george he wrote:
Hello,
I re-installed fedora 17 on my machine, did "yum update", and then tried
to install ipa-replica on myreplica.  I got the same error message as
before:

# ipa-replica-install --setup-ca /var/lib/ipa/replica-info-myreplica.gpg
[24/30]: enabling S4U2Proxy delegation
ipa         : CRITICAL Failed to load replica-s4u2proxy.ldif: Command
'/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpj3jpOC -x -D
cn=Directory Manager -y /tmp/tmpXfgq7D' returned non-zero exit status 1
   [25/30]: initializing group membership
   [26/30]: adding master entry
ipa         : CRITICAL Failed to load master-entry.ldif: Command
'/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpjAXJjq -x -D
cn=Directory Manager -y /tmp/tmpHEZmhv' returned non-zero exit status 1
   [27/30]: configuring Posix uid/gid generation

creation of replica failed: entry=dn:
cn=CA,cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu
cn: CA
ipaconfigstring: enabledService
ipaconfigstring: startOrder 50
objectclass: nsContainer
objectclass: ipaConfigObject

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

The same error message was displayed after running
/usr/sbin/ipa-server-install --uninstall
and then re-run the installation. Here is what at the end of
/var/log/ipareplica-install.log:

   File "/sbin/ipa-replica-install", line 494, in <module>
     main()

   File "/sbin/ipa-replica-install", line 437, in main
util.realm_to_suffix(config.realm_name))

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 311, in ldap_enable
     self.admin_conn.addEntry(entry)

   File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
496, in addEntry
     self.__handle_errors(e, arg_desc=arg_desc)

   File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
312, in __handle_errors
     raise errors.NotFound(reason=arg_desc)

Any suggestions?

It would appear the previous uninstall didn't remove the CA. Did you have to run pkiremove in order to get the CA to install the second go-around?

What I would do is do the uninstall again. Do an ldapsearch on cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu on another master and confirm that it is empty. If it isn't then use ldapdelete to remove that entry and its children.

Then verify that the CA is gone, see if /var/lib/pki-ca exists. If it does use pkiremove to delete the instance.

I think the next install will work. I believe the replica-s4u2proxy failure can be ignored, we have a ticket open on that.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to