[Freeipa-users] freeipa replication
Rob Crittenden
rcritten at redhat.com
Mon Jan 4 17:01:20 UTC 2010
John Robert Mendoza wrote:
> Finally I made it work!
>
> I had to manually install the CA certificate and the server certificate
> to the database. As for the replica machine, all I had to do was to add
> the main IPA machine and the replica machines entry to the /etc/hosts file.
>
> Thanks to all!
Great, glad you got it working.
Are there any take-aways we can get from this process? A FAQ entry, a
bug to file? Can you provide some more detail on what you had to do?
Which database did you have to manually update?
It definitely shouldn't be this hard to set up a replica :-)
thanks
rob
>
> John Robert Mendoza
>
> --- On *Tue, 12/15/09, John Robert Mendoza /<jrobertm8 at yahoo.com>/* wrote:
>
>
> From: John Robert Mendoza <jrobertm8 at yahoo.com>
> Subject: Re: [Freeipa-users] freeipa replication
> To: "Rob Crittenden" <rcritten at redhat.com>
> Cc: freeipa-users at redhat.com
> Date: Tuesday, 15 December, 2009, 6:13 PM
>
> I did this to install the master server. Before even making a replica.
>
> John Robert Mendoza
>
> --- On *Tue, 12/15/09, John Robert Mendoza /<jrobertm8 at yahoo.com>/*
> wrote:
>
>
> From: John Robert Mendoza <jrobertm8 at yahoo.com>
> Subject: Re: [Freeipa-users] freeipa replication
> To: "Rob Crittenden" <rcritten at redhat.com>
> Cc: freeipa-users at redhat.com
> Date: Tuesday, 15 December, 2009, 5:55 PM
>
> Hi Rob,
>
> Just to let you know, I tried to again reproduce the
> installation. I did a clean install of Fedora 11 on a machine
> and updated it using yum. Then I tried to install FreeIPA on it.
> But strangely I had a harder time doing it. It again outputs an
> error complaing about not being able to contact itself.
>
> here is the ipaserver-install log
>
> 2009-12-15 20:19:51,187 DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2009-12-15 20:19:51,196 CRITICAL Could not connect to the
> Directory Server on id.example.net
> 2009-12-15 20:19:51,204 DEBUG {'desc': "Can't contact LDAP server"}
> File "/usr/sbin/ipa-server-install", line 609, in <module>
> sys.exit(main())
>
> File "/usr/sbin/ipa-server-install", line 509, in main
> krb.create_instance(ds_user, realm_name, host_name,
> domain_name, dm_password, master_password)
>
> File
> "/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py",
> line 135, in create_instance
> self.__common_setup(ds_user, realm_name, host_name,
> domain_name, admin_password)
>
> File
> "/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py",
> line 119, in __common_setup
> raise e
>
> TIA.
>
> John Robert Mendoza
>
> --- On *Sat, 12/12/09, Rob Crittenden /<rcritten at redhat.com>/*
> wrote:
>
>
> From: Rob Crittenden <rcritten at redhat.com>
> Subject: Re: [Freeipa-users] freeipa replication
> To: "John Robert Mendoza" <jrobertm8 at yahoo.com>
> Cc: freeipa-users at redhat.com
> Date: Saturday, 12 December, 2009, 2:50 AM
>
> John Robert Mendoza wrote:
> > Rob,
> >
> > I'm using freeipa 1.2.2 on a fedora 11 machine. I have
> successfully configured it for authentication for our
> services but the lack of replication makes it vulnerable for
> unavailability and downtime.
> > It's complaining about the replica server not being able
> to contact the ldap server.
> >
> > This can be reproduced by:
> >
> > 1. Clean install fedora 11
> > 2. Install the ipa packages
> > 3. Clean install fedora 11 on a "replica" server
> > 4. Install the ipa packages
> > 5. ipa-replica-prepare on the freeipa server
> > 6. ipa-replica-install on the replica
> >
> > note: both machines have DNS records.
> >
> > TIA
> >
>
> Ok, strange. On the replica server can you do something like:
>
> % ldapsearch -x -h ipa.example.com -p 389 -b
> "dc=example,dc=com" uid=admin
>
> That will confirm that the ports are available.
>
> Can you provide the ipareplica-install.log?
>
> rob
>
>
> ------------------------------------------------------------------------
> Surf faster.
> <http://us.lrd.yahoo.com/_ylc=X3oDMTFnNHZxc2k1BHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMDM0NjUEdG1fbmV0A1lhaG9vIQ--/SIG=11k7khaee/**http%3A//downloads.yahoo.com/sg/internetexplorer/>
> Internet Explorer 8 optmized for Yahoo! auto launches 2 of your
> favorite pages everytime you open your browser.Get IE8 here!
> (It's free)
> <http://us.lrd.yahoo.com/_ylc=X3oDMTFnNHZxc2k1BHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMDM0NjUEdG1fbmV0A1lhaG9vIQ--/SIG=11k7khaee/**http%3A//downloads.yahoo.com/sg/internetexplorer/>
>
>
> ------------------------------------------------------------------------
> New Email addresses available on Yahoo!
> <http://sg.rd.yahoo.com/ph/mail/domainchoice/mail/signature/*http://mail.promotions.yahoo.com/newdomains/ph/>
>
> Get the Email name you've always wanted on the new @ymail and
> @rocketmail.
> Hurry before someone else does!
>
> -----Inline Attachment Follows-----
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com </mc/compose?to=Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> ------------------------------------------------------------------------
> New Email addresses available on Yahoo!
> <http://sg.rd.yahoo.com/ph/mail/domainchoice/mail/signature/*http://mail.promotions.yahoo.com/newdomains/ph/>
>
> Get the Email name you've always wanted on the new @ymail and @rocketmail.
> Hurry before someone else does!
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list