_tot_run - Beginning total update of replica "agmt="cn=
meTofreeipa-replica.mydomain.com" (freeipa-r
eplica:389)".
[24/May/2023:11:47:29.357889007 +0200] - ERR - NSMMReplicationPlugin -
repl5_tot_log_operation_failure - agmt="cn=
meTofreeipa-replica.mydomain.com" (freeipa-replica:389): Recei
ved error -1 (Can't contact
LDAP server): for total update operation
[24/May/2023:11:47:29.361891385 +0200] - ERR - NSMMReplicationPlugin -
release_replica - agmt="cn=meTofreeipa-replica.mydomain.com"
(freeipa-replica:389): Unable to send endRep
lication extended operation (Can't contact LDAP
server)
[24/May/2023:11:47:29.363050079 +0200] - ERR - NSMMReplicationPlugin -
repl5_tot_run - Total update failed for replica "agmt="cn=
meTofreeipa-replica.mydomain.com" (freeipa-repl
ica:389)", error (-11)
[24/May/2023:11:47:29.382502138 +0200] - INFO - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTofreeipa-replica.mydomain.com"
(freeipa-replica:389): Replication bind
with GSSAPI auth resumed
---------------------------------------- About system
-------------------------------------------------------
Mater and Replica:
Os: Rocky Linux 9.2
IPA: 4.10.1
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue