[Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
Hi, I'm trying to install some new IPA replicas but getting this installation error: -- ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py' ipa : DEBUGds group dirsrv exists ipa : DEBUGSaving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script return_value = main_function() File /usr/sbin/ipa-replica-install, line 458, in main if replman and replman.conn: ipa : INFO The ipa-replica-install command failed, exception: UnboundLocalError: local variable 'replman' referenced before assignment Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Unexpected error - see /var/log/ipareplica-install.log for details: UnboundLocalError: local variable 'replman' referenced before assignment -- These are the relevant lines in ipa-replica-install: -- except errors.NotFound: pass if found: sys.exit(3) except errors.ACIError: sys.exit(\nThe password provided is incorrect for LDAP server %s % config.master_host_name) except errors.LDAPError: sys.exit(\nUnable to connect to LDAP server %s % config.master_host_name) finally: if conn and conn.isconnected(): conn.disconnect() if replman and replman.conn: replman.conn.unbind_s() -- This is on a freshly installed and updated CentOS release 6.5 (Final) box running 2.6.32-431.20.3.el6.x86_64 kernel, SELinux disabled and with the following IPA packages: ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64 ipa-admintools-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 libipa_hbac-python-1.9.2-129.el6_5.4.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-1.9.2-129.el6_5.4.x86_64 ipa-server-3.0.0-37.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch Any help/ideas much appreciated. Regards, Suhail Choudhury. DevOps | Recommendations Team | BSkyB Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
FYI, These are IPA replicas being re-added. I removing these replman lines in the installer script: # Try out the password ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=config.dirman_password, tls_cacertfile=CACERT) replman = ReplicationManager(config.realm_name, config.master_host_name, config.dirman_password) found = False try: entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn)) print The host %s already exists on the master server.\nYou should remove it before proceeding: % host print %% ipa host-del %s % host found = True except errors.NotFound: pass try: (agreement_cn, agreement_dn) = replman.agreement_dn(host) entry = conn.get_entry(agreement_dn, ['*']) print A replication agreement for this host already exists. It needs to be removed. Run this on the master that generated the info file: print %% ipa-replica-manage del %s --force % host found = True except errors.NotFound: pass if found: sys.exit(3) except errors.ACIError: sys.exit(\nThe password provided is incorrect for LDAP server %s % config.master_host_name) except errors.LDAPError: sys.exit(\nUnable to connect to LDAP server %s % config.master_host_name) finally: if conn and conn.isconnected(): conn.disconnect() if replman and replman.conn: replman.conn.unbind_s() and then ran the install again but it is now failing on: ipa : DEBUGstderr= ipa : DEBUGwait_for_open_ports: localhost [9180, 9443, 9444] timeout 120 ipa : INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script return_value = main_function() File /usr/sbin/ipa-replica-install, line 433, in main install_dns_records(config, options) File /usr/sbin/ipa-replica-install, line 251, in install_dns_records dm_password=config.dirman_password): File /usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py, line 192, in dns_container_exists raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn) ipa : INFO The ipa-replica-install command failed, exception: RuntimeError: LDAP server on ipabox1.domain.com is not responding. Is IPA installed? Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. LDAP server on ipabox1.domain.com is not responding. Is IPA installed? However LDAP ports on the IPA master are working and accessible(checked using telnet and ldapsearch). Regards, Suhail Choudhury. DevOps | Recommendations Team | BSkyB From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Choudhury, Suhail [suhail.choudh...@bskyb.com] Sent: 15 July 2014 10:52 To: freeipa-users@redhat.com Subject: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment Hi, I'm trying to install some new IPA replicas but getting this installation error: -- ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/rename_managed.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/update_services.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py' ipa : DEBUGimporting plugin module '/usr/lib/python2.6/site-packages/ipaserver/install/plugins/upload_cacrt.py' ipa : DEBUGds group dirsrv exists ipa : DEBUGSaving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script
Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
On 07/15/2014 04:25 PM, Choudhury, Suhail wrote: Hi Petr, Yes definitely using IPA 3.0 packages as per the package details provided earlier. Ah, I see. This was reverted in a patch for EL6. Sorry for doubting you. To get rid of the error, since you're not afraid to modify code, you can follow the instruction inline: The following code is present in the replica installer script: # Try out the password ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) Here, insert the line: replman = None try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=config.dirman_password, tls_cacertfile=CACERT) replman = ReplicationManager(config.realm_name, config.master_host_name, config.dirman_password) found = False try: entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn)) print The host %s already exists on the master server.