Hi Petr,

Yes definitely using IPA 3.0 packages as per the package details provided 
earlier.

The following code is present in the replica installer script:
------------------------------------------------------------------------------------------------------------
    # Try out the password
    ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
    try:
        conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
        conn.connect(bind_dn=DN(('cn', 'directory manager')),
                     bind_pw=config.dirman_password,
                     tls_cacertfile=CACERT)
        replman = ReplicationManager(config.realm_name, config.master_host_name,
                                     config.dirman_password)
        found = False
        try:
            entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], 
DN(api.env.container_host, api.env.basedn))
            print "The host %s already exists on the master server.\nYou should 
remove it before proceeding:" % host
            print "    %% ipa host-del %s" % host
            found = True
        except errors.NotFound:
            pass
        try:
            (agreement_cn, agreement_dn) = replman.agreement_dn(host)
            entry = conn.get_entry(agreement_dn, ['*'])
            print "A replication agreement for this host already exists. It 
needs to be removed. Run this on the master that generated the info file:"
            print "    %% ipa-replica-manage del %s --force" % host
            found = True
        except errors.NotFound:
            pass
        if found:
            sys.exit(3)
    except errors.ACIError:
        sys.exit("\nThe password provided is incorrect for LDAP server %s" % 
config.master_host_name)
    except errors.LDAPError:
        sys.exit("\nUnable to connect to LDAP server %s" % 
config.master_host_name)
    finally:
        if conn and conn.isconnected():
            conn.disconnect()
        if replman and replman.conn:
            replman.conn.unbind_s()
------------------------------------------------------------------------------------------------------------

The background to this problem is that we have 6 x IPA servers, 2 each in 3 x 
DCs.

In one DC we had a problem with storage which messed up the 2 IPAs, 1 of which 
was the master from which replicas were originally taken.

After promoting a good IPA box in another DC(as per 
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html)
 I cannot now create new replicas to replace the two which were messed up.

But when trying to install them I am getting the error "UnboundLocalError: 
local variable 'replman' referenced before assignment".

Regards,
Suhail Choudhury.
DevOps | Recommendations Team | BSkyB


________________________________________
From: Petr Viktorin [pvikt...@redhat.com]
Sent: 15 July 2014 14:59
To: freeipa-users@redhat.com; Choudhury, Suhail
Subject: Re: [Freeipa-users] IPA Replica Install Failing with 
"UnboundLocalError: local variable 'replman' referenced before assignment"

You say you are using the IPA 3.0 packages. Are you sure?

The "UnboundLocalError" should have been fixed in IPA 3.0.0 (as a side
effect of fixing https://fedorahosted.org/freeipa/ticket/2845 )

I checked the CentOS 3.5 srpm, and the fix is there. Yet it is missing
from the source you quote below.


On 07/15/2014 03:25 PM, Choudhury, Suhail wrote:
> FYI,
>
> These are IPA replicas being re-added.
>
> I removing these replman lines in the installer script:

What do you mean by "Removing the replman lines"? Is this quote from
before or after you removed them?

