[Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
Hi, I'm trying to install some new IPA replicas but getting this installation error: -- ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py' ipa : DEBUGds group dirsrv exists ipa : DEBUGSaving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script return_value = main_function() File /usr/sbin/ipa-replica-install, line 458, in main if replman and replman.conn: ipa : INFO The ipa-replica-install command failed, exception: UnboundLocalError: local variable 'replman' referenced before assignment Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Unexpected error - see /var/log/ipareplica-install.log for details: UnboundLocalError: local variable 'replman' referenced before assignment -- These are the relevant lines in ipa-replica-install: -- except errors.NotFound: pass if found: sys.exit(3) except errors.ACIError: sys.exit(\nThe password provided is incorrect for LDAP server %s % config.master_host_name) except errors.LDAPError: sys.exit(\nUnable to connect to LDAP server %s % config.master_host_name) finally: if conn and conn.isconnected(): conn.disconnect() if replman and replman.conn: replman.conn.unbind_s() -- This is on a freshly installed and updated CentOS release 6.5 (Final) box running 2.6.32-431.20.3.el6.x86_64 kernel, SELinux disabled and with the following IPA packages: ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64 ipa-admintools-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 libipa_hbac-python-1.9.2-129.el6_5.4.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-1.9.2-129.el6_5.4.x86_64 ipa-server-3.0.0-37.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch Any help/ideas much appreciated. Regards, Suhail Choudhury. DevOps | Recommendations Team | BSkyB Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
FYI,
These are IPA replicas being re-added.
I removing these replman lines in the installer script:
# Try out the password
ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=config.dirman_password,
tls_cacertfile=CACERT)
replman = ReplicationManager(config.realm_name, config.master_host_name,
config.dirman_password)
found = False
try:
entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'],
DN(api.env.container_host, api.env.basedn))
print The host %s already exists on the master server.\nYou should
remove it before proceeding: % host
print %% ipa host-del %s % host
found = True
except errors.NotFound:
pass
try:
(agreement_cn, agreement_dn) = replman.agreement_dn(host)
entry = conn.get_entry(agreement_dn, ['*'])
print A replication agreement for this host already exists. It
needs to be removed. Run this on the master that generated the info file:
print %% ipa-replica-manage del %s --force % host
found = True
except errors.NotFound:
pass
if found:
sys.exit(3)
except errors.ACIError:
sys.exit(\nThe password provided is incorrect for LDAP server %s %
config.master_host_name)
except errors.LDAPError:
sys.exit(\nUnable to connect to LDAP server %s %
config.master_host_name)
finally:
if conn and conn.isconnected():
conn.disconnect()
if replman and replman.conn:
replman.conn.unbind_s()
and then ran the install again but it is now failing on:
ipa : DEBUGstderr=
ipa : DEBUGwait_for_open_ports: localhost [9180, 9443, 9444]
timeout 120
ipa : INFO File
/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614,
in run_script
return_value = main_function()
File /usr/sbin/ipa-replica-install, line 433, in main
install_dns_records(config, options)
File /usr/sbin/ipa-replica-install, line 251, in install_dns_records
dm_password=config.dirman_password):
File /usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py,
line 192, in dns_container_exists
raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?'
% fqdn)
ipa : INFO The ipa-replica-install command failed, exception:
RuntimeError: LDAP server on ipabox1.domain.com is not responding. Is IPA
installed?
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP server on ipabox1.domain.com is not responding. Is IPA installed?
However LDAP ports on the IPA master are working and accessible(checked using
telnet and ldapsearch).
Regards,
Suhail Choudhury.
DevOps | Recommendations Team | BSkyB
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Choudhury, Suhail [suhail.choudh...@bskyb.com]
Sent: 15 July 2014 10:52
To: freeipa-users@redhat.com
Subject: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError:
local variable 'replman' referenced before assignment
Hi,
I'm trying to install some new IPA replicas but getting this installation error:
--
ipa : DEBUGimporting plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py'
ipa : DEBUGimporting plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py'
ipa : DEBUGimporting plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py'
ipa : DEBUGimporting plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py'
ipa : DEBUGimporting plugin module
'/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py'
ipa : DEBUGds group dirsrv exists
ipa : DEBUGSaving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
ipa : INFO File
/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614,
in run_script
Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
On 07/15/2014 04:25 PM, Choudhury, Suhail wrote:
Hi Petr,
Yes definitely using IPA 3.0 packages as per the package details provided
earlier.
Ah, I see. This was reverted in a patch for EL6. Sorry for doubting you.
To get rid of the error, since you're not afraid to modify code, you can
follow the instruction inline:
The following code is present in the replica installer script:
# Try out the password
ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
Here, insert the line:
replman = None
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=config.dirman_password,
tls_cacertfile=CACERT)
replman = ReplicationManager(config.realm_name,
config.master_host_name,
config.dirman_password)
found = False
try:
entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'],
DN(api.env.container_host, api.env.basedn))
print The host %s already exists on the master server.\nYou should
remove it before proceeding: % host
print %% ipa host-del %s % host
found = True
except errors.NotFound:
pass
try:
(agreement_cn, agreement_dn) = replman.agreement_dn(host)
entry = conn.get_entry(agreement_dn, ['*'])
print A replication agreement for this host already exists. It needs
to be removed. Run this on the master that generated the info file:
print %% ipa-replica-manage del %s --force % host
found = True
except errors.NotFound:
pass
if found:
sys.exit(3)
except errors.ACIError:
sys.exit(\nThe password provided is incorrect for LDAP server %s %
config.master_host_name)
except errors.LDAPError:
sys.exit(\nUnable to connect to LDAP server %s %
config.master_host_name)
finally:
if conn and conn.isconnected():
conn.disconnect()
if replman and replman.conn:
replman.conn.unbind_s()
The background to this problem is that we have 6 x IPA servers, 2 each in 3 x
DCs.
