On Wed, Jun 23, 2021, at 2:13 PM, Rob Crittenden wrote:
> Bret Wortman via FreeIPA-users wrote:
> >>
> >> [root@ipa2c7 ~]# ipa-replica-manage clean-ruv 5
> >> Directory Manager password:
> >>
> >> unable to decode: {replica 13} 60b907570001000d 60b907570001000d
> >> unable to decode:
Bret Wortman via FreeIPA-users wrote:
>>
>> [root@ipa2c7 ~]# ipa-replica-manage clean-ruv 5
>> Directory Manager password:
>>
>> unable to decode: {replica 13} 60b907570001000d 60b907570001000d
>> unable to decode: {replica 14} 60b923030002000e 60b923030002000e
>> unable to decode:
--
Bret Wortman
bret.wort...@damascusgrp.com
On Wed, Jun 23, 2021, at 6:27 AM, Bret Wortman via FreeIPA-users wrote:
> On Wed, Jun 23, 2021, at 5:27 AM, Bret Wortman via FreeIPA-users wrote:
> > Now, this morning, I've hit the wall on this yet again.
> >
> > [root@ipa2c7 ~]#
On Wed, Jun 23, 2021, at 5:27 AM, Bret Wortman via FreeIPA-users wrote:
> Now, this morning, I've hit the wall on this yet again.
>
> [root@ipa2c7 ~]# ipa-replica-manage list
> ipa2c7.our.net: master
> [root@ipa2c7 ~]# ipa-replica-manage list-ruv
> Directory Manager password:
>
> unable to
Now, this morning, I've hit the wall on this yet again.
[root@ipa2c7 ~]# ipa-replica-manage list
ipa2c7.our.net: master
[root@ipa2c7 ~]# ipa-replica-manage list-ruv
Directory Manager password:
unable to decode: {replica 13} 60b907570001000d 60b907570001000d
unable to decode: {replica
That worked, and I've got a CLEANALLRUV task running for the remaining RUV
between the two.
--
Bret Wortman
bret.wort...@damascusgrp.com
On Tue, Jun 22, 2021, at 1:37 PM, Rob Crittenden wrote:
> Bret Wortman via FreeIPA-users wrote:
> > I'm now trying to detach ipa2c7 from ipa1, the server
Bret Wortman via FreeIPA-users wrote:
> I'm now trying to detach ipa2c7 from ipa1, the server from which it was
> originally replicated in an attempt to use the newer replication mechanism to
> create a pair of replicas. It appears that we're both connected and
> disconnected at the same time:
I'm now trying to detach ipa2c7 from ipa1, the server from which it was
originally replicated in an attempt to use the newer replication mechanism to
create a pair of replicas. It appears that we're both connected and
disconnected at the same time:
[root@ipa2c7 ~]# ipa-replica-manage del
On Mon, Jun 21, 2021, at 11:02 AM, Bret Wortman via FreeIPA-users wrote:
> On Mon, Jun 21, 2021, at 10:55 AM, Rob Crittenden wrote:
> > Bret Wortman via FreeIPA-users wrote:
> > > On Mon, Jun 21, 2021, at 9:03 AM, Bret Wortman via FreeIPA-users wrote:
> > >> On Fri, Jun 18, 2021, at 1:32 PM, Rob
On Mon, Jun 21, 2021, at 10:55 AM, Rob Crittenden wrote:
> Bret Wortman via FreeIPA-users wrote:
> > On Mon, Jun 21, 2021, at 9:03 AM, Bret Wortman via FreeIPA-users wrote:
> >> On Fri, Jun 18, 2021, at 1:32 PM, Rob Crittenden wrote:
> >>> Awesome, glad to hear it. When you complete the migration
Bret Wortman via FreeIPA-users wrote:
> On Mon, Jun 21, 2021, at 9:03 AM, Bret Wortman via FreeIPA-users wrote:
>> On Fri, Jun 18, 2021, at 1:32 PM, Rob Crittenden wrote:
>>> Awesome, glad to hear it. When you complete the migration don't forget
>>> to move over the DNA settings, CRL generation
Bret Wortman wrote:
> On Fri, Jun 18, 2021, at 1:32 PM, Rob Crittenden wrote:
>> Awesome, glad to hear it. When you complete the migration don't forget
>> to move over the DNA settings, CRL generation and other stuff.
>
> Is this documented somewhere? I'd hate to miss a step.
