On 02/24/2012 03:23 PM, Dan Scott wrote:
On Fri, Feb 24, 2012 at 15:47, Rich Megginson<rmegg...@redhat.com>  wrote:
On 02/24/2012 09:45 AM, Dan Scott wrote:
Hi,

I have another replica install problem.

I ran into some issues a couple of weeks ago when
389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
sure I have some good replicas before I go any further.
I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing
OK, this seems to be working well. I'll run it for a few days and then
I'll think about updating the server which is running the old version.

I'm trying to create a new replica from a fresh install so that I have
a new master and can wipe and re-install the old master.

When I try to create the replica, I receive the following:

Configuring directory server: Estimated time 1 minute
   [1/29]: creating directory server user
   [2/29]: creating directory server instance
   [3/29]: adding default schema
   [4/29]: enabling memberof plugin
   [5/29]: enabling referential integrity plugin
   [6/29]: enabling winsync plugin
   [7/29]: configuring replication version plugin
   [8/29]: enabling IPA enrollment plugin
   [9/29]: enabling ldapi
   [10/29]: configuring uniqueness plugin
   [11/29]: configuring uuid plugin
   [12/29]: configuring modrdn plugin
   [13/29]: enabling entryUSN plugin
   [14/29]: configuring lockout plugin
   [15/29]: creating indices
   [16/29]: configuring ssl for ds instance
   [17/29]: configuring certmap.conf
   [18/29]: configure autobind for root
   [19/29]: configure new location for managed entries
   [20/29]: restarting directory server
   [21/29]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
   [22/29]: adding replication acis
root        : CRITICAL Failed to load replica-acis.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z
-x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit
status 255
   [23/29]: setting Auto Member configuration
root        : CRITICAL Failed to load replica-automember.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X
-x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit
status 255
   [24/29]: initializing group membership
root        : CRITICAL Failed to load memberof-task.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5
-x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit
status 255
creation of replica failed: {'desc': "Can't contact LDAP server"}

Your system may be partly configured.

The /var/log/ipareplica-install.log contains the following:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

(once for each of the 3 critical errors above). So I guess there's a
problem (re)starting LDAP, or it crashes?
Looks like a crash.

The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are:

[24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was
840777728 and is now 8000000
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
This means it crashed.

[24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment
[24/Feb/2012:10:29:59 -0500] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will
not take effect until the server is restarted
[24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute
"nsslapd-security"
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation
threads
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1
thread to terminate
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down
internal subsystems and plugins
[24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop
[24/Feb/2012:10:30:13 -0500] - All database threads now stopped
[24/Feb/2012:10:30:13 -0500] - slapd stopped.
[24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher AES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES
successfully generated and stored
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher 3DES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher 3DES
successfully generated and stored
[24/Feb/2012:10:30:14 -0500] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[24/Feb/2012:10:30:14 -0500] - Listening on All Interfaces port 636
for LDAPS requests
[24/Feb/2012:10:30:18 -0500] NSMMReplicationPlugin -
agmt="cn=meTofileserver1.example.com" (fileserver1:389): Replica has a
different generation ID than the local data.
[24/Feb/2012:10:30:18 -0500] NSMMReplicationPlugin -
repl_set_mtn_referrals: could not set referrals for replica
dc=example,dc=com: 20
[24/Feb/2012:10:30:18 -0500] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is going
offline; disabling replication

Any ideas?
389-ds-base-1.2.10.2 fixes some of the crashing issues seen with rc1, .0,
and .1.
Thanks, any idea when it will be released?
As soon as it gets enough karma (hint, hint) in the Fedora updates system.
https://admin.fedoraproject.org/updates/389-ds-base-1.2.10.2-1.fc16
Thanks,

Dan

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to