In one DC we had a problem with storage which messed up the 2 IPAs, 1 of which
was the master from which replicas were originally taken.
After promoting a good IPA box in another DC(as per
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html)
I cannot now create new replicas to replace the two which were messed up.
But when trying to install them I am getting the error UnboundLocalError: local
variable 'replman' referenced before assignment.
Fixing the UnboundLocalError will reveal the real problem.
If you get LDAP server on ipabox1.domain.com is not responding. again,
please check if the server is really unreachable, using:
ldapsearch -x -s one -b cn=schema -h ipabox1.domain.com
Regards,
Suhail Choudhury.
DevOps | Recommendations Team | BSkyB
From: Petr Viktorin [pvikt...@redhat.com]
Sent: 15 July 2014 14:59
To: freeipa-users@redhat.com; Choudhury, Suhail
Subject: Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError:
local variable 'replman' referenced before assignment
You say you are using the IPA 3.0 packages. Are you sure?
The UnboundLocalError should have been fixed in IPA 3.0.0 (as a side
effect of fixing https://fedorahosted.org/freeipa/ticket/2845 )
I checked the CentOS 3.5 srpm, and the fix is there. Yet it is missing
from the source you quote below.
On 07/15/2014 03:25 PM, Choudhury, Suhail wrote:
FYI,
These are IPA replicas being re-added.
I removing these replman lines in the installer script:
What do you mean by Removing the replman lines? Is this quote from
before or after you removed them?
# Try out the password
ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=config.dirman_password,
tls_cacertfile=CACERT)
replman = ReplicationManager(config.realm_name,
config.master_host_name,
config.dirman_password)
found = False
try:
entry = conn.find_entries(u'fqdn=%s' % host, ['dn',
'fqdn'], DN(api.env.container_host, api.env.basedn))
print The host %s already
Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
Okay tried that Petr, but yes still getting the LDAP connection error:
return_value = main_function()
File /usr/sbin/ipa-replica-install, line 431, in main
tls_cacertfile=CACERT)
File /usr/lib/python2.6/site-packages/ipalib/backend.py, line 63, in connect
conn = self.create_connection(*args, **kw)
File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 846,
in create_connection
self.handle_errors(e)
File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 736,
in handle_errors
error=u'LDAP Server Down')
ipa : INFO The ipa-replica-install command failed, exception:
NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Unexpected error - see /var/log/ipareplica-install.log for details:
NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down
Running the LDAP query directly is successful:
[root@recsds3 ~]# ldapsearch -x -s one -b cn=schema -h ipa01.domain.com
# extended LDIF
#
# LDAPv3
# base cn=schema with scope oneLevel
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
Is there an exhaustive list of ports(TCP/UDP) required for IPA replica setup? I
just successfully created an IPA replica by connecting to another IPA master so
it perhaps it is a specific port that is required that is not apparent?
Regards,
Suhail Choudhury.
DevOps | Recommendations Team | BSkyB
From: Petr Viktorin [pvikt...@redhat.com]
Sent: 15 July 2014 15:52
To: Choudhury, Suhail; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA Replica Install Failing with
UnboundLocalError: local variable 'replman' referenced before assignment
On 07/15/2014 04:25 PM, Choudhury, Suhail wrote:
Hi Petr,
Yes definitely using IPA 3.0 packages as per the package details provided
earlier.
Ah, I see. This was reverted in a patch for EL6. Sorry for doubting you.
To get rid of the error, since you're not afraid to modify code, you can
follow the instruction inline:
The following code is present in the replica installer script:
# Try out the password
ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
Here, insert the line:
replman = None
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=config.dirman_password,
tls_cacertfile=CACERT)
replman = ReplicationManager(config.realm_name,
config.master_host_name,
config.dirman_password)
found = False
try:
entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'],
DN(api.env.container_host, api.env.basedn))
print The host %s already exists on the master server.\nYou
should remove it before proceeding: % host
print %% ipa host-del %s % host
found = True
except errors.NotFound:
pass
try:
(agreement_cn, agreement_dn) = replman.agreement_dn(host)
entry = conn.get_entry(agreement_dn, ['*'])
print A replication agreement for this host already exists. It
needs to be removed. Run this on the master that generated the info file:
print %% ipa-replica-manage del %s --force % host
found = True
except errors.NotFound:
pass
if found:
sys.exit(3)
except errors.ACIError:
sys.exit(\nThe password provided is incorrect for LDAP server %s %
config.master_host_name)
except errors.LDAPError:
sys.exit(\nUnable to connect to LDAP server %s %
config.master_host_name)
finally:
if conn and conn.isconnected():
conn.disconnect()
if replman and replman.conn:
replman.conn.unbind_s()
The background to this problem is that we have 6 x IPA servers, 2 each in 3 x
DCs.
In one DC we had a problem with storage