> ------------------------------------------------------------------------------------------------------------
>      # Try out the password
>      ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
>      try:
>          conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
>          conn.connect(bind_dn=DN(('cn', 'directory manager')),
>                       bind_pw=config.dirman_password,
>                       tls_cacertfile=CACERT)
>          replman = ReplicationManager(config.realm_name,
> config.master_host_name,
>                                       config.dirman_password)
>          found = False
>          try:
>              entry = conn.find_entries(u'fqdn=%s' % host, ['dn',
> 'fqdn'], DN(api.env.container_host, api.env.basedn))
>              print "The host %s already exists on the master
> server.\nYou should remove it before proceeding:" % host
>              print "    %% ipa host-del %s" % host
>              found = True
>          except errors.NotFound:
>              pass
>          try:
>              (agreement_cn, agreement_dn) = replman.agreement_dn(host)
>              entry = conn.get_entry(agreement_dn, ['*'])
>              print "A replication agreement for this host already
> exists. It needs to be removed. Run this on the master that generated
> the info file:"
>              print "    %% ipa-replica-manage del %s --force" % host
>              found = True
>          except errors.NotFound:
>              pass
>          if found:
>              sys.exit(3)
>      except errors.ACIError:
>          sys.exit("\nThe password provided is incorrect for LDAP server
> %s" % config.master_host_name)
>      except errors.LDAPError:
>          sys.exit("\nUnable to connect to LDAP server %s" %
> config.master_host_name)
>      finally:
>          if conn and conn.isconnected():
>              conn.disconnect()
>          if replman and replman.conn:
>              replman.conn.unbind_s()
> ------------------------------------------------------------------------------------------------------------
>
>
> and then ran the install again but it is now failing on:
> ------------------------------------------------------------------------------------------------------------
> ipa         : DEBUG    stderr=
> ipa         : DEBUG    wait_for_open_ports: localhost [9180, 9443, 9444]
> timeout 120
> ipa         : INFO       File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
> line 614, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-replica-install", line 433, in main
>      install_dns_records(config, options)
>
>    File "/usr/sbin/ipa-replica-install", line 251, in install_dns_records
>      dm_password=config.dirman_password):
>
>    File
> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
> line 192, in dns_container_exists
>      raise RuntimeError('LDAP server on %s is not responding. Is IPA
> installed?' % fqdn)
>
> ipa         : INFO     The ipa-replica-install command failed,
> exception: RuntimeError: LDAP server on ipabox1.domain.com is not
> responding. Is IPA installed?
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> LDAP server on ipabox1.domain.com is not responding. Is IPA installed?
> ------------------------------------------------------------------------------------------------------------
>
>
> However LDAP ports on the IPA master are working and accessible(checked
> using telnet and ldapsearch).
>
> Regards,
> Suhail Choudhury.
> *DevOps | Recommendations Team | BSkyB*
>
> ------------------------------------------------------------------------
> *From:* freeipa-users-boun...@redhat.com
> [freeipa-users-boun...@redhat.com] on behalf of Choudhury, Suhail
> [suhail.choudh...@bskyb.com]
> *Sent:* 15 July 2014 10:52
> *To:* freeipa-users@redhat.com
> *Subject:* [Freeipa-users] IPA Replica Install Failing with
> "UnboundLocalError: local variable 'replman' referenced before assignment"
>
> Hi,
>
> I'm trying to install some new IPA replicas but getting this
> installation error:
> --------------------------------------------------------------------------------------------------------------------------
> ipa         : DEBUG    importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py'
> ipa         : DEBUG    importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
> ipa         : DEBUG    importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py'
> ipa         : DEBUG    importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py'
> ipa         : DEBUG    importing plugin module
> '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py'
> ipa         : DEBUG    ds group dirsrv exists
> ipa         : DEBUG    Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> ipa         : INFO       File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
> line 614, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-replica-install", line 458, in main
>      if replman and replman.conn:
>
> ipa         : INFO     The ipa-replica-install command failed,
> exception: UnboundLocalError: local variable 'replman' referenced before
> assignment
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Unexpected error - see /var/log/ipareplica-install.log for details:
> UnboundLocalError: local variable 'replman' referenced before assignment
> --------------------------------------------------------------------------------------------------------------------------
>
>
> These are the relevant lines in "ipa-replica-install":
> --------------------------------------------------------------------------------------------------------------------------
>          except errors.NotFound:
>              pass
>          if found:
>              sys.exit(3)
>      except errors.ACIError:
>          sys.exit("\nThe password provided is incorrect for LDAP server
> %s" % config.master_host_name)
>      except errors.LDAPError:
>          sys.exit("\nUnable to connect to LDAP server %s" %
> config.master_host_name)
>      finally:
>          if conn and conn.isconnected():
>              conn.disconnect()
>          if replman and replman.conn:
>              replman.conn.unbind_s()
> --------------------------------------------------------------------------------------------------------------------------
>
>
> This is on a freshly installed and updated CentOS release 6.5 (Final)
> box running "2.6.32-431.20.3.el6.x86_64" kernel, SELinux disabled and
> with the following IPA packages:
>
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-python-3.0.0-37.el6.x86_64
> ipa-client-3.0.0-37.el6.x86_64
> ipa-admintools-3.0.0-37.el6.x86_64
> ipa-server-selinux-3.0.0-37.el6.x86_64
> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> libipa_hbac-1.9.2-129.el6_5.4.x86_64
> ipa-server-3.0.0-37.el6.x86_64
> python-iniparse-0.3.1-2.1.el6.noarch
>
>
> Any help/ideas much appreciated.
>

--
PetrĀ³
Information in this email including any attachments may be privileged, 
confidential and is intended exclusively for the addressee. The views expressed 
may not be official policy, but the personal views of the originator. If you 
have received it in error, please notify the sender by return e-mail and delete 
it from your system. You should not reproduce, distribute, store, retransmit, 
use or disclose its contents to anyone. Please note we reserve the right to 
monitor all e-mail communication through our internal and external networks. 
SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and 
Sky International AG and are used under licence. British Sky Broadcasting 
Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration 
No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) 
are direct or indirect subsidiaries of British Sky Broadcasting Group plc 
(Registration No. 2247735). All of the companies mentioned in this paragraph 
are incorporated in England and Wales and share the same registered office at 
Grant Way, Isleworth, Middlesex TW7 5QD.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to