On 05/21/2014 09:12 AM, Davis Goodman wrote: > > > > > On May 21, 2014, at 2:45 , Martin Kosek <mko...@redhat.com> wrote: > >> On 05/21/2014 08:36 AM, Davis Goodman wrote: >>> Hi, >>> >>> Lately I’ve been having issues of replication between my server and my 2 >>> replicas. >>> >>> I decided I was going to delete my 2 replicas and start over keeping my >>> master intact. >>> >>> I wasn`t successfull in getting all 3 servers to replicate to each other. ( >>> it used to work) >>> >>> I tried deleting 1 replica after the other one to always keep one of the >>> two available. >>> >>> I had to delete manually the replica host on the master with a bunch of >>> ldapdelete command which worked fine. >>> >>> But after many unsuccessful trials of getting everyone to sync I decided to >>> delete my two replicas. >>> >>> I went back to my master to use the ldapdelete to remove both host`s >>> records so that I could start over. >>> >>> Unfortunately now I’m getting this error. >>> >>> ldapdelete -x -D "cn=Directory Manager" -W >>> cn=DNS,cn=freeipa02.mtl.domain.int,cn=masters,cn=ipa,cn=etc,dc=domain,dc=int >>> Enter LDAP Password: >>> ldap_delete: Server is unwilling to perform (53) >>> additional info: database is read-only >>> >>> >>> >>> I’m kinda stuck now with no replicas and no DNS. I could restore the backup >>> prior to the start of the operation but with a master in read-only mode it >>> wouldn’t of much help. >>> >>> Any insights would be more than welcome. >>> >>> >>> Davis >> >> Hi Davis, did maybe some of your ipa-replica-manage crashed in a middle of an >> operation or an upgrade was interrupted and left the database put in read >> only >> mode? >> >> You can find out with this ldapsearch: >> >> ldapsearch -h `hostname` -D "cn=Directory Manager" -x -w kokos123 -b >> 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config' -s base >> >> Check for nsslapd-readonly, it should be put to "off" in normal operation. >> >> Martin > Ok finally managed to modify the read-only flag. > > Could prepare my replicas and get them going. > > Everything seems fine but I’m getting this error while setting up the > replicas. Should I be concerned about this one: > > Update in progress > Update in progress > Update in progress > Update in progress > Update in progress > Update in progress > Update succeeded > [23/31]: adding replication acis > [24/31]: setting Auto Member configuration > [25/31]: enabling S4U2Proxy delegation > ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command > '/usr/bin/ldapmodify -v -f /tmp/tmplpfMNG -H > ldap://freeipa02.mtl.ddistrict.int:389 -x -D cn=Directory Manager -y > /tmp/tmp4Svn9k' returned non-zero exit status 20 > [26/31]: initializing group membership > [27/31]: adding master entry > [28/31]: configuring Posix uid/gid generation > > > > the rest seems to work fine.
You need to check ipareplica-install.log to see the real error. I wonder if "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,YOUR-SUFFIX" and "cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,YOUR-SUFFIX" exist. Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users