I am out of options here when trying to promote the client to the replica on CentOS 8 Stream. Any guidance will be really helpful.
[root@ipa02 ~]# ipa-replica-install--skip-conncheck Disabled p11-kit-proxy Configuring directory server (dirsrv). Estimated time: 30 SeCo [1/38]: creating directory server instance Validate installation settings Create file system structures Perform SELinux labeling ... Create database backend: dc=mydomain, dc=com Perform post-installation tasks [2/38]: tune 1dbm plugin [3/38]: adding default schema [4/38]: enabling memberof plugin [5/38]: enabling winsync plugin [6/38]: configure password logging [7/38]: configuring replication version plugin [8/38]: enabling IPA enrollment plugin [9/38]: configuring uniqueness plugin [10/38]: configuring uuid plugin [11/38]: configuring modrdn plugin [12/38]: configuring DNS plugin [13/38]: enabling entryUSN plugin [14/38]: configuring lockout plugin [15/38]: configuring topology plugin [16/38]: creating indices [17/38]: enabling referential integrity plugin [18/38]: configuring certmap. conf [19/38]: configure new location for managed entries [20/38]: configure dirsrv cache and keytab [21/38]: enabling SAL mapping fallback [22/38]: restarting directory server [23/38]: creating DS keytab [24/38]: ignore time skew for initial replication [25/38]: setting up initial replication Starting replication, please wait until this has completed [error] SERVER_DOWN: {'result': -1, "desC. "Can't contact DAP server Your system may be partly configured. Run /usr/sbin/ipa-server-install--uninstalltocleanup {'result': -1, "desc’: "Can't contact LDAP server” errno': 4. 'ctrls': Ll, L, 'into': 'Interrupted system call’} Your system may be partly configured. Run /usr/sbin/ipa-server-install--uninstalltocleanup {'result': -1, "desc’: "Can't contact LDAP server”, 'errno': 4. 'ctrls': Ll, ‘info’: ‘Interrupted system call’} The ipa-replica-install command failed. See /var/log/ipareplica-install.log
Yannick Djomo via FreeIPA-users wrote:
I am out of options here when trying to promote the client to the replica on CentOS 8 Stream. Any guidance will be really helpful.
[root@ipa02 ~]# ipa-replica-install--skip-conncheck Disabled p11-kit-proxy Configuring directory server (dirsrv). Estimated time: 30 SeCo [1/38]: creating directory server instance Validate installation settings Create file system structures Perform SELinux labeling ... Create database backend: dc=mydomain, dc=com Perform post-installation tasks [2/38]: tune 1dbm plugin [3/38]: adding default schema [4/38]: enabling memberof plugin [5/38]: enabling winsync plugin [6/38]: configure password logging [7/38]: configuring replication version plugin [8/38]: enabling IPA enrollment plugin [9/38]: configuring uniqueness plugin [10/38]: configuring uuid plugin [11/38]: configuring modrdn plugin [12/38]: configuring DNS plugin [13/38]: enabling entryUSN plugin [14/38]: configuring lockout plugin [15/38]: configuring topology plugin [16/38]: creating indices [17/38]: enabling referential integrity plugin [18/38]: configuring certmap. conf [19/38]: configure new location for managed entries [20/38]: configure dirsrv cache and keytab [21/38]: enabling SAL mapping fallback [22/38]: restarting directory server [23/38]: creating DS keytab [24/38]: ignore time skew for initial replication [25/38]: setting up initial replication Starting replication, please wait until this has completed [error] SERVER_DOWN: {'result': -1, "desC. "Can't contact DAP server Your system may be partly configured. Run /usr/sbin/ipa-server-install--uninstalltocleanup {'result': -1, "desc’: "Can't contact LDAP server” errno': 4. 'ctrls': Ll, L, 'into': 'Interrupted system call’} Your system may be partly configured. Run /usr/sbin/ipa-server-install--uninstalltocleanup {'result': -1, "desc’: "Can't contact LDAP server”, 'errno': 4. 'ctrls': Ll, ‘info’: ‘Interrupted system call’} The ipa-replica-install command failed. See /var/log/ipareplica-install.log
IIm guessing it's related to your skipping the connection check. Seems your replica cannot contact the other server so check with firewalls on the systems and/or the network.
rob
Hello Rob,
Thank you for your response. I have checked my firewall, and yes it is on; however, I have added my replica ipa to the rules and the communication was successful. Is there any other suggestion from here? Best, Yannick Djomo.
Yannick Djomo via FreeIPA-users wrote:
Hello Rob,
Thank you for your response. I have checked my firewall, and yes it is on; however, I have added my replica ipa to the rules and the communication was successful. Is there any other suggestion from here?
I'm not sure what you're asking but if it's failing in a new way we'd need to see the log to determine what is going on. I'd recommend not running with --skip-conncheck.
rob
Yes I have tried running with skip-conncheck, but it says that there is a failed to connect. I can rerun again, and send you few lines from the log to check it out.
Thank you.
Hi Rob,
I tried to rerun the process by skipping the conncheck argument, but there is an error saying that the
[root@ipa02 ~]# ipa-replica-install Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
A replication agreement for this host already exists. It needs to be removed. Run this command: %% ipa-replica-manage del ipa02.mydomain.com --force The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
When I run the command: * ipa-replica-manage list, the replica is not showing on the list; therefore, when I run the command 'pa-replica-manage del ipa02.mydomain.com --force' the host is not found.
My question will be what is the way to remove it then? Any suggestion?
Also I did the clean up twice.
Thank you in advance.
Regards, Yannick.
Yannick Djomo via FreeIPA-users wrote:
Hi Rob,
I tried to rerun the process by skipping the conncheck argument, but there is an error saying that the
[root@ipa02 ~]# ipa-replica-install Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
A replication agreement for this host already exists. It needs to be removed. Run this command: %% ipa-replica-manage del ipa02.mydomain.com --force The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
When I run the command:
- ipa-replica-manage list, the replica is not showing on the list; therefore, when I run the command 'pa-replica-manage del ipa02.mydomain.com --force' the host is not found.
My question will be what is the way to remove it then? Any suggestion?
Also I did the clean up twice.
You run this command on the server it created the agreement with. Not on the server with the failed replica install.
rob
Yes that was ran this command 'ipa-replica-manage list' on the server ipa, but it doesnt show the ipa02 as a replica.
Yannick Djomo via FreeIPA-users wrote:
Yes that was ran this command 'ipa-replica-manage list' on the server ipa, but it doesnt show the ipa02 as a replica.
Please provide more details on what you are doing.
ipa-replica-manage del <fqdn> --force --cleanup should do it.
It not showing up in list shouldn't matter.
Otherwise you'll need to look in cn=mapping tree, cn=config to see if there is an agreement. Those new to LDAP tend to find graphical tools easier to manage than ldapsearch (cn=config may need to be typed in directly as the base dn IIRC).
rob
freeipa-users@lists.fedorahosted.org