I think you should now check dirsrv errors logs on both server and the replica. It should have more info what went wrong with starting the replication.
Please also check # systemctl status [email protected] to check there are no SASL buffer related error messages. On 03/10/2015 12:58 AM, Steven Jones wrote: > ====== > 2015-03-09T21:15:31Z DEBUG flushing ldap://vuwunicoipam002.ods.vuw.ac.nz:389 > from SchemaCache > 2015-03-09T21:15:31Z DEBUG retrieving schema for SchemaCache > url=ldap://vuwunicoipam002.ods.vuw.ac.nz:389 > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4226cb0> > 2015-03-09T21:15:31Z DEBUG flushing ldaps://vuwunicoipam004.ods.vuw.ac.nz:636 > from SchemaCache > 2015-03-09T21:15:31Z DEBUG retrieving schema for SchemaCache > url=ldaps://vuwunicoipam004.ods.vuw.ac.nz:636 > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3d3d368> > 2015-03-09T21:17:42Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > 382, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > 372, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 368, in __setup_replica > r_bindpw=self.dm_password) > File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 969, in setup_replication > raise RuntimeError("Failed to start replication") > RuntimeError: Failed to start replication > > 2015-03-09T21:17:42Z DEBUG [error] RuntimeError: Failed to start replication > 2015-03-09T21:17:42Z DEBUG File > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line > 646, in run_script > return_value = main_function() > > File "/sbin/ipa-replica-install", line 700, in main > ds = install_replica_ds(config) > > File "/sbin/ipa-replica-install", line 195, in install_replica_ds > ca_file=config.dir + "/ca.crt", > > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 355, in create_replica > self.start_creation(runtime=60) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > 382, in start_creation > run_step(full_msg, method) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > 372, in run_step > method() > > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 368, in __setup_replica > r_bindpw=self.dm_password) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 969, in setup_replication > raise RuntimeError("Failed to start replication") > > 2015-03-09T21:17:42Z DEBUG The ipa-replica-install command failed, exception: > RuntimeError: Failed to start replication > > ========== > > > replica log. > > > ? > > > regards > > Steven > > ________________________________ > From: [email protected] <[email protected]> on > behalf of Rich Megginson <[email protected]> > Sent: Tuesday, 10 March 2015 11:02 a.m. > To: [email protected] > Subject: Re: [Freeipa-users] Error in replication while inserting a RHEL7.1 > server into a RHEL6.6 IPA setup. > > On 03/09/2015 03:35 PM, Steven Jones wrote: > > Any idea what is going on here please? > > > ========== > > [root@vuwunicoipam004<mailto:root@vuwunicoipam004> ipa-certs]# > ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U > replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg --skip-conncheck > Checking forwarders, please wait ... > WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in > answers > Please fix forwarder configuration to enable DNSSEC support. > (For BIND 9 add directive "dnssec-enable yes;" to "options {}") > WARNING: DNSSEC validation will be disabled > > I don't know if this is a problem, so I will leave it to our DNS gurus to > answer. > > > Directory Manager (existing master) password: > > Adding [10.100.32.50 vuwunicoipam004.ods.vuw.ac.nz] to your /etc/hosts file > Using reverse zone(s) 32.100.10.in-addr.arpa. > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv): Estimated time 1 minute > [1/35]: creating directory server user > [2/35]: creating directory server instance > [3/35]: adding default schema > [4/35]: enabling memberof plugin > [5/35]: enabling winsync plugin > [6/35]: configuring replication version plugin > [7/35]: enabling IPA enrollment plugin > [8/35]: enabling ldapi > [9/35]: configuring uniqueness plugin > [10/35]: configuring uuid plugin > [11/35]: configuring modrdn plugin > [12/35]: configuring DNS plugin > [13/35]: enabling entryUSN plugin > [14/35]: configuring lockout plugin > [15/35]: creating indices > [16/35]: enabling referential integrity plugin > [17/35]: configuring ssl for ds instance > [18/35]: configuring certmap.conf > [19/35]: configure autobind for root > [20/35]: configure new location for managed entries > [21/35]: configure dirsrv ccache > [22/35]: enable SASL mapping fallback > [23/35]: restarting directory server > [24/35]: setting up initial replication > Starting replication, please wait until this has completed. > Update in progress, 128 seconds elapsed > [vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [10 Total > update abortedLDAP error: Referral] > > If the client got back a referral, it means the replica was being > re-initialized at this time. Sounds like either the client is not checking > to see if the initialization is complete, or the server is reporting back > erroneously that initialization is complete. > > > > [error] RuntimeError: Failed to start replication > > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > Failed to start replication > [root@vuwunicoipam004<mailto:root@vuwunicoipam004> ipa-certs]# > ======== > > > No firewalls are active and the network is a simple vyos virtual router. > > > ===== > > [root@vuwunicoipam002<mailto:root@vuwunicoipam002> etc]# iptables -L -n > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > [root@vuwunicoipam002<mailto:root@vuwunicoipam002> etc]# > ===== > > ===== > > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > [root@vuwunicoipam004<mailto:root@vuwunicoipam004> ipa-certs]# > ===== > > > > > > regards > Steven > > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