On Mon, Jun 21, 2021, at 9:03 AM, Bret Wortman via FreeIPA-users wrote:
> On Fri, Jun 18, 2021, at 1:32 PM, Rob Crittenden wrote:
> > Awesome, glad to hear it. When you complete the migration don't forget
> > to move over the DNA settings, CRL generation and other stuff.
>
> Is this documented
On Fri, Jun 18, 2021, at 1:32 PM, Rob Crittenden wrote:
> Awesome, glad to hear it. When you complete the migration don't forget
> to move over the DNA settings, CRL generation and other stuff.
Is this documented somewhere? I'd hate to miss a step.
Bret
Bret Wortman wrote:
> On Thu, Jun 17, 2021, at 2:07 PM, Rob Crittenden wrote:
>> I think it will involve editing code on the C7 server.
>>
>> /usr/lib/python2.7/site-packages/ipaserver/install/replication.py
>>
>> REPLICA_CREATION_SETTINGS and REPLICA_FINAL_SETTINGS.
>>
>> Remove the
On Thu, Jun 17, 2021, at 2:07 PM, Rob Crittenden wrote:
> I think it will involve editing code on the C7 server.
>
> /usr/lib/python2.7/site-packages/ipaserver/install/replication.py
>
> REPLICA_CREATION_SETTINGS and REPLICA_FINAL_SETTINGS.
>
> Remove the nsds5ReplicaReleaseTimeout from both
Bret Wortman via FreeIPA-users wrote:
> On Thu, Jun 17, 2021, at 9:54 AM, Bret Wortman via FreeIPA-users wrote:
>> On Thu, Jun 17, 2021, at 7:15 AM, Bret Wortman via FreeIPA-users wrote:
>>> On Tue, Jun 15, 2021, at 5:47 AM, Bret Wortman via FreeIPA-users wrote:
On Mon, Jun 14, 2021, at 3:47
On Thu, Jun 17, 2021, at 9:54 AM, Bret Wortman via FreeIPA-users wrote:
> On Thu, Jun 17, 2021, at 7:15 AM, Bret Wortman via FreeIPA-users wrote:
> > On Tue, Jun 15, 2021, at 5:47 AM, Bret Wortman via FreeIPA-users wrote:
> > > On Mon, Jun 14, 2021, at 3:47 PM, Rob Crittenden wrote:
> > > > Bret
On Thu, Jun 17, 2021, at 7:15 AM, Bret Wortman via FreeIPA-users wrote:
> On Tue, Jun 15, 2021, at 5:47 AM, Bret Wortman via FreeIPA-users wrote:
> > On Mon, Jun 14, 2021, at 3:47 PM, Rob Crittenden wrote:
> > > Bret Wortman via FreeIPA-users wrote:
> > > > This appears to be the error, or at
On Tue, Jun 15, 2021, at 5:47 AM, Bret Wortman via FreeIPA-users wrote:
> On Mon, Jun 14, 2021, at 3:47 PM, Rob Crittenden wrote:
> > Bret Wortman via FreeIPA-users wrote:
> > > This appears to be the error, or at least it's the only "fatal" I could
> > > find in the stream and it's near enough
On Mon, Jun 14, 2021, at 3:47 PM, Rob Crittenden wrote:
> Bret Wortman via FreeIPA-users wrote:
> > This appears to be the error, or at least it's the only "fatal" I could
> > find in the stream and it's near enough to the end of traffic that it seems
> > likely. I'm no expert on Wireshark so
Bret Wortman via FreeIPA-users wrote:
> This appears to be the error, or at least it's the only "fatal" I could find
> in the stream and it's near enough to the end of traffic that it seems
> likely. I'm no expert on Wireshark so I'm hoping someone is willing to take a
> peek and let me know if
This appears to be the error, or at least it's the only "fatal" I could find in
the stream and it's near enough to the end of traffic that it seems likely. I'm
no expert on Wireshark so I'm hoping someone is willing to take a peek and let
me know if there's something obvious here.
On Thu, Jun 10, 2021, at 5:45 PM, Rob Crittenden wrote:
> So you've run ipa-replica-prepare and then ship that file to
> right?
Exactly.
> At some point we started re-generating the CA certs file
> (/root/cacert.p12) during preparation. Did we do this in F21? I have no
> idea.
>
> Can you use
Bret Wortman wrote:
> On Wed, Jun 9, 2021, at 2:32 PM, Rob Crittenden wrote:
>> Bret Wortman via FreeIPA-users wrote:
>>> Looks like we're missing an LDAP connection port?
