Re: ipa-replica-install latest failure attempt:
by Rob Crittenden
Auerbach, Steven via FreeIPA-users wrote:
> Executed ipa-replica-prepare on an RHEL 6.9 server running ipa-server
> 3.0.0.1_51 (name : ipa01)
>
> Yum installed ipa-server, ipa-server-dns, bind-dyndb-ldap on the target
> Linux 7.6 server (name: ipa04)
>
> Copied the file to the target server to which ipa-server 4.6.5-11.0.1 is
> installed (ipa04)
>
> Copied the file :/usr/share/ipa/copy-schema-to-ca.py from ipa v4.6
> server to the ipa v3.0 server and executed it successfully.
>
> Edited the /etc/resolv.con on ipa04 to include ipa01. Did not reboot.
>
> Executed ipa-replica-install --setup-dns --forwarder=8.8.8.8 --setup-ca
> /var/lib/ipa/replica-info-ipa04.fbog.local.gpg (on ipa04)
>
>
> 2019-11-16T16:23:24Z DEBUG The ipa-replica-install command failed,
> exception: NotFound: wait_for_entry timeout on
> ldap://ipa01.fbog.local:389 for
> krbprincipalname=HTTP/ipa04.fbog.local(a)FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
>
> 2019-11-16T16:23:24Z ERROR wait_for_entry timeout on
> ldap://ipa01.fbog.local:389 for
> krbprincipalname=HTTP/ipa04.fbog.local(a)FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
>
>
>
> Not sure where to go from here. Did I leave out some declaration or
> specification on the initial command?
The problem isn't in the command invocation, replication is just slow
enough for some reason that the new principal(s) weren't replicated to
the existing master.
I seem to recall a 389-ds option to mitigate this but I can't remember
it off the to of my head (or maybe it isn't applicable for RHEL 6
master). cc'ing someone who would know.
rob
4 years, 4 months
