Michal Konecny via FreeIPA-users wrote: > Hi everyone, > > I recently tried to redeploy Fedora ipa staging replicas ipa02 and > ipa03. It finished successfully without any errors. Later I tried to add > a new group which ended up with
What does redeploy mean? There was an existing server 02 and 03 and you uninstalled them and re-installed for some reason? > ``` > ipa: ERROR: Operations error: Allocation of a new value for range > cn=posix ids,cn=distributed numeric assignment > plugin,cn=plugins,cn=config failed! Unable to proceed. > ``` > > So I continued with fixing the DNA ranges for ipa02.stg and ipa03.stg. > > ``` > [root@ipa01 ~][STG]# ipa-replica-manage dnarange-show > ipa01.stg.iad2.fedoraproject.org: 162861501-162862500 > ipa02.stg.iad2.fedoraproject.org: 162859501-162860000 > ipa03.stg.iad2.fedoraproject.org: 162860001-162861000 > ``` The range for 02 is different than the ranges for 01 and 03. That may not be the root cause but it would be a problem if it isn't in an IPA idrange. rob > But the user still can't be created with the same issue and in the > `/var/log/dirsrv/slapd-STG-FEDORAPROJECT-ORG/errors` I found this: > > ``` > [17/Oct/2024:13:24:53.387189861 +0000] - ERR - dna-plugin - > dna_get_remote_config_info - Using LDAP protocol, but the non-secure > port is not defined. > [17/Oct/2024:13:24:53.387866118 +0000] - ERR - dna-plugin - > dna_request_range: Unable to retrieve replica bind credentials. > [17/Oct/2024:13:24:59.981251454 +0000] - ERR - dna-plugin - > _dna_pre_op_add - Failed to allocate a new ID 1 > [17/Oct/2024:13:24:59.983529484 +0000] - ERR - > agmt="cn=meToipa02.stg.iad2.fedoraproject.org" (ipa02:389) - > clcache_load_buffer - Can't locate CSN 67110c31000100300000 in the > changelog (DB rc=-12797). If replication stops, the consumer may need to > be reinitialized. > [17/Oct/2024:13:24:59.984077706 +0000] - ERR - > agmt="cn=meToipa03.stg.iad2.fedoraproject.org" (ipa03:389) - > clcache_load_buffer - Can't locate CSN 67110c31000100300000 in the > changelog (DB rc=-12797). If replication stops, the consumer may need to > be reinitialized. > [17/Oct/2024:13:24:59.984613345 +0000] - ERR - ipa_sidgen_add_post_op - > [file ipa_sidgen.c, line 128]: Missing target entry. > ``` > > I did `ipa-manage-replica re-initializaze > --from=ipa01.stg.iad2.fedoraproject.org` on both ipa02 and ipa03, but > the issue is still there when trying to add new group. > > I'm not sure what to try next. Could somebody help me with it? > > Michal > > P.S.: The playbook that is deploying the IPA in Fedora - > https://pagure.io/fedora-infra/ansible/blob/main/f/roles/ipa/server > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
