Re: [Freeipa-users] Replica install problem
On 02/24/2012 03:23 PM, Dan Scott wrote:
On Fri, Feb 24, 2012 at 15:47, Rich Megginson wrote:
On 02/24/2012 09:45 AM, Dan Scott wrote:
Hi,
I have another replica install problem.
I ran into some issues a couple of weeks ago when
389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
sure I have some good replicas before I go any further.
I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing
OK, this seems to be working well. I'll run it for a few days and then
I'll think about updating the server which is running the old version.
I'm trying to create a new replica from a fresh install so that I have
a new master and can wipe and re-install the old master.
When I try to create the replica, I receive the following:
Configuring directory server: Estimated time 1 minute
[1/29]: creating directory server user
[2/29]: creating directory server instance
[3/29]: adding default schema
[4/29]: enabling memberof plugin
[5/29]: enabling referential integrity plugin
[6/29]: enabling winsync plugin
[7/29]: configuring replication version plugin
[8/29]: enabling IPA enrollment plugin
[9/29]: enabling ldapi
[10/29]: configuring uniqueness plugin
[11/29]: configuring uuid plugin
[12/29]: configuring modrdn plugin
[13/29]: enabling entryUSN plugin
[14/29]: configuring lockout plugin
[15/29]: creating indices
[16/29]: configuring ssl for ds instance
[17/29]: configuring certmap.conf
[18/29]: configure autobind for root
[19/29]: configure new location for managed entries
[20/29]: restarting directory server
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[22/29]: adding replication acis
root: CRITICAL Failed to load replica-acis.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z
-x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit
status 255
[23/29]: setting Auto Member configuration
root: CRITICAL Failed to load replica-automember.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X
-x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit
status 255
[24/29]: initializing group membership
root: CRITICAL Failed to load memberof-task.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5
-x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit
status 255
creation of replica failed: {'desc': "Can't contact LDAP server"}
Your system may be partly configured.
The /var/log/ipareplica-install.log contains the following:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
(once for each of the 3 critical errors above). So I guess there's a
problem (re)starting LDAP, or it crashes?
Looks like a crash.
The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are:
[24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was
84028 and is now 800
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
This means it crashed.
[24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment
[24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will
not take effect until the server is restarted
[24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute
"nsslapd-security"
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation
threads
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1
thread to terminate
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down
internal subsystems and plugins
[24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop
[24/Feb/2012:10:30:13 -0500] - All database threads now stopped
[24/Feb/2012:10:30:13 -0500] - slapd stopped.
[24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher AES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES
successfully genera
Re: [Freeipa-users] Replica install problem
On Fri, Feb 24, 2012 at 15:47, Rich Megginson wrote:
> On 02/24/2012 09:45 AM, Dan Scott wrote:
>>
>> Hi,
>>
>> I have another replica install problem.
>>
>> I ran into some issues a couple of weeks ago when
>> 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
>> is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
>> sure I have some good replicas before I go any further.
>
> I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing
OK, this seems to be working well. I'll run it for a few days and then
I'll think about updating the server which is running the old version.
>> I'm trying to create a new replica from a fresh install so that I have
>> a new master and can wipe and re-install the old master.
>>
>> When I try to create the replica, I receive the following:
>>
>> Configuring directory server: Estimated time 1 minute
>> [1/29]: creating directory server user
>> [2/29]: creating directory server instance
>> [3/29]: adding default schema
>> [4/29]: enabling memberof plugin
>> [5/29]: enabling referential integrity plugin
>> [6/29]: enabling winsync plugin
>> [7/29]: configuring replication version plugin
>> [8/29]: enabling IPA enrollment plugin
>> [9/29]: enabling ldapi
>> [10/29]: configuring uniqueness plugin
>> [11/29]: configuring uuid plugin
>> [12/29]: configuring modrdn plugin
>> [13/29]: enabling entryUSN plugin
>> [14/29]: configuring lockout plugin
>> [15/29]: creating indices
>> [16/29]: configuring ssl for ds instance
>> [17/29]: configuring certmap.conf
>> [18/29]: configure autobind for root
>> [19/29]: configure new location for managed entries
>> [20/29]: restarting directory server
>> [21/29]: setting up initial replication
>> Starting replication, please wait until this has completed.
