Executed ipa-replica-prepare on an RHEL 6.9 server running ipa-server 3.0.0.1_51 (name : ipa01) Yum installed ipa-server, ipa-server-dns, bind-dyndb-ldap on the target Linux 7.6 server (name: ipa04) Copied the file to the target server to which ipa-server 4.6.5-11.0.1 is installed (ipa04) Copied the file :/usr/share/ipa/copy-schema-to-ca.py from ipa v4.6 server to the ipa v3.0 server and executed it successfully. Edited the /etc/resolv.con on ipa04 to include ipa01. Did not reboot. Executed ipa-replica-install --setup-dns --forwarder=8.8.8.8 --setup-ca /var/lib/ipa/replica-info-ipa04.fbog.local.gpg (on ipa04)
Directory Manager (existing master) password:
Checking DNS forwarders, please wait ... Run connection check to master admin@FBOG.LOCAL password: Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 30 seconds [1/41]: creating directory server instance [2/41]: enabling ldapi [3/41]: configure autobind for root [4/41]: stopping directory server [5/41]: updating configuration in dse.ldif [6/41]: starting directory server [7/41]: adding default schema [8/41]: enabling memberof plugin [9/41]: enabling winsync plugin [10/41]: configuring replication version plugin [11/41]: enabling IPA enrollment plugin [12/41]: configuring uniqueness plugin [13/41]: configuring uuid plugin [14/41]: configuring modrdn plugin [15/41]: configuring DNS plugin [16/41]: enabling entryUSN plugin [17/41]: configuring lockout plugin [18/41]: configuring topology plugin [19/41]: creating indices [20/41]: enabling referential integrity plugin [21/41]: configuring certmap.conf [22/41]: configure new location for managed entries [23/41]: configure dirsrv ccache [24/41]: enabling SASL mapping fallback [25/41]: restarting directory server [26/41]: creating DS keytab [27/41]: ignore time skew for initial replication [28/41]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 3 seconds elapsed Update succeeded
[29/41]: prevent time skew after initial replication [30/41]: adding sasl mappings to the directory [31/41]: updating schema [32/41]: setting Auto Member configuration [33/41]: enabling S4U2Proxy delegation [34/41]: initializing group membership [35/41]: adding master entry [36/41]: initializing domain level [37/41]: configuring Posix uid/gid generation [38/41]: adding replication acis [39/41]: activating sidgen plugin [40/41]: activating extdom plugin [41/41]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc) [1/5]: configuring KDC [2/5]: adding the password extension to the directory [3/5]: creating anonymous principal [4/5]: starting the KDC [5/5]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [2/3]: importing CA certificates from LDAP [3/3]: restarting directory server Done configuring directory server (dirsrv). Configuring the web interface (httpd) [1/22]: stopping httpd [2/22]: setting mod_nss port to 443 [3/22]: setting mod_nss cipher suite [4/22]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2 [5/22]: setting mod_nss password file [6/22]: enabling mod_nss renegotiate [7/22]: disabling mod_nss OCSP [8/22]: adding URL rewriting rules [9/22]: configuring httpd [10/22]: setting up httpd keytab [error] NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR wait_for_entry timeout on ldap://ipa01.fbog.local:389 for krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Process works all the way down to configuring the HTTP Interface.
2019-11-16T16:18:24Z DEBUG stderr=Keytab successfully retrieved and stored in: /var/lib/ipa/gssproxy/http.keytab
2019-11-16T16:18:24Z DEBUG Waiting for replication (ldap://ipa01.fbog.local:389) krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local (objectclass=*) 2019-11-16T16:18:33Z DEBUG Still waiting for replication of krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=localmailto:krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
2019-11-16T16:23:24Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 656, in request_service_keytab timeout=api.env.replication_wait_timeout File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 209, in wait_for_entry connection, dn NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
2019-11-16T16:23:24Z DEBUG [error] NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local 2019-11-16T16:23:24Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 629, in main replica_install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 408, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1507, in install fstore=fstore) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 175, in install_http subject_base=config.subject_base, master_fqdn=config.master_host_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 188, in create_instance self.start_creation() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 656, in request_service_keytab timeout=api.env.replication_wait_timeout File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 209, in wait_for_entry connection, dn
2019-11-16T16:23:24Z DEBUG The ipa-replica-install command failed, exception: NotFound: wait_for_entry timeout on ldap://ipa01.fbog.local:389 for krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local 2019-11-16T16:23:24Z ERROR wait_for_entry timeout on ldap://ipa01.fbog.local:389 for krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local
Not sure where to go from here. Did I leave out some declaration or specification on the initial command?
Steven Auerbach Assistant Director of Information Systems Information Technology & Security
State University System of Florida Board of Governors 325 W. Gaines Street Tallahassee, Florida 32399 (850) 245-9592 www.flbog.eduhttp://www.flbog.edu/ [Graphic for Email]
freeipa-users@lists.fedorahosted.org