Christian Mertes via FreeIPA-users wrote: > Dear all, > > We still struggle with the same error to setup our replication. > > As we do not know if this is a setup problem or a bug, we would be > happy to get some feedback before filling a bug report if needed.
Your versions don't make a lot of sense: # ipa --version VERSION: 4.8.7, API_VERSION: 2.239 There is no RHEL 4.8.anything on a RHEL-7-like system. # yum list installed "ipa-server" Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * epel * sl * sl-fastbugs * sl-security Installed Packages ipa-server.x86_64 4.6.6-11.sl7 @sl So the ipa tool is from 4.8.7 but the server package is 4.6.6? You should look in /var/log/dirsrv/slapd-REALM/access and errors on both sides to see what was logged during replication setup. rob > > Best, > Christian > > On Mon, 2020-06-15 at 17:09 -0700, Christian Mertes via FreeIPA-users > wrote: >> Dear all, >> >> we tried to setup our first replica for our current ipa installation >> but failed with >> >> RuntimeError: Failed to start replication >> >> Our main instance is running on Scientific Linux 7 and is already 4 >> years old but kept always up-to-date and served us with no problems. >> >> We followed the steps lined out in the documentation: >> https://www.freeipa.org/page/V4/Replica_Setup >> But we always fail at the point where the replication starts. >> >> ~# ipa-replica-install >> Run connection check to master >> Connection check OK >> Configuring NTP daemon (ntpd) >> [1/4]: stopping ntpd >> [2/4]: writing configuration >> [3/4]: configuring ntpd to start on boot >> [4/4]: starting ntpd >> Done configuring NTP daemon (ntpd). >> Configuring directory server (dirsrv). Estimated time: 30 seconds >> [1/42]: creating directory server instance >> [2/42]: enabling ldapi >> [3/42]: configure autobind for root >> [4/42]: stopping directory server >> [5/42]: updating configuration in dse.ldif >> [6/42]: starting directory server >> [7/42]: adding default schema >> [8/42]: enabling memberof plugin >> [9/42]: enabling winsync plugin >> [10/42]: configure password logging >> [11/42]: configuring replication version plugin >> [12/42]: enabling IPA enrollment plugin >> [13/42]: configuring uniqueness plugin >> [14/42]: configuring uuid plugin >> [15/42]: configuring modrdn plugin >> [16/42]: configuring DNS plugin >> [17/42]: enabling entryUSN plugin >> [18/42]: configuring lockout plugin >> [19/42]: configuring topology plugin >> [20/42]: creating indices >> [21/42]: enabling referential integrity plugin >> [22/42]: configuring certmap.conf >> [23/42]: configure new location for managed entries >> [24/42]: configure dirsrv ccache >> [25/42]: enabling SASL mapping fallback >> [26/42]: restarting directory server >> [27/42]: creating DS keytab >> [28/42]: ignore time skew for initial replication >> [29/42]: setting up initial replication >> Starting replication, please wait until this has completed. >> Update in progress, 15 seconds elapsed >> [ldap://freeipa.xxx.xxx.xxx:389] reports: Update failed! Status: >> [Error (-2) - LDAP error: Local error] >> >> [error] RuntimeError: Failed to start replication >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> ipapython.admintool: ERROR Failed to start replication >> ipapython.admintool: ERROR The ipa-replica-install command failed. >> See /var/log/ipareplica-install.log for more information >> >> We tried to debug it a bit but did not come far. Somehow our master >> fails to acquire the replica for a total update (error log from >> dirsrv on main): >> >> [16/Jun/2020:01:26:00.049005795 +0200] - WARN - NSMMReplicationPlugin >> - repl5_tot_run - Unable to acquire replica for total update, error: >> -2, retrying in 1 seconds. >> [16/Jun/2020:01:26:01.080674785 +0200] - WARN - NSMMReplicationPlugin >> - repl5_tot_run - Unable to acquire replica for total update, error: >> -2, retrying in 2 seconds. >> [16/Jun/2020:01:26:03.115527897 +0200] - WARN - NSMMReplicationPlugin >> - repl5_tot_run - Unable to acquire replica for total update, error: >> -2, retrying in 3 seconds. >> [16/Jun/2020:01:26:06.137927640 +0200] - WARN - NSMMReplicationPlugin >> - repl5_tot_run - Unable to acquire replica for total update, error: >> -2, retrying in 4 seconds. >> [16/Jun/2020:01:26:10.167358832 +0200] - WARN - NSMMReplicationPlugin >> - repl5_tot_run - Unable to acquire replica for total update, error: >> -2, retrying in 5 seconds. >> >> I guess the error log on the replica is intended, since we just >> started to replicate it >> >> [16/Jun/2020:01:26:00.674747749 +0200] - WARN - NSMMReplicationPlugin >> - repl5_inc_run - agmt="cn=meTofreeipa.xxx.xxx.xxx" (freeipa:389): >> The remote replica has a different database generation ID than the >> local database. You may have to reinitialize the remote replica, or >> the local replica. >> >> As we do not know if this is a bug or just a configuration issue on >> our side, we would appreciate any help or hints on this. >> The times are synchronized btw. >> To make sure we, did the the right things we tried successfully >> everything with a fresh installation within a VM network using CentOS >> 7 images. >> >> For more details I attached the install log and the error log from >> our dirsrv. If you need further logs please let me know. >> >> Some additional information from our system (our main instance): >> >> # lsb_release -a >> LSB Version: :core-4.1-amd64:core-4.1-noarch >> Distributor ID: Scientific >> Description: Scientific Linux release 7.8 (Nitrogen) >> Release: 7.8 >> Codename: Nitrogen >> # ipa --version >> VERSION: 4.8.7, API_VERSION: 2.239 >> # yum list installed "ipa-server" >> Loaded plugins: fastestmirror, langpacks >> Loading mirror speeds from cached hostfile >> * epel >> * sl >> * sl-fastbugs >> * sl-security >> Installed Packages >> ipa-server.x86_64 4.6.6-11.sl7 @sl >> >> And from our replica system: >> >> # lsb_release -a >> LSB Version: :core-4.1-amd64:core-4.1-noarch >> Distributor ID: CentOS >> Description: CentOS Linux release 7.8.2003 (Core) >> Release: 7.8.2003 >> Codename: Core >> # ipa --version >> VERSION: 4.6.6, API_VERSION: 2.231 >> # yum list installed ipa-server >> Loaded plugins: fastestmirror >> Loading mirror speeds from cached hostfile >> * base: >> * elrepo: >> * epel: >> * extras: >> * updates: >> Installed Packages >> ipa-server.x86_64 4.6.6-11.el7.centos @base >> >> I'm just puzzled a bit by the difference in version number on the >> master. Could that be an issue and if so how to solve this? >> >> Best, >> Christian >> >> -- >> Christian Mertes | PhD Student / Lab Administrator >> >> Gagneur Lab - Computational Genomics >> I12 - Department of Informa ti >> Technical University of Munich >> Boltzmannstr. 3, 85748 Garching, Germany >> >> [email protected] | https://in.tum.de/gagneurlab >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