>> Update in progress
>> Update in progress
>> Update in progress
>> Update in progress
>> Update succeeded
>> [22/29]: adding replication acis
>> root : CRITICAL Failed to load replica-acis.ldif: Command
>> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z
>> -x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit
>> status 255
>> [23/29]: setting Auto Member configuration
>> root : CRITICAL Failed to load replica-automember.ldif: Command
>> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X
>> -x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit
>> status 255
>> [24/29]: initializing group membership
>> root : CRITICAL Failed to load memberof-task.ldif: Command
>> '/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5
>> -x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit
>> status 255
>> creation of replica failed: {'desc': "Can't contact LDAP server"}
>>
>> Your system may be partly configured.
>>
>> The /var/log/ipareplica-install.log contains the following:
>>
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>
>> (once for each of the 3 critical errors above). So I guess there's a
>> problem (re)starting LDAP, or it crashes?
>
> Looks like a crash.
>
>> The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are:
>>
>> [24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with
>> nsslapd-db-private-import-mem on; No other process is allowed to
>> access the database
>> [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
>> Processed 1 entries in 1 seconds. (1.00 entries/sec)
>> [24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
>> Processed 1 entries in 1 seconds. (1.00 entries/sec)
>> [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
>> starting up
>> [24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was
>> 84028 and is now 800
>> [24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
>> starting up
>> [24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time
>> Directory Server was running, recovering database.
>
> This means it crashed.
>
>> [24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment
>> [24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will
>> not take effect until the server is restarted
>> [24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute
>> "nsslapd-security"
>> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation
>> threads
>> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1
>> thread to terminate
>> [24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down
>> internal subsystems and plugins
>> [24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop
>> [24/Feb/2012:10:30:13 -0500] - All database threads now stopped
>> [24/Feb/2012:10:30:13 -0500] - slapd stopped.
>> [24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc
Re: [Freeipa-users] Replica install problem
On 02/24/2012 09:45 AM, Dan Scott wrote:
Hi,
I have another replica install problem.
I ran into some issues a couple of weeks ago when
389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
sure I have some good replicas before I go any further.
I suggest using 389-ds-base-1.2.10.2-1.fc16.x86_64 now in updates-testing
I'm trying to create a new replica from a fresh install so that I have
a new master and can wipe and re-install the old master.
When I try to create the replica, I receive the following:
Configuring directory server: Estimated time 1 minute
[1/29]: creating directory server user
[2/29]: creating directory server instance
[3/29]: adding default schema
[4/29]: enabling memberof plugin
[5/29]: enabling referential integrity plugin
[6/29]: enabling winsync plugin
[7/29]: configuring replication version plugin
[8/29]: enabling IPA enrollment plugin
[9/29]: enabling ldapi
[10/29]: configuring uniqueness plugin
[11/29]: configuring uuid plugin
[12/29]: configuring modrdn plugin
[13/29]: enabling entryUSN plugin
[14/29]: configuring lockout plugin
[15/29]: creating indices
[16/29]: configuring ssl for ds instance
[17/29]: configuring certmap.conf
[18/29]: configure autobind for root
[19/29]: configure new location for managed entries
[20/29]: restarting directory server
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[22/29]: adding replication acis
root: CRITICAL Failed to load replica-acis.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z
-x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit
status 255
[23/29]: setting Auto Member configuration
root: CRITICAL Failed to load replica-automember.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X
-x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit
status 255
[24/29]: initializing group membership
root: CRITICAL Failed to load memberof-task.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5
-x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit
status 255
creation of replica failed: {'desc': "Can't contact LDAP server"}
Your system may be partly configured.
The /var/log/ipareplica-install.log contains the following:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
(once for each of the 3 critical errors above). So I guess there's a
problem (re)starting LDAP, or it crashes?
Looks like a crash.
The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are:
[24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was
84028 and is now 800
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
This means it crashed.
[24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment
[24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will
not take effect until the server is restarted
[24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute
"nsslapd-security"
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation threads
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1
thread to terminate
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down
internal subsystems and plugins
[24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop
[24/Feb/2012:10:30:13 -0500] - All database threads now stopped
[24/Feb/2012:10:30:13 -0500] - slapd stopped.
