Hey Adrian,
Not sure if it will resolve your problem, but have you tried to reinitialize the replica?
You can run this on the replica: # ipa-replica-manage re-initialize
--from=usuarios.ipa.server.com
I hope this help you.
Cheers,
Givaldo Lins
De: "Adrian HY via FreeIPA-users" <freeipa-users(a)lists.fedorahosted.org>
Para: freeipa-users(a)lists.fedorahosted.org
Cc: "Adrian HY" <ayeja153(a)gmail.com>
Enviadas: Segunda-feira, 12 de junho de 2017 9:05:03
Assunto: [Freeipa-users] Re: replication problem
Hi everybody, any suggestions regarding this problem?
On Sun, Jun 11, 2017 at 1:49 PM, Adrian HY < ayeja153(a)gmail.com > wrote:
I think I detected the problem. The error log in the replica writes:
[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length exceeds maximum
allowed limit (length=2483849, limit=2097152). Change the nsslapd-maxsasliosize attribute
in cn=config to increase limit.
[11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned
According this: (
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8....
)
"When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize limit, the
server immediately disconnects the client and logs a message to the error log, so that an
administrator can adjust the setting if necessary"
The problem now is how can I change the value of the attribute during replication.
Regards.
On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY < ayeja153(a)gmail.com > wrote:
BQ_BEGIN
Hi folks, I had a problem with replication and I tried to add the slave back to the
replica. The process stops in the initial replication phase.
The firewall and selinux are down and both servers are synchronized with the time.
Centos 7.3
Freeipa 4.4.0-14
Master error log:
11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Replication bind with
GSSAPI auth failed: LDAP error 49 (Invalid credentials) ()
[11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - Warning: unable to acquire
replica for total update, error: 49, retrying in 1 seconds.
[11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Replication bind with
GSSAPI auth resumed
[11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - Beginning total update of
replica "agmt="cn=
meTousuarios-replica.ipa.server.com "
(usuarios-replica:389)".
[11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Failed to send extended
operation: LDAP error -1 (Can't contact LDAP server)
[11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Received error -1
(Can't contact LDAP server): for total updat
e operation
[11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Warning: unable to send
endReplication extended operation (Can'
t contact LDAP server)
[11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - Total update failed for
replica "agmt="cn=
meTousuarios-replica.ipa.server.com "
(usuarios-replica:389)", error (-11)
[11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Replication bind with
GSSAPI auth resumed
[11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): The remote replica has
a different database generation ID than
the local database. You may have to reinitialize the remote replica, or the local replica.
[11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com " (usuarios-replica:389): The remote replica has
a different database generation ID than
the local database. You may have to reinitialize the remote replica, or the local replica.
Client ipareplica-install.log:
2017-06-11T05:24:24Z DEBUG stderr=
2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2017-06-11T05:24:24Z DEBUG flushing ldap:// usuarios.ipa.server.com:389 from SchemaCache
2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldap://
usuarios.ipa.server.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at
0x86909e0>
2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId.
2017-06-11T05:24:24Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
from SchemaCache
2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440>
2017-06-11T05:24:46Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449,
in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439,
in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
416, in __setup_replica
repl.setup_promote_replication(self.master_fqdn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line
1643, in setup_promote_replication
raise RuntimeError("Failed to start replication")
RuntimeError: Failed to start replication
2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to start replication
2017-06-11T05:24:46Z DEBUG Destroyed connection context.ldap2_101192976
2017-06-11T05:24:46Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in
run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in
run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in
execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in
__runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in
_handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in
__runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in
<lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in
_configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in
__runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in
_handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in
_handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in
_handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in
_handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in
__runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in
<lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in
_install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1722, in main
promote(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 372, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1423, in promote
promote=True, pkcs12_info=dirsrv_pkcs12_info)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 135, in install_replica_ds
api=remote_api,
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
401, in create_replica
self.start_creation(runtime=60)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449,
in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439,
in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
416, in __setup_replica
repl.setup_promote_replication(self.master_fqdn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line
1643, in setup_promote_replication
raise RuntimeError("Failed to start replication")
BQ_END
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org