[Freeipa-users] ipa-replica-install latest failure attempt:

Auerbach, Steven via FreeIPA-users Mon, 18 Nov 2019 11:14:56 -0800

Executed ipa-replica-prepare on an RHEL 6.9 server running ipa-server 
3.0.0.1_51  (name : ipa01)
Yum installed ipa-server, ipa-server-dns, bind-dyndb-ldap on the target Linux 
7.6 server (name: ipa04)
Copied the file to the target server to which ipa-server 4.6.5-11.0.1 is 
installed (ipa04)
Copied the file :/usr/share/ipa/copy-schema-to-ca.py from ipa v4.6 server to 
the ipa v3.0 server and executed it successfully.
Edited the /etc/resolv.con on ipa04 to include ipa01. Did not reboot.
Executed ipa-replica-install --setup-dns --forwarder=8.8.8.8 --setup-ca  
/var/lib/ipa/replica-info-ipa04.fbog.local.gpg (on ipa04)


Directory Manager (existing master) password:

Checking DNS forwarders, please wait ...
Run connection check to master
admin@FBOG.LOCAL password:
Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/41]: creating directory server instance
  [2/41]: enabling ldapi
  [3/41]: configure autobind for root
  [4/41]: stopping directory server
  [5/41]: updating configuration in dse.ldif
  [6/41]: starting directory server
  [7/41]: adding default schema
  [8/41]: enabling memberof plugin
  [9/41]: enabling winsync plugin
  [10/41]: configuring replication version plugin
  [11/41]: enabling IPA enrollment plugin
  [12/41]: configuring uniqueness plugin
  [13/41]: configuring uuid plugin
  [14/41]: configuring modrdn plugin
  [15/41]: configuring DNS plugin
  [16/41]: enabling entryUSN plugin
  [17/41]: configuring lockout plugin
  [18/41]: configuring topology plugin
  [19/41]: creating indices
  [20/41]: enabling referential integrity plugin
  [21/41]: configuring certmap.conf
  [22/41]: configure new location for managed entries
  [23/41]: configure dirsrv ccache
  [24/41]: enabling SASL mapping fallback
  [25/41]: restarting directory server
  [26/41]: creating DS keytab
  [27/41]: ignore time skew for initial replication
  [28/41]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 3 seconds elapsed
Update succeeded

  [29/41]: prevent time skew after initial replication
  [30/41]: adding sasl mappings to the directory
  [31/41]: updating schema
  [32/41]: setting Auto Member configuration
  [33/41]: enabling S4U2Proxy delegation
  [34/41]: initializing group membership
  [35/41]: adding master entry
  [36/41]: initializing domain level
  [37/41]: configuring Posix uid/gid generation
  [38/41]: adding replication acis
  [39/41]: activating sidgen plugin
  [40/41]: activating extdom plugin
  [41/41]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
  [1/5]: configuring KDC
  [2/5]: adding the password extension to the directory
  [3/5]: creating anonymous principal
  [4/5]: starting the KDC
  [5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
  [1/2]: starting kadmin
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring directory server (dirsrv)
  [1/3]: configuring TLS for DS instance
  [2/3]: importing CA certificates from LDAP
  [3/3]: restarting directory server
Done configuring directory server (dirsrv).
Configuring the web interface (httpd)
  [1/22]: stopping httpd
  [2/22]: setting mod_nss port to 443
  [3/22]: setting mod_nss cipher suite
  [4/22]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
  [5/22]: setting mod_nss password file
  [6/22]: enabling mod_nss renegotiate
  [7/22]: disabling mod_nss OCSP
  [8/22]: adding URL rewriting rules
  [9/22]: configuring httpd
  [10/22]: setting up httpd keytab
[error] NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipapython.admintool: ERROR    wait_for_entry timeout on 
ldap://ipa01.fbog.local:389 for 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
ipapython.admintool: ERROR    The ipa-replica-install command failed. See 
/var/log/ipareplica-install.log for more information

Process works all the way down to configuring the HTTP Interface.

2019-11-16T16:18:24Z DEBUG stderr=Keytab successfully retrieved and stored in: 
/var/lib/ipa/gssproxy/http.keytab

2019-11-16T16:18:24Z DEBUG Waiting for replication 
(ldap://ipa01.fbog.local:389) 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
 (objectclass=*)
2019-11-16T16:18:33Z DEBUG Still waiting for replication of 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local<mailto:krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local>

2019-11-16T16:23:24Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
567, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
557, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", 
line 656, in request_service_keytab
    timeout=api.env.replication_wait_timeout
  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 209, in wait_for_entry
    connection, dn
NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local

2019-11-16T16:23:24Z DEBUG   [error] NotFound: wait_for_entry timeout on 
ldap://ipa01.fbog.local:389 for 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
2019-11-16T16:23:24Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, 
in run
    return cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, 
in run
    return self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, 
in execute
    for rval in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, 
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, 
in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, 
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, 
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, 
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, 
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, 
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, 
in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, 
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, 
in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", 
line 629, in main
    replica_install(self)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 408, in decorated
    func(installer)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 1507, in install
    fstore=fstore)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", 
line 175, in install_http
    subject_base=config.subject_base, master_fqdn=config.master_host_name)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", 
line 188, in create_instance
    self.start_creation()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
567, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
557, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", 
line 656, in request_service_keytab
    timeout=api.env.replication_wait_timeout
  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 209, in wait_for_entry
    connection, dn

2019-11-16T16:23:24Z DEBUG The ipa-replica-install command failed, exception: 
NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
2019-11-16T16:23:24Z ERROR wait_for_entry timeout on 
ldap://ipa01.fbog.local:389 for 
krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local

Not sure where to go from here.  Did I leave out some declaration or 
specification on the initial command?

Steven Auerbach
Assistant Director of Information Systems
Information Technology & Security

State University System of Florida
Board of Governors
325 W. Gaines Street
Tallahassee, Florida 32399
(850) 245-9592
www.flbog.edu<http://www.flbog.edu/>
[Graphic for Email]

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] ipa-replica-install latest failure attempt:

Reply via email to