On 06/01/18 19:54, lejeczek via FreeIPA-users wrote:
hi
I'm trying to install replica, process fails: .. [3/5]: creating anonymous principal [4/5]: starting the KDC [5/5]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) Your system may be partly configured. .. -- end
and in intall log file: .. 2018-01-06T13:50:29Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -A -n PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt 2018-01-06T13:50:29Z DEBUG Process finished, return code=0 2018-01-06T13:50:29Z DEBUG stdout= 2018-01-06T13:50:29Z DEBUG stderr= 2018-01-06T13:50:30Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1) 2018-01-06T13:50:35Z DEBUG certmonger request is in state dbus.String(u'CA_UNREACHABLE', variant_level=1) 2018-01-06T13:50:35Z DEBUG Traxx.ck (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 824, in __enable_ssl post_command=cmd) File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 317, in request_and_wait_for_cert raise RuntimeError("Certificate issuance failed ({})".format(state)) RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
2018-01-06T13:50:35Z DEBUG [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) 2018-01-06T13:50:35Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site- ... -- end
Would this be that new candidate's problem or some communication issues with existing server? Client installed (kind of)okey though. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
I might have missed this(if reveals some more?) in dirsrv on "working" newly installed server, at the time of - ipa-replica-install --no-ntp ... Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Server dirsrv errors log file: ... [11/Jan/2018:11:42:49.118819569 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete. Result 0 (Success) [11/Jan/2018:11:42:49.120916672 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding the replication changelog RUV, this may take several minutes... [11/Jan/2018:11:42:49.122618751 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete. Result 0 (Success) [11/Jan/2018:11:42:49.219688584 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=104 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:42:49.242628179 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=105 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:42:50.789296435 +0000] - INFO - NSMMReplicationPlugin - repl5_tot_run - Beginning total update of replica "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". [11/Jan/2018:11:42:50.793594364 +0000] - NOTICE - NSMMReplicationPlugin - replica_subentry_check - Need to create replication keep alive entry <cn=repl keep alive 4,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x> [11/Jan/2018:11:42:50.795313633 +0000] - INFO - NSMMReplicationPlugin - replica_subentry_create - add dn: cn=repl keep alive 4,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x objectclass: top objectclass: ldapsubentry objectclass: extensibleObject cn: repl keep alive 4 [11/Jan/2018:11:42:53.955962624 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=106 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:42:55.159161994 +0000] - INFO - NSMMReplicationPlugin - repl5_tot_run - Finished total update of replica "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". Sent 471 entries. [11/Jan/2018:11:42:56.970750501 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=106 op=6 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:02.041747211 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=5 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:05.054749534 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=6 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:11.099143389 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=7 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:23.153766360 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=9 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied [11/Jan/2018:11:43:47.262418191 +0000] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=107 op=11 replica="dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x": Unable to acquire replica: error: permission denied
Does above help to explain as what might be wrong? many thanks, L.