[24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher AES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES
successfully generated and stored
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher 3DES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher 3DES
successfully generated and stored
[24
[Freeipa-users] Replica install problem
Hi,
I have another replica install problem.
I ran into some issues a couple of weeks ago when
389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 was released. My master server
is running 389-ds-base-1.2.10-0.6.a6.fc16.x86_64 and I'd like to make
sure I have some good replicas before I go any further.
I'm trying to create a new replica from a fresh install so that I have
a new master and can wipe and re-install the old master.
When I try to create the replica, I receive the following:
Configuring directory server: Estimated time 1 minute
[1/29]: creating directory server user
[2/29]: creating directory server instance
[3/29]: adding default schema
[4/29]: enabling memberof plugin
[5/29]: enabling referential integrity plugin
[6/29]: enabling winsync plugin
[7/29]: configuring replication version plugin
[8/29]: enabling IPA enrollment plugin
[9/29]: enabling ldapi
[10/29]: configuring uniqueness plugin
[11/29]: configuring uuid plugin
[12/29]: configuring modrdn plugin
[13/29]: enabling entryUSN plugin
[14/29]: configuring lockout plugin
[15/29]: creating indices
[16/29]: configuring ssl for ds instance
[17/29]: configuring certmap.conf
[18/29]: configure autobind for root
[19/29]: configure new location for managed entries
[20/29]: restarting directory server
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[22/29]: adding replication acis
root: CRITICAL Failed to load replica-acis.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp6_sd0Z
-x -D cn=Directory Manager -y /tmp/tmp9_IlSZ' returned non-zero exit
status 255
[23/29]: setting Auto Member configuration
root: CRITICAL Failed to load replica-automember.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmpr1oE3X
-x -D cn=Directory Manager -y /tmp/tmpmgvTdj' returned non-zero exit
status 255
[24/29]: initializing group membership
root: CRITICAL Failed to load memberof-task.ldif: Command
'/usr/bin/ldapmodify -h fileserver4.example.com -v -f /tmp/tmp5MDKm5
-x -D cn=Directory Manager -y /tmp/tmpgj0hdk' returned non-zero exit
status 255
creation of replica failed: {'desc': "Can't contact LDAP server"}
Your system may be partly configured.
The /var/log/ipareplica-install.log contains the following:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
(once for each of the 3 critical errors above). So I guess there's a
problem (re)starting LDAP, or it crashes?
The 'interesting' lines from /var/log/dirsrv/slapd-EXAMPLE-COM/errors are:
[24/Feb/2012:10:29:53 -0500] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:54 -0500] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - I'm resizing my cache now...cache was
84028 and is now 800
[24/Feb/2012:10:29:58 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:29:58 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[24/Feb/2012:10:29:58 -0500] - libdb: unable to join the environment
[24/Feb/2012:10:29:59 -0500] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[24/Feb/2012:10:29:59 -0500] - The change of nsslapd-ldapilisten will
not take effect until the server is restarted
[24/Feb/2012:10:30:12 -0500] - Warning: Adding configuration attribute
"nsslapd-security"
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - signaling operation threads
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - waiting for 1
thread to terminate
[24/Feb/2012:10:30:13 -0500] - slapd shutting down - closing down
internal subsystems and plugins
[24/Feb/2012:10:30:13 -0500] - Waiting for 4 database threads to stop
[24/Feb/2012:10:30:13 -0500] - All database threads now stopped
[24/Feb/2012:10:30:13 -0500] - slapd stopped.
[24/Feb/2012:10:30:14 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
starting up
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher AES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher AES
successfully generated and stored
[24/Feb/2012:10:30:14 -0500] attrcrypt - No symmetric key found for
cipher 3DES in backend userRoot, attempting to create one...
[24/Feb/2012:10:30:14 -0500] attrcrypt - Key for cipher 3DES
successfully generated and stored
[24/Feb/2012:10:30:14 -0500] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[24/Feb/2012:10:30:14 -0500] - Listening on All Interfaces port 636
for LDAPS requests
[24
