Hello,I'm reinstalling a replica FreeIPA server in a CA-less environment.
I'm looked online and found:
https://www.redhat.com/archives/freeipa-users/2016-December/msg00391.html which is similar
(or exactly the problem), but theres no solid resolution. I recopied /etc/ipa/ca.crt to
the new server from an existing ipa server.
[root@cro-lv-ipa-01 log]# ipa --version
VERSION: 4.5.0, API_VERSION: 2.228
[root@cro-lv-ipa-01 log]# cat /etc/centos-release
CentOS Linux release 7.4.1708 (Core)
Not sure what to do.
Really appreciate any help.
Many thanksJames
Below is a snip from log files:Dec 14 15:34:34
cro-lv-ipa-01.int.DOMAIN.com
ns-slapd[19065]: [14/Dec/2017:15:34:34.546670082 +0000] - NOTICE - NSMMReplicationPlugin -
multimaster_be_state_change - Replica dc=int,dc=DOMAIN,dc=com is going offline; disabling
replication
Dec 14 15:34:34
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:34.756581200 +0000] - INFO - dblayer_instance_start - Import is running
with nsslapd-db-private-import-mem on; No other process is allowed to access the database
Dec 14 15:34:35
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 1
Dec 14 15:34:35
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 2
Dec 14 15:34:35
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 3
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.608407982 +0000] - INFO - import_monitor_threads - import userRoot:
Workers finished; cleaning up...
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.845823301 +0000] - INFO - import_monitor_threads - import userRoot:
Workers cleaned up.
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.862303717 +0000] - INFO - import_main_offline - import userRoot:
Indexing complete. Post-processing...
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.879128392 +0000] - INFO - import_main_offline - import userRoot:
Generating numsubordinates (this may take several minutes to complete)...
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.926416316 +0000] - INFO - import_main_offline - import userRoot:
Generating numSubordinates complete.
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.937805159 +0000] - INFO - ldbm_get_nonleaf_ids - import userRoot:
Gathering ancestorid non-leaf IDs...
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.954558879 +0000] - INFO - ldbm_get_nonleaf_ids - import userRoot:
Finished gathering ancestorid non-leaf IDs.
Dec 14 15:34:37
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:37.988095437 +0000] - INFO - ldbm_ancestorid_new_idl_create_index -
import userRoot: Creating ancestorid index (new idl)...
Dec 14 15:34:38
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:38.037871941 +0000] - INFO - ldbm_ancestorid_new_idl_create_index -
import userRoot: Created ancestorid index (new idl).
Dec 14 15:34:38
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:38.054977988 +0000] - INFO - import_main_offline - import userRoot:
Flushing caches...
Dec 14 15:34:38
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:38.071740106 +0000] - INFO - import_main_offline - import userRoot:
Closing files...
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.087512816 +0000] - INFO - import_main_offline - import userRoot:
Import complete. Processed 2258 entries in 5 seconds. (451.60 entries/sec)
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.108388854 +0000] - ERR - ipa-topology-plugin -
ipa_topo_be_state_change - backend userRoot is coming online; checking domain level and
init shared topology
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.144415357 +0000] - NOTICE - NSMMReplicationPlugin -
multimaster_be_state_change - Replica dc=int,dc=DOMAIN,dc=com is coming online; enabling
replication
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.194223235 +0000] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS
Definition cn=Password Policy,cn=accounts,dc=int,dc=DOMAIN,dc=com--no CoS Templates found,
which should be added before the CoS Definition.
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.216305850 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=groups,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 2
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.241702245 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=computers,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.266861361 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=ng,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.292000163 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
ou=sudoers,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.317009177 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=users,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.342161229 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.367108163 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.392166650 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.417292219 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.442364745 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.467486445 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.492482419 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.517678450 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.542783571 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.567929627 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.592914991 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.631596834 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=int,dc=DOMAIN,dc=com does not
exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.651414870 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=int,dc=DOMAIN,dc=com does not
exist
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.763358682 +0000] - NOTICE - NSMMReplicationPlugin - changelog
program - _cl5ConstructRUV - Rebuilding the replication changelog RUV, this may take
several minutes...
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.785332575 +0000] - NOTICE - NSMMReplicationPlugin - changelog
program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete. Result 0
(Success)
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.818877061 +0000] - NOTICE - NSMMReplicationPlugin - changelog
program - _cl5ConstructRUV - Rebuilding the replication changelog RUV, this may take
several minutes...
Dec 14 15:34:39
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:34:39.852136491 +0000] - NOTICE - NSMMReplicationPlugin - changelog
program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete. Result 0
(Success)
Dec 14 15:34:40
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 1
Dec 14 15:34:40
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 2
Dec 14 15:34:40
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 3
Dec 14 15:35:00
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:35:00.564199045 +0000] - ERR - ipa-topology-plugin -
ipa_topo_util_get_replica_conf: server configuration missing
Dec 14 15:35:00
cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]:
[14/Dec/2017:15:35:00.589577811 +0000] - ERR - ipa-topology-plugin -
ipa_topo_util_get_replica_conf: cannot create replica