>>>
>>> [09/Jun/2021:10:02:54][localhost-startStop-1]: LdapBoundConnFactory: init
>>> Property internaldb.ldapconn.port
On Wed, Jun 9, 2021, at 2:32 PM, Rob Crittenden wrote:
> Bret Wortman via FreeIPA-users wrote:
> > Looks like we're missing an LDAP connection port?
> >
> > [09/Jun/2021:10:02:54][localhost-startStop-1]: LdapBoundConnFactory: init
> > Property internaldb.ldapconn.port missing value
> >
> > Full
Bret Wortman via FreeIPA-users wrote:
> Looks like we're missing an LDAP connection port?
>
> [09/Jun/2021:10:02:54][localhost-startStop-1]: LdapBoundConnFactory: init
> Property internaldb.ldapconn.port missing value
>
> Full debug log is at
>
Looks like we're missing an LDAP connection port?
[09/Jun/2021:10:02:54][localhost-startStop-1]: LdapBoundConnFactory: init
Property internaldb.ldapconn.port missing value
Full debug log is at
https://gist.github.com/wortmanb/7782c5c0c4318c2aec17f2eea589b567
--
Bret Wortman
My misunderstanding, sorry. This is from the existing CA since that's where I
thought the problem would be. Okay, going back and looking at the debug log on
the new server to see if it's more revealing.
--
Bret Wortman
bret.wort...@damascusgrp.com
On Tue, Jun 8, 2021, at 2:27 PM, Rob
Bret Wortman via FreeIPA-users wrote:
> I was tailing several logs in /var/log/pki/pki-tomcat/ca/ (debug, system, and
> transactions) and though the replica installation failed again at the same
> point, this is what I got from the logs throughout the installation process:
This doesn't seem to
I was tailing several logs in /var/log/pki/pki-tomcat/ca/ (debug, system, and
transactions) and though the replica installation failed again at the same
point, this is what I got from the logs throughout the installation process:
[08/Jun/2021:06:35:45][ajp-bio-127.0.0.1-8009-exec-2]:
You were absolutely correct, the flag worked, and the config-show did not show
a CRL server at all.
I'll dig into the ca logs next.
--
Bret Wortman
bret.wort...@damascusgrp.com
On Mon, Jun 7, 2021, at 11:07 AM, Rob Crittenden wrote:
> Bret Wortman wrote:
> > I cleaned up the contents of
Bret Wortman wrote:
> I cleaned up the contents of our ldap manually, re-created the replica file,
> and got a lot further than we have before but ipa-replica-install still
> failed as below:
>
> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
> [1/30]: configuring
I cleaned up the contents of our ldap manually, re-created the replica file,
and got a lot further than we have before but ipa-replica-install still failed
as below:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/30]: configuring certificate server instance
Bret Wortman wrote:
> I tried using ipa-backup but it keeps aborting claiming there's not enough
> space on the target device but nothing even comes close to 100% usage. Is
> there another way to export to LDIF?
>
>
You can call db2ldif directly with:
# systemctl stop dirsrv.target
# dsctl
I tried using ipa-backup but it keeps aborting claiming there's not enough
space on the target device but nothing even comes close to 100% usage. Is there
another way to export to LDIF?
--
Bret Wortman
bret.wort...@damascusgrp.com
On Fri, Jun 4, 2021, at 9:01 AM, Rob Crittenden wrote:
>
Bret Wortman wrote:
> So I started removing ipa2c7 this morning but am not getting very far...
>
> [root@ipa1 httpd]# ipa-replica-manage del ipa2c7.our.net --force
> Connection to 'ipa2c7.our.net' failed:
> Forcing removal of ipa2c7.our.net
> Skipping calculation to determine if one or more
So I started removing ipa2c7 this morning but am not getting very far...
[root@ipa1 httpd]# ipa-replica-manage del ipa2c7.our.net --force
Connection to 'ipa2c7.our.net' failed:
Forcing removal of ipa2c7.our.net
Skipping calculation to determine if one or more masters would be orphaned.
Deleting
Bret Wortman via FreeIPA-users wrote:
> I'm trying to update our IPA servers to newer OSes and IPA versions. What
> I've done so far:
>
> 1. run "ipa-replica-prepare" on the original main server, ipa1.
> 2. Copied the resulting file to ipa1c7.
> 3. Tried to import that file via
39 matches
Mail list logo