\nYou should remove it before proceeding: % host print %% ipa host-del %s % host found = True except errors.NotFound: pass try: (agreement_cn, agreement_dn) = replman.agreement_dn(host) entry = conn.get_entry(agreement_dn, ['*']) print A replication agreement for this host already exists. It needs to be removed. Run this on the master that generated the info file: print %% ipa-replica-manage del %s --force % host found = True except errors.NotFound: pass if found: sys.exit(3) except errors.ACIError: sys.exit(\nThe password provided is incorrect for LDAP server %s % config.master_host_name) except errors.LDAPError: sys.exit(\nUnable to connect to LDAP server %s % config.master_host_name) finally: if conn and conn.isconnected(): conn.disconnect() if replman and replman.conn: replman.conn.unbind_s() The background to this problem is that we have 6 x IPA servers, 2 each in 3 x DCs. In one DC we had a problem with storage which messed up the 2 IPAs, 1 of which was the master from which replicas were originally taken. After promoting a good IPA box in another DC(as per http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html) I cannot now create new replicas to replace the two which were messed up. But when trying to install them I am getting the error UnboundLocalError: local variable 'replman' referenced before assignment. Fixing the UnboundLocalError will reveal the real problem. If you get LDAP server on ipabox1.domain.com is not responding. again, please check if the server is really unreachable, using: ldapsearch -x -s one -b cn=schema -h ipabox1.domain.com Regards, Suhail Choudhury. DevOps | Recommendations Team | BSkyB From: Petr Viktorin [pvikt...@redhat.com] Sent: 15 July 2014 14:59 To: freeipa-users@redhat.com; Choudhury, Suhail Subject: Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment You say you are using the IPA 3.0 packages. Are you sure? The UnboundLocalError should have been fixed in IPA 3.0.0 (as a side effect of fixing https://fedorahosted.org/freeipa/ticket/2845 ) I checked the CentOS 3.5 srpm, and the fix is there. Yet it is missing from the source you quote below. On 07/15/2014 03:25 PM, Choudhury, Suhail wrote: FYI, These are IPA replicas being re-added. I removing these replman lines in the installer script: What do you mean by Removing the replman lines? Is this quote from before or after you removed them? # Try out the password ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=config.dirman_password, tls_cacertfile=CACERT) replman = ReplicationManager(config.realm_name, config.master_host_name, config.dirman_password) found = False try: entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn)) print The host %s already
Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment
Okay tried that Petr, but yes still getting the LDAP connection error: return_value = main_function() File /usr/sbin/ipa-replica-install, line 431, in main tls_cacertfile=CACERT) File /usr/lib/python2.6/site-packages/ipalib/backend.py, line 63, in connect conn = self.create_connection(*args, **kw) File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 846, in create_connection self.handle_errors(e) File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 736, in handle_errors error=u'LDAP Server Down') ipa : INFO The ipa-replica-install command failed, exception: NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Unexpected error - see /var/log/ipareplica-install.log for details: NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down Running the LDAP query directly is successful: [root@recsds3 ~]# ldapsearch -x -s one -b cn=schema -h ipa01.domain.com # extended LDIF # # LDAPv3 # base cn=schema with scope oneLevel # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 Is there an exhaustive list of ports(TCP/UDP) required for IPA replica setup? I just successfully created an IPA replica by connecting to another IPA master so it perhaps it is a specific port that is required that is not apparent? Regards, Suhail Choudhury. DevOps | Recommendations Team | BSkyB From: Petr Viktorin [pvikt...@redhat.com] Sent: 15 July 2014 15:52 To: Choudhury, Suhail; freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError: local variable 'replman' referenced before assignment On 07/15/2014 04:25 PM, Choudhury, Suhail wrote: Hi Petr, Yes definitely using IPA 3.0 packages as per the package details provided earlier. Ah, I see. This was reverted in a patch for EL6. Sorry for doubting you. To get rid of the error, since you're not afraid to modify code, you can follow the instruction inline: The following code is present in the replica installer script: # Try out the password ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) Here, insert the line: replman = None try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=config.dirman_password, tls_cacertfile=CACERT) replman = ReplicationManager(config.realm_name, config.master_host_name, config.dirman_password) found = False try: entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn)) print The host %s already exists on the master server.\nYou should remove it before proceeding: % host print %% ipa host-del %s % host found = True except errors.NotFound: pass try: (agreement_cn, agreement_dn) = replman.agreement_dn(host) entry = conn.get_entry(agreement_dn, ['*']) print A replication agreement for this host already exists. It needs to be removed. Run this on the master that generated the info file: print %% ipa-replica-manage del %s --force % host found = True except errors.NotFound: pass if found: sys.exit(3) except errors.ACIError: sys.exit(\nThe password provided is incorrect for LDAP server %s % config.master_host_name) except errors.LDAPError: sys.exit(\nUnable to connect to LDAP server %s % config.master_host_name) finally: if conn and conn.isconnected(): conn.disconnect() if replman and replman.conn: replman.conn.unbind_s() The background to this problem is that we have 6 x IPA servers, 2 each in 3 x DCs. In one DC we had a problem